Since 2001 Australia has passed more counter-terrorism and national security legislation than any other liberal democracy. On Thursday in a crunch before Christmas, Australia’s parliament passed a highly controversial bill that will allow the country’s intelligence agencies to demand and gain access to encrypted digital communications. What was passed has really concerned the public, as well as western countries due to its broadness and vagueness.

What the bill imposes:

  • Compelling local and international communication giants like Facebook and WhatsApp to remove electronic protections, conceal government operations, and help with general access to devices or services (iPhone, androids, Alexa, Google Home, etc..).
  • Governments can approach a corporation or a key specific individual in that firm.
  • Ordering companies to create phishing landing pages, install key-loggers, or even push out fake software updates.

Impact:

  • Failure to cooperate with these orders can result in fines up to $7.3 million and prison time.
  • Custom vulnerabilities built to investigate specific individuals may become exposed by other hackers (like the NSA built WannaCry malware)
  • Additional back doors created in applications may result in big data leaks
  • Although the new bill passed claims to target specific individuals for pedophilia, terrorism, and other acts of criminal activities, who knows how far this will be taken advantage of.
  • May force new and existing companies to rethink into venturing into the Australian market, as it would impose weakened security on their applications.

Should you be concerned? Absolutely. With Australia being the first to take a firm step against data encryption, the “Five Eyes” intelligence allies (Australia, United States, United Kingdom, Canada, and New Zealand) might be looking to mimic the new bill into the future. The new bill though, is intended to go through several amendment processes to decrease the generalizations by February.

Sources:

https://www.theguardian.com/technology/2018/dec/08/australias-war-on-encryption-the-sweeping-new-powers-rushed-into-law

Job seekers be on the lookout! If you’ve been browsing around the web recently in attempts to find a gig for some extra cash, just make sure you don’t get swindled. During every holiday season, we see a few of these schemes peak in popularity by scammers (like the $100 gift card), and this is one of them. Phone calls, texts, and social media messages have been making their rounds recently claiming to provide an opportunity for you to make $15-30/hour working from home with Amazon. These “gigs” may entail anything from fulfilling orders to answering customer inquiries. Problem is, they’re not real.

Amazon is growing faster than ever, opening up new fulfillment warehouses and distribution centers, making it easier for fraudsters to target locals. We followed up on a few of these individuals that attempted to reach out to us, and discovered this scam isn’t as elaborate as it seems. After a quick sales pitch, we were asked to:

  • Provide our personal information (name, address, email, etc)
  • Visit their fake website; which claims you can make hundreds of dollars per day with a few hours of work (view our list of fake websites below)
  • Purchase “training material” or “starter kits” to learn what your new job will bring about

If these fall in line with what you have received, it’s a scam. Once you go ahead and purchase anything, you can bet that’s the last you’ll hear from them. The programs (at this pay) don’t exist. And if sounds too good to be true, it probably is. Here are a few of the websites we have confirmed to be fraudulent:

amazonrecruiter.org - amazonhiring.org - amazonfromhome.org - webstorejobs.org - goretail.org - amazongigs.org - storejobs.org - internetcareer.org - retailpay.org - amazonwork.org - amazonprofits.co - amazonprofits.org - stockretail.org - amazoncash.co - amazoncash.org - amazonwealth.org - amazoncareers.co - amazonmoney.co

Sources:

www.clark.com/news/amazon-job-scam/

In 2018 phishing attempts to compromise personal information and sensitive data is not something new, but we are seeing an increase in the sophistication of these attacks. Hackers are now working on infiltrating corporate businesses to pose as internal employees (CEO, CIO, Accounting Departments) seeking to defraud them into transferring business funds.

phishing email

The cyber-security firm "Agari" had recently reported that in a data dump of 50,000 emails, 71% of the people targeted were CFO's. The reasoning is because these individuals are the most likely to have direct access to corporate bank accounts. Although a majority of these targets are aiming towards firms in the United States, there are over 80 different countries on the list. Agari has not shared how they have obtained this information, only disclosing active engagement with the scammers themselves.

