Cyber Awareness – Getting Started

Scam
A scam is where a scammer attempts to trick a person into providing personal details, financial information or money (1). There are many different types of scam. Visit CERT NZ or CERT Australia for more information.

Malware
Malware is any type of malicious software that aims to disrupt, damage or provide unauthorised access to a computer system (2; 3). Visit CERT NZ or CERT Australia for more information about the many types of malware.

How you are targeted by scams and malware
Scammers often use emails to target people but may also use a combination of contact methods such as email, text message, messaging apps, phone calls and in person (1; 4; 5).

Malware is usually spread via email or through computer networks and portable drives (3).

Scam awareness
Banks and most organisations will never ask for passwords or pin numbers in person or by email (1). Be very wary if asked and if in doubt, contact the organisation separately using the contact details you would normally use to contact them (1).

A scammer will usually make unexpected contact with you, predominantly via email or phone call (1). They may:

  • contact you with an attractive offer (1)
  • contact you to say you have errors and urgently need a software upgrade (1; 4)
  • contact you pretending to be someone they aren’t, e.g. your bank (1)
  • contact you saying they are from Microsoft or Apple offering remote assistance to fix a problem they have been alerted about (4)
  • ask for money, personal, account or access details (e.g. passwords or pin numbers) (1; 4)
  • send you a fake invoice or remittance – DO NOT OPEN (1)
  • phone number looks like an overseas number (4)
  • usually with a strong accent.

Indications that a message (email, text, messenger app) may be a scam or contain malware:

  • may have the characteristics of a scam (1; 5)
  • asking for money, personal or account details (1; 4; 5)
  • attempting to blackmail you (4)
  • contain a bill for services you didn’t ask for (1)
  • contain suspicious links or attachments (1; 3). If a link is provided in an email, hover above the link to see if it is the same as what is typed (5). If not it is likely to be malicious (6)
  • may contain offensive content
  • be providing or offering something you didn’t ask for (4)
  • may appear very similar to messages you currently receive (5)
  • may come from a person you are not expecting to receive a message from
  • emails may come from someone you know – hackers have gotten access to their account and are sending out emails to their contact list (1). Be wary about requests for money or other uncharacteristic emails from people you know (1)
  • email address is not from the organisation being represented in the email. Scam emails may be different but very similar to genuine email addresses (1)
  • email address doesn’t match the name on the address or on the email signature
  • spelling errors in the email (6)
  • emails suggesting you will lose data or emails requiring you to “click here” or sign in to recover your account or missing emails.
  • may contain a file that asks you to enable macros – do not enable macros (3).

How to avoid visiting fake, fraudulent or dangerous websites

  • Don’t search for objectionable material (3).
  • Don’t type in the website for websites you know to contain objectional material (3).
  • Don’t download pirated (illegally downloaded) software or data such as movies and music. Aside from infringing on copyright, you are providing an opportunity for cybercriminals to download viruses and malware to your computer alongside it (7). It’s cheaper and safer to buy the software or data you require from a reputable site.
  • Don’t guess the address of a website (3; 7).
  • Be careful with your spelling when typing a URL in (3; 7).
  • Double check the website’s URL, especially if it came via an unexpected email (7). It may look very similar to a real website (1; 3).
  • If a link is provided in an email, hover above the link to see if it is the same as what is typed (5). If not it is likely to be malicious.
  • Things to look for:
    • look for the padlock symbol next to the URL – this indicates the site is secure (1; 3)
    • look for an “About this website” page (5)
    • look for contact details, particularly a legitimate contact phone number (5)
    • look for online reviews, but also be wary of fake online reviews (5)
    • may contain a lot of poor grammar and spelling
    • site says that you have a virus or are in trouble with the law (5)
    • asking for a direct bank transfer (5).

References

  1. Ministry of Business, Innovation and Employment [NZ]. Avoiding scams and fraud. [Online] [Cited: August 8, 2018.] https://www.business.govt.nz/risks-and-operations/it-risk-and-avoiding-scams/avoiding-scams-and-fraud/.
  2. —. Protecting business data. [Online] [Cited: August 8, 2018.] https://www.business.govt.nz/risks-and-operations/it-risk-and-avoiding-scams/protecting-business-data/.
  3. Australian Cyber Security Centre (ACSC). Malware. Australian Cyber Security Centre (ACSC). [Online] August 14, 2018. [Cited: August 15, 2018.] https://cyber.gov.au/business/threats/malware/.
  4. —. Phone scams. Australian Cyber Security Centre (ACSC). [Online] [Cited: August 15, 2018.] https://cyber.gov.au/business/threats/phone-scams/.
  5. —. Phishing. Australian Cyber Security Centre (ACSC). [Online] August 13, 2018. [Cited: August 15, 2018.] https://cyber.gov.au/business/threats/phishing/.
  6. The evolution of cyber threats. Delta Insurance. 4, Auckland : s.n., 2018.
  7. Australian Cyber Security Centre (ACSC). Ransomware. Australian Cyber Security Centre (ACSC). [Online] August 13, 2018. [Cited: August 14, 2018.] https://cyber.gov.au/business/threats/ransomware/.