MailGuard Blog

Earlier this year, I wrote about the need for Australian businesses to step up their efforts in defending themselves from Business Email Compromise (BEC) attacks.

Shady and shifty or just another regular Jo? Much like Ted Bundy was considered a charismatic guy, you can never be too sure of the biggest personnel threats to your organisation. Don’t we always see in the news that it’s Susan the lovely office manager who seems to be the one channeling company funds into her own accounts? 

Released last week, Gemalto’s Breach Level Index found that over 4.5 billion data records were breached in the first half of this year - up 1,751% from the same time last year. That translates to 291 data records being breached per second in the first half of 2018.

What is cybersecurity?
If you walked around your office and asked people that question, what sort of answers do you think, you’d get?

The image many businesspeople have of cybercrime is a teenager with a grubby hoody hunched over a laptop hammering code into a flickering screen that’s like something out of The Matrix. The imaginary teen finds a backdoor into a bank’s server admin page, and typing like fury beats the computer in a showdown of quick-draw typing.

If you’ve seen this email in your inbox, best to delete it immediately. It’s a new scam using forged QuickBooks branding to try and trick people into clicking through to a malicious website.

MailGuard has detected multiple variants of this attack, using different company names and sender address domains.

There has been a 2500% increase in the sale of cybercrime kits on the dark-web since 2016, said Angus Taylor MP, Australian Minister for Law Enforcement and Cyber Security in a recent interview.
Taylor expressed his concern about this surge in online criminal activity. He noted that there has been “a high take-up of digital technologies” by Australian companies, but about 30% of smaller companies have inadequate cybersecurity measures in place. 

This week the SMH reported the story of the small business owner who lost AU$10,000 in an email fraud attack.

“Small business owner Phoebe Bell believes scammers were watching her emails "for months" before they swiped $10,000 from her homewares operation, Sage & Clare,” the SMH reports.

Claire, an intern at a small legal firm, sits down at her desk after getting back from a hasty, late lunch. She gulps her coffee and flicks open her email inbox: 37 new messages. She rubs her temples and begins to work her way through the backlog that piled up during her 15-minute lunch break.

The term “imitation game” comes from a paper Alan Turing wrote in 1960 called Computing Machinery and Intelligence. Turing posed the question "Are there imaginable digital computers which would do well in the imitation game?"
While machines are now beginning to answer Turing’s question in the affirmative, the most dangerous copycats in the cyber-world are still humans.

MailGuard has detected a new phishing attack exploiting the trademarks of the Law Council of Australia, Office 365, Yahoo, GoDaddy, Hotmail, AOL, The Law Institute of Victoria, and many others.

This phishing attack is aimed at collecting the login names and passwords of victims.

Does defeating cybercriminals mean we need to try thinking like they do?

The kind of people who commit cybercrime aren’t CEO material. They aren’t even necessarily the I.T. whiz or hacker type; cybercrime doesn’t require a serious technical skill set. The crooks behind online fraud attacks are using technology, certainly, but they are consumers, not experts.

You have your solicitor look over contracts before they’re signed.
Your accountant examines your books to find any irregularities.
There are checks and balances in place to monitor purchases, invoicing, payroll and transactions of every kind.
You’re confident that your company’s financial integrity is well protected, but what about the online realm?

Every day, cyber criminals are dreaming up new get-rich-quick schemes. Whether impersonating a popular brand on Facebook, offering bulk followers on Instagram, or trying to deceive a well-meaning accounts worker, it’s hard to escape opportunistic scammers.

Digital information is not only easy to store but also to share. Companies must decide what information is valuable and must be kept secret, and how best to do so.

It's not uncommon to hear of high profile companies experiencing data security breaches in recent times. These events not only bring into question the company's credibility and reliability but can expose a business to unnecessary costs and have lengthy and devastating legal ramifications.