Working with large enterprise organizations ourselves, we are surprised on a day to day basis on how unsecured some of these environments are. Here are some tips we suggest you take, even if you are not a CFO for a Fortune 100 company. That is, if you value your personal information:

  • Create a secure password, and change it every 3-4 months. This means numbers, capital letters, and symbols [email protected]#$% - If possible, we even recommend using secure computer generated passwords, and storing them in an application like "LastPass" as a secure vault. DON'T use the same password for all of your accounts.
  • Enabling 2 factor authentication - Most large email providers, and even social media now have this option. It enables an extra security layer to your account upon logging in, entering your password, prompting you to enter a 6 digit passcode that resets every 30-60 seconds. This code is either texted to you, or shown in real time with an application like "google authenticator". Just enabling this feature would help secure against most password attacks.
  • Disconnecting unused applications that are authorized through your primary accounts: "Whatttt...?" - As you may have noticed, you can login to various different websites and platforms nowadays by using your Facebook account or Gmail. This means you are granting them some level of access to your data, through your email or social media accounts (recently seen with Cambridge Analytica). We recommend you login to your Google's, Facebook's, etc. account settings, and disconnect the applications you no longer use.
  • Being cautious with what you click on and open- If you receive an email from someone you don't recognize, containing an attachment you weren't expecting, don't open it! By simply clicking a link to a website or downloading a file, you may infect your computer with a key logger or malware. Pay close attention to where that email came from. Hackers often use common misspellings for websites to trick you. An email from @netflix.com might actually be an email from @netfllix.com - At a quick glance, you might not notice the extra L.

We will be posting additional threads on security tips, but this is a great place to start. And ofcourse, if you receive an email that you suspect to be fraud, throw it in our website database to confirm!

Source:

https://www.cnn.com/2018/12/04/tech/london-blue-email-hackers/index.html

Like the famous IRS/CRA scam, this scheme isn't anything new, but once again is making its rounds throughout the world. Australian ABC news has recently reported (this month) of record breaking numbers of financial losses, over $800,000 in the past 30 days. One single individual, had reported being conned out of $236,000 throughout a few months. Why you ask? Mostly because of fear. All of these outbound calls from fraudster revenue agencies include threatening messages in their script stating that "if you do not pay this sum, we will freeze all of your accounts and send over the authorities to arrest you". The ATO has reported that since July, there have been over 6,000 people that have handed over personal information or financial details to scammers.

How can we help prevent these attempts to defraud us? By spreading awareness. Letting mom, dad, grandma and grandpa know that these calls are circulating and what they should be on the look out for. A few general giveaways that should concern you are:

  • A thick out of country accent (while it is obviously not the only factor, it should atleast throw up a red flag)
  • Rude behavior, threats, asking for personal information
  • Requesting fees to "cancel arrest warrants"
  • Requests for gift cards that are "government authorized payments"
  • Requests to connect you to their "secure server" - this is another attempt to steal data from your computer
  • Providing you with "officer" or "badge ID" - these are all BS

If you believe the call is legitimate, you may ask them to verify any of your personal information. In most cases, these scammers do not know anything about you besides your phone number and name. If you are still skeptical, call your CPA, attorney, phone the ATO directly, or use our database to verify the call. Although in some scenarios their number may be masked (faked to show that it is coming from a legitimate agency), you will still be able to confirm known tactics and scripts used in previous cons.

If you have received these calls in Australia, please submit them to our scammer database and/or to the scam watch government website here.

Source:

https://www.abc.net.au/news/2018-12-05/scammers-fleece-australians-out-of-$800,000-in-one-month/10553646

Well, it's the holiday season, and the Visa gift card scams are more prevalent now than any other time of the year. Myself, I have been receiving about 3-4 of these calls per day, some I manage to pick up, the others go to voicemail. Generally, they all aim to capture the same information with the same intent.. I was able to chat a little further with a few of the reps to understand how this scheme operates. Here's how the "scam" works. The reason I put "scam" in quotations, is because this is technically not illegal, but ethically a joke.

It all starts off with an agent saying "you're qualified to receive a $100 gift card that can be used at store's like Walmart, Home Depot, etc.." The only CATCH, is you have to pay them $2.95 for a "shipping and handling" fee with your credit card. Sounds like a deal! But this is the gotcha moment... Once you read out your card information to cover that shipping fee, they will read off a long disclaimer stating that you will be enrolled in various programs and trial services. What is not always noted, is that once these "trials" are complete (usually a 7 day), your card will automatically be billed various amounts of charges. Since you have agreed to the disclaimer, it will be difficult to dispute these transactions which could take weeks.

So pay close attention! There is no such thing as free money, and there is always a catch.. The representative I spoke with, even admitted that "stupid people get excited" and hand over their details almost immediately. Stay skeptical, verify the calls with our database, and submit your complaints to help others!