As the Christmas holiday season approaches, many of us are planning festive celebrations, shopping for loved ones, and looking forward to well-deserved breaks. However, it’s also a time when cybercriminals ramp up their activities, taking advantage of busy online traffic and the seasonal increase in digital transactions. This Christmas, make cybersecurity a priority by fortifying your online accounts with Multi-Factor Authentication (MFA) to keep your personal information safe. Why MFA is Essential for Your Cybersecurity In today’s rapidly evolving digital landscape, cyber threats are ever-present, and recent headlines about online scams and data breaches highlight just how vulnerable personal information can be. In Australia, cyber incidents continue to rise, underscoring the need for proactive measures. Multi-Factor Authentication (MFA) is a powerful tool that provides an added layer of security, making it more challenging for cybercriminals to access your sensitive information. What is Multi-Factor Authentication (MFA)? Multi-Factor Authentication (MFA), also known as two-factor authentication (2FA) or two-step verification, is a security mechanism that requires users to provide two or more authentication factors to verify their identity before gaining access to a system or account. These factors typically fall into three categories: Something you know: This includes passwords, PINs, or security questions. Something you have: Such as a mobile device, smart card, or token. Something you are: Biometric identifiers like fingerprint scans, facial recognition, or iris scans. By combining two or more of these factors, MFA adds an additional layer of security that makes it significantly harder for cybercriminals to gain unauthorised access, even if they manage to obtain one factor, such as a password.

A Major IT Outage: What Happened? On July 19, 2024, a significant IT outage disrupted services worldwide. Banks, healthcare facilities, emergency services, and payment systems faced interruptions, causing widespread business closures and even flight cancellations. This global incident left many travelers stranded and businesses scrambling to restore operations. What is CrowdStrike? CrowdStrike is a leading American cybersecurity company specialising in software to monitor and detect cyber threats. Their flagship product, Falcon EDR (Endpoint Detection and Response), acts like a powerful antivirus tool. It detects and mitigates security threats, alerting of potential hackers. During a recent update, it caused many computers to crash, resulting in the infamous Blue Screen of Death (BSOD) on Windows systems. Given that Microsoft systems constitute about 70% of desktop operating systems worldwide, the effects of this outage were extensive, impacting millions globally. * Is My Computer Safe? The good news is that CrowdStrike's products are primarily used by organisations, not individual home users. If you are using regular antivirus and anti-malware programs, you would not have been affected by this outage. However, it raises an important question: what can I do to prepare for future outages?

In the vast expanse of the digital world, our passwords are the gatekeepers standing between our sensitive information and the prying eyes of cybercriminals. Yet, as we navigate through the virtual landscape, it's alarmingly easy to overlook the importance of fortifying our passwords on a regular basis. The Vulnerability of Weak Passwords Weak passwords, akin to flimsy locks on a treasure chest, invite trouble with open arms. Here's a stark reality: a mere 7-character password can be cracked in a mind-bogglingly short span of 2 seconds. Add a few symbols, and you extend that to a meager 4 seconds. In the blink of an eye, your fortress is breached, leaving your personal data exposed to malicious intent. Reusing passwords across multiple accounts is akin to employing the same key for every door in your house. Once a cybercriminal unlocks one door, they have access to the entire residence of your digital identity. It's a convenience we cannot afford.

The battle against cybercriminals and their persistent efforts is more crucial than ever as cybercrime continues to rise each year in Australia, and in particular – phishing scams. What is a phishing scam? A phishing scam is a method of stealing confidential information by sending fraudulent messages to a victim. It is one of the most common cyber scams reported in Australia. Perpetrators often disguise themselves as reputable organisations or even Government departments, exploiting people’s trust in these entities. Phishing messages come in various forms, all designed to trick individuals into surrendering personal or business information. Examples include, email or system upgrade messages, HR emails from a similar address, website expiration messages requesting and emails with information relating to government benefits or financial assistance payments. 

As cybercrime continues to evolve, one concerning trend impacting CDF clients is the rise of Invoice Fraud, also known as Invoice Hacking or Invoice Redirection. Invoice Fraud occurs when cybercriminals impersonate legitimate businesses and suppliers, intercepting emails containing invoices. These criminals send altered emails with invoices bearing their own bank account details, tricking recipients into making payments to fraudulent accounts. The impact of Invoice Fraud has been significant. Since the Covid-19 pandemic, Scamwatch has reported that Australia's small businesses suffered losses of $14 million due to Invoice Fraud scams. What makes Invoice Fraud particularly challenging to detect is its sophisticated nature, as there may be no obvious signs of a scam. Unlike traditional email scams, these fraudulent invoices often do not contain spelling mistakes or fake email addresses that would raise suspicions. Victims may remain unaware of the deception until weeks later when the genuine supplier contacts them to request payment, by which time their money has already been lost to cybercriminals. To help safeguard your business against invoice fraud: 1. Always verify changes When you receive requests to alter bank account details, email addresses, or payment information, take the time to verify these changes over the phone, using a contact number you already know or from the supplier's official website. Avoid using the contact information provided in the invoice, as it could be fraudulent. Human interaction during verification can minimize the risk of falling victim to invoice hacking. 2. Exercise caution and diligence Avoid rushing or being pressured into making payments quickly; instead, carry out due diligence by double-checking the legitimacy and accuracy of the provided account details. 3. Review email addresses Closely scrutinize any change requests to ensure they are not spoof emails. Look for any anomalies or inconsistencies in the email addresses, font or language, which could be indicative of fraudulent activity. For more information, visit: Australian Government – Australian Cyber Security Centre Australian Competition and Consumer Commission (ACCC) – Scamwatch We’re here to help Cyber-scams will always be prevalent in the online world; but by working together we can help detect and prevent suspicious activity. If you think you’ve been a victim of a scam or are worried about the security of your CDF accounts, contact us today .

