3 minute read

A new era of cyber-criminals

There’s been heightened focus on the cybersecurity landscape this year due to COVID-19 and the sudden impact it’s had on our daily lives. With more of us working remotely and increasing our reliance on email, this has provided an open playground for cyber-criminals to manipulate.

In fact, the ACCC has reported losses of more than $91 million so far in 2020, as scammers target personal information, leaving businesses and individuals on high alert.

Advertisement

Security experts, such as Laura Hartley, Head of Public/Private Partnerships, Enterprise Security, NAB, and Ryan Janosevic, COO and Co-founder, RetrospectLabs, are at the forefront of industry discussion, as they work to enable organisations to protect against potential risks.

At the top of their fields, Ryan and Laura give us a glimpse into the profile of a cybercriminal and insights into the most common cyber threats to businesses and individuals today.

“Cyber-criminals aren’t just a bunch of teenagers sitting in their basements anymore, they may have started out that way, but now they’re highly professional, structured and can be hired”, said Ryan.

Mirroring Ryan’s sentiment, Laura describes the recruitment process for cyber-criminals, also known as hackers, cyber actors or fraudsters. “Cyber-crime organisations actively target students as they are leaving university – graphic designers, computer programmers, you name it – offering them graduate programs and the opportunity to join their lucrative businesses”.

Just as the skillsets of the people within cyber-crime are diversifying, so too are their motives.

There are three types of cyber fraudsters out there:

• Hacktivists, who are politically motivated and aligned with a cause;

• Cybercriminals, who are financially motivated. They are interested in stealing your data and turning that theft into a financial return; and

• Nation state actors, who work for governments to disrupt or compromise other governments, organisations or individuals to gain access to valuable data or intelligence and can create incidents that have international significance.

"It’s important to understand that your data is valuable and is of interest to a broad range of cyber actors, no matter who you are, no matter what your business does. Cyber criminals don’t have a great set of morals, so they’ll leverage anything, even a global pandemic, to get what they want. That’s why it’s vital to understand these types of threats and practise good cyber-hygiene ,” said Ryan. Cyber-crime does not discriminate and is a reality of being online in 2020. Email based scams remain the primary threat targeting businesses today and are becoming more and more comprehensive. In August 2020, the ACCC announced that the number of reported phishing scams is up by 44 per cent compared with the same time last year.

“A common email scam we see happen to customers is invoice fraud – a process that involves a cyber-criminal calling your company impersonating a supplier to say their payment details have changed, and providing alternative details for a bank account they control”, shared Laura. “Businesses may action the request to update payment details, not realising that they are not communicating with the real supplier. In some cases, weeks or months of legitimate invoices may be paid into the account controlled by the criminal before the recipient realises something is amiss. It’s important to remember that this can happen to any business, any person. To safeguard from this type of fraud is a simple process fix. If you don’t already, always verbally confirm change of account details before actioning the request”, said Laura.

Remember the 5 things PEXA will never do when it comes to you and your security. PEXA will never:

1. Email you from unofficial addresses;

2. Send you an email advising you to click a link to log in to the platform;

3. Request files or information from you via a third-party service;

4. Ask for your MFA code; or 5. Call you from unverified phone numbers

Visit our dedicated security page on the Community to read more.

The good news is that there’s many simple things you can do to protect your business from cyber crime and fraud. Visit the Australian Cyber Security Centre’s (ACSC’s) website, ask a question on PEXA’s dedicated Security page or visit the NAB Security Hub. If you’d like to hear more from Laura and Ryan, they recently accompanied PEXA’s GM, IT Security, David Willett, in a webinar to discuss cyber-security and answer attendee questions. Click here to watch.

This article is from: