Tag: Scamwatch

Cybersecurity, scams and data breaches

cybersecurity-scams-databreaches
Image of programming code by Lorenzo Cafara www.pixabay.com

Call it coincidence, but I was in the midst of a domestic internet security overhaul when news of the Optus hack broke. As we know, what the press is calling the biggest hack in Australian history left the private information of up to 10 million Optus customers open to potential abuse. Optus customers are clamouring to have their drivers’ licences and passports re-issued and there is talk of class actions.

Like most of us whose lives are largely lived online, we are, or should be, aware of the threat posed by scammers. Any day of the week you will hear of pensioners who lost their life savings, falling for some elaborate call centre scam. The sophisticated level of social engineering being employed by scammers is such that even savvy older people are falling victim to seemingly plausible communications via mobile phone, social media apps and email.

Just as we all lock doors and windows and turn on security systems before going on holidays, we should all be thinking about security for our electronic communications. My IT adviser swears by password managers – that is, subscribing to a company that will encrypt all of your online logins and passwords. You manage things at your end with a master password. But wait, I ask, isn’t this putting all of your eggs in one basket? If someone nabs your master password you’re screwed, right?

The best protection against electronic fraud is to use a two-step authentication system. This may be as simple as: login, password (now enter the four-digit code we just sent to your mobile phone).

Last time I went to do some internet banking, I was informed that my security token would soon expire. This is a small gadget (most people call them dongles) which display six constantly changing numbers). The process is: logon, password (dongle code).

In theory it is unhackable, as the security codes are constantly changing. I decided to order another ‘dongle’, only to be told that the bank preferred me to use their secure phone app. Send me a dongle, I replied, via secure email. After jumping through a few security hoops, I ordered a new physical dongle. The bank employee I dealt with (online) said the bank would waive the $20 fee as I had been a valued customer for many years (Melbourne Cup, here I come).

As a result of increasing data breaches and scams, we can expect government organisations and others to tighten security. After thoroughly checking it out first, I found that the Australian Securities and Investment Commission (ASIC) now requires all company directors to apply for a ‘digital security ID number’.

The recommended method for applying for a director identification number is by using the MyGovID phone app. The app requires you to scan identification documents into a mobile phone app. They also want your date of birth, physical address, email address and mobile phone number. Then you have to scan any unique identifying marks (moles, birthmarks, tattoos) – no wait, I made that bit up.

It’s quite an exercise.

But what if some enterprising Black Hat (master hacker) breaks into MyGovId? In theory this will create a lot of work for people whose professions involves producing ID documents. Just as we are seeing now with the Optus hack, everyone who uses MyGovID would need to replace their ID documents,

This new requirement by ASIC (which only applies to company directors), will, as they say, “help prevent the use of false or fraudulent director identities”. Directors who were appointed prior to November 2021 have until November 30, 2022 to apply. ASIC adds, “it is a criminal offence if you do not apply on time”.

If you think about it, multiple government and non-government organisations hold all manner of confidential information on us. At the very least, many of them already have our date of birth, passport and driver’s licence numbers, credit card details, direct debit for bank accounts and so on. When was the last time you booked online for a concert? Credit card?

In August, I was required to fill in an online hospital admission form when signing up for elective surgery. They wanted to know everything about me – even my BMI. I had to ask Sister Dee to explain that one. It’s a number arrived at by squaring your weight with your height. Anaesthetists need to know.

They’ve got my height and weight,” I said to the admitting nurse. “He can work it out.” (Ed: It’s 23.6)

Then they wanted a copy of my power of attorney. I didn’t have a copy so had to ask our lawyer to send me one, post haste. Now that’s online too.

But methinks I doth protest too much – I did after all wake up.

It’s a good thing I decided to sign up for the now-obligatory company director security number. In the process, I discovered my passport will expire next year. Since we have plans to go to New Zealand, Canada and maybe Japan, I’d best get on my bike and order a new one. I suppose how long it takes depends on the Optus backlog, eh?

In the meantime, everyone who reads this column on a regular basis should know about the Scamwatch website. The Australian Competition and Consumer Commission (ACCC) keeps a running tally of internet scams, pesky robot phone calls and phishing scams (someone pretending to be your internet service provider, bank, tax office – whatever). Currently Scamwatch is alerting Australians that fraudsters will seek to exploit the Optus data breach. Last month the ACCC warned people who use WhatsApp to watch out for the ‘Hello Mum’ scam. Briefly, someone who apparently knows you have a son or daughter overseas will start a text conversation.

“Hi Mum, it’s me. I lost my phone and got locked out of my bank. Can you help?”

The correct answer should be something like – “If you are my daughter, what was the name of our cat when you were 12 and what was her favourite food?”

It’s no laughing matter. On August 3 Scamwatch reported that consumers lost $20 million to imposter bond investment scams. These scams impersonate real financial companies or banks and claim to offer government/Treasury bonds or fixed term deposits. People often fall victim after searching online for investment opportunities. Watch out for fake third-party comparison sites and too-good-to-be-true returns.

I have had a few interactions with our internet service provider over the years about phishing emails. They would often arrive in my inbox on iiNet letterhead (the sender’s email address is always dodgy). The gist is usually, “There is a problem with your invoice (which I just paid). Please click on this link and update your credit card details.” My arse!

The last time I complained, I forwarded the fake email to iiNet as requested. iiNet (second largest ISP in Australia), must have had some success since, as these rogue messages appear to have stopped. Their customers are not the only target. There are myriad instances of bogus emails purporting to be from banks, finance companies, telcos, e-commerce companies etc. The best response is block/blacklist/delete and keep doing it until they move on. And always report it to the company being impersonated. Oh, and always log out of Facebook and Messenger. But you knew that.

 

Demise Of The Fixed-Line Home Phone

fixed-line-phones
Australian Communications and Media Authority Communications report 2017–18.

The landline is ringing. A saxophone riff from a Men at Work song plays in my head (‘who can it be now?’). Despite my better judgement, I pick up. It goes something like this. (Pause) “This is Nicole from Australian National Broadband. We have been trying to get in touch with you as we are soon going to disconnect your landline, Press 1 now to speak to a technician.”

I don’t press 1 and after 5 seconds the call disconnects. Poor Nicole (and apologies to the two women I know named Nicole). She has been robo calling our number without success for at least 18 months. How will you describe that on your CV, Nicole? (2018-2019: scam robo call voiceover).

Once again, synchronicity strikes. Just when I decided to write about the demise of the landline, I see it is National Scam Awareness Week (August 12-16). There are serious reasons for raising awareness of telephone and internet scams, as they are costing Australians about $1 billion a year.

Scamwatch estimates that NBN scams alone are ripping $110,000 a month from people who should have tuned in for NSAW last year (when the figure was $37,000 a month).

Few real people call our landline these days. Like everyone I surveyed for this essay, we average about 15 telemarketing calls or phone scams per week. They are often the 6.50pm calls, just as you are sitting down to eat. It’s someone in an offshore call centre, trying to sell you something. Most people just hang up.

My elder sister in New Zealand always calls the landline, as does John, our oldest friend in the village. They belong to a cohort who does not have mobile phones. They persist, some would say depend on, the dying communication form of a fixed copper wire telephone line.

The 2017-2018 report by the Australian Communications and Media Authority (ACMA) said that 36% (6.7 million) of Australians have scrapped their fixed home phone line and rely on a mobile service. Some may also have a VoIP (voice over internet protocol) phone as part of their National Broadband Network deal. There is one vital difference between a landline and VoIP. The major issue with a ‘landline’ that comes with an NBN package is that it stops working when you have a power failure. (This is also the case for a hands-free phone plugged into the power, rather than a dedicated phone wired into the wall).

The latter still works when there is a blackout – you can ring Fred on the other side of town to see if his power is out too. Useful stuff like that.

Nevertheless, fixed-line use declined 7% in 2017-2018, continuing a long-term trend (although 10m people still have one).  One could suggest that people are letting go of their landlines in favour of mobiles and reducing their monthly phone/internet bill. I suspect people no longer trust their landline. As FOMM reader John No 1 said: “The value of the telephone as a means of communication is being diminished because it is impossible to know if a caller is genuine…”

Meanwhile, eight out of 10 Australians own a smartphone – 64% more than five years ago. A smart phone is infinitely more useful than a one-function landline. Smart phones users can make voice calls, send texts or use apps for messaging or voice /video calls). And, as we all know, you can browse the internet, watch streaming TV, make videos, take pictures of your cat to put on Facebook, use it as a compass or a navigation device, tune your guitar, turn it into a metronome or use it as an alarm clock.

A few FOMM readers responded to my question: why do you still have a landline? John No 2 (no mobile), says he wants to stay with a fixed-line phone because mobile reception is poor where he lives. He is also a bit peeved that after paying for a silent number, he still gets nuisance calls.  Another reader told me she uses her landline exclusively for her counselling service so she can be ‘present’ (as opposed to being out and about and distracted if a client calls on the mobile).

Ian says he ended up with a VoIP phone when he changed to the NBN, but neither he nor Mrs Ian uses it, mainly because Telstra/Optus were unable to transfer his old number. They prefer to use mobiles, as they had been doing for years before NBN showed up. Ian says that until the change was forced upon him, he’d had a landline (and the same Telstra number), for 33 years.

I tend to avoid using the home phone, instead favouring text messages. She Who Likes To Talk To People always tries calling first.

“What’s the point,” I say. “It will just go to voice mail or they will get a garbled 10-second text message transcribed from voice.”

Example: “It’s Nog here, I be roundson to pick up cheers.”

The ease of text messaging (and the fast response when you use the Facebook app Messenger), has lulled us into a world where we communicate primarily by text and email (both formats which can be easily misinterpreted), in lieu of actually talking to each other.

A while ago, I realised this form of communication was the equivalent of holing up in the castle and sending a messenger on horseback to tell Princess Desiree in yonder palace that she is the fairest in the land.

Who would know if the fair damsel received the gilded message and what happened next (mayhap she was smitten by the messenger and they rode off together into the darkening forest (cue Game of Thrones theme).

Yes, so I decided I would have a telephone conversation with someone every week. I’m behind schedule, but I have excuses.

It is probably fair in National Scam Awareness Week to observe that mobile phone users are also plagued by scam calls, robo calls and telemarketers. Nevertheless, Australians continue their love affair with mobile technology. In Australia, there are now 34.54 million mobile services in operation, compared with 31.09 million in 2013, the last time I wrote on this topic. ACMA says the volume of data downloaded on mobile networks increased fivefold between 2014 and 2018. We can probably attribute a lot of it to Netflix (50% of Australians have a subscription), and Stan (13%).

The relatively slow growth in new mobile use suggests demand has peaked. Still, that’s about 10 million more mobiles than there are people. Given this huge target market, it seems likely the scammers and hard-sell merchants will keep finding sinister new ways to catch us off guard.

Robo calls are as big a problem in the US as the opioid crisis, mass shootings and Donald Trump. The regulators have been pressing the telecommunications industry to do something about it since 2014. In response, the industry has developed a solution to stop robo calls and ‘spoofing’. The latter refers to criminals and unscrupulous people altering the calling number of their outbound calls in order to deceive the person receiving the call. For example, the call may show up in your caller ID as your neighbour or a relative. The industry has invented a new technology standard to defeat spoofing and has given it an intriguing name based on two acronyms – STIR/SHAKEN.

Sounds like something you’d order at the bar when taking Miss Moneypenny on a date.

Further reading FOMM back pages: https://bobwords.com.au/friday-on-my-mind/