As cybercrime continues to rise each year in Australia, taking additional, proactive steps to secure your devices against cybercriminals is no longer an option, but a necessity. In addition to using emails, text messages and phone calls to trick unsuspecting individuals into opening attachments, visiting a website, or revealing login credentials; cybercriminals are now actively exploiting weaknesses in systems and applications to access and steal personal information. In fact, cybercriminals have become so highly skilled, they continue to successfully infiltrate the systems of major organisations such as Optus and Medibank, stealing highly confidential, personal data and selling it online. You might be asking yourself, “If Optus and Medibank can get hacked, what chance do I stand?” The good news is you don’t need the resources of an entire IT department to protect yourself against cybercriminals. In fact, you can successfully secure your devices by following these practical, simple steps: 1. Update your devices with the latest software or operating system Devices are often hacked by cybercriminals using known weaknesses in operating systems or applications. This is easy to avoid by ensuring your device software and applications are updated on a regular basis. Not only do updates provide new features and improvements, but they almost always provide upgrades that fix security flaws. It is important to update devices as soon as a new software update becomes available. This can be done automatically by simply turning on automatic updates in your device settings. To turn on automatic updates, look at the Australian Cyber Security Centre (ACSC) step-by-step guides for: iMac, MacBook, iPhone & iPad Microsoft Windows 10 2. Activate Two-Factor Authentication (2FA) 2FA improves your device security by acting as a ‘second key’ and proving you are the person requesting access. An example of a ‘second key’ is an SMS, prompting a unique password each time to you try to login to an online account. This second key, or second-factor, makes it very difficult for cybercriminals to log into your account without your unique 2FA code. However, for 2FA to remain secure and unique to you, it must never be shared and treated like an important ID document. To reduce the likelihood of unauthorised access to your device or accounts, activate 2FA, starting with your most important accounts such as computer login and emails. To activate 2FA, follow these guides for popular platforms: Microsoft Apple ID Gmail LinkedIn Twitter Facebook Instagram 3. Create Secure Login Credentials In addition to two-factor authentication, a secure password can make a big different when protecting your data from cybercriminals. Cybersecurity experts recommend creating passphrases by using a combination of four or more random words. You can create a secure password by ensuring it contains these features: · Combination of upper and lowercase characters. · Combination of numbers and symbols. · Is at least 14 characters in length. · Is unpredictable and unique to each of your accounts. For more tips on how to build strong Login Credentials, see the ACSC. 4. Setup Device Backups In the worst-case scenario where your device has been hacked, and your data is lost, it can help to have a backup in place. A backup is a saved copy of the data stored on your device such as: files, images, documents and so on. It is usually backed-up on an online cloud, but it can also be saved to an external hard drive or device. Having a reliable backup in place means that critical files can be restored if your device is ever lost, stolen, or damaged. To set up secure, automatic backups, read the ACSC guides for : Apple Mac external storage backup and cloud backup . Apple iPhone cloud backup . Microsoft Windows 10 external storage backup and cloud backup . For more information about cyber safety and fraud prevention, you can visit: Australian Government – Australian Cyber Security Centre, opens in new window Australian Competition and Consumer Commission (ACCC) – Scamwatch We’re here to help  Cyber-attacks and scams will always be prevalent in the online world; but by working together we can help detect and prevent suspicious activity. If you think you’ve been a victim of a scam or are worried about the security of your accounts, email us at csg@melbcdf.org.au or phone 1800 134 135 .

Over the past few weeks, online scams and cyber security have become front-page news as personal information was compromised in online, fraudulent activity. While the news about these large telecommunication companies being targeted may be worrying, it also serves as a stark reminder that cyber-crime in Australia is continuing to rise.

Today businesses of all shapes and sizes rely on connecting with people digitally and as a result depend heavily on the internet, which continues to rapidly transform our world. It is an important part of how we operate, communicate and interact with each other every day. According to the 2020 Australian Cyber Security Centre (ACSC) Annual Cyber Threat Report , the COVID-19 pandemic has undoubtedly increased dependance on the internet for both individuals and organisations; which has correlated to the increase in opportunities for malicious cyber actors to take advantage of those online who may be more vulnerable. Online criminal activity is getting more advanced as data and financial systems are compromised, taking us away from important business activity. While losses can be significant, your business or organisation’s reputation could be changed in an instant with losses far greater than those recorded on the balance sheet. The 2020 NAB Cyber Security Survey found that 6 in 10 Australian businesses have been victims of a cyber security incident in the last year, and fewer than 20% are confident that they have the right controls in place to prevent and handle such situations. The good news is that you and your organisation can stay safe online without a large investment in resources, tools or money. Some measures can be easy, such as reviewing procedures and operations; others involve some investment in hardware and expertise and many risks can be lowered significantly by educating those within your organisation. While it may seem overwhelming at first, experts recommend not to get caught in the complexities of hardware and software first-off, instead aim to make those in your organisation alert to the dangers of online fraud by creating awareness. What can you do to raise awareness of cyber-crime and fraud in your workplace?