Cyber Vigilance Update

Today’s Connection

Cyber Engage Update - 18/01/2023 (#10) (#12) (#14) (#15)

Office Alert

Looking for a new job or your next employee?

You may be a scammers next target.

With thousands of young Australians finishing school and graduating from university, the New Year is a busy time for those intending to either look for work or recruit new employees.

The Australian Competition and Consumer Commission’s (ACCC) Scamwatch recently reported that recruitment scams are set to rise, with Australians losing $8.7 million in 2022.

Scamwatch received 3,194 reports of job scams over the period, with many of those affected having been promised fast money. It was also identified that Australians aged between 25 and 44 are reporting the biggest losses to job scams.

A typical approach is for Cyber criminals to message job seekers using encrypted messaging services and social media under the guise that they are from well-known recruitment agencies. A request is then made that victims pay an upfront fee to secure a high-paying role.

ACCC deputy chair Delia Rickard  advised that “They’re taking advantage of encrypted apps like WhatsApp, Telegram, Signal, where it’s harder for them to be detected.”

If you are job hunting and you are offered work that requires little effort for a big financial reward, it is most likely a scam.”

What can you do?

The ACCC advises that jobseekers use common sense to detect job opportunities that seem too good to be true.

This includes roles that require very little effort for massive payouts. Examples of such roles might include repeatedly clicking a button on a website or app to purchase products or submit reviews.

The ACCC also recommends to never make upfront investments to secure a job.

Those who believe they have been caught by a recruitment scam should contact their bank immediately, inform Scamwatch and seek help from cyber support charity IDCARE.

Home Alert

Fake Pokemon games

Someone other than you may be having fun at your expense

Hackers have launched a fake Pokémon game and are using it as a vessel to distribute a remote access tool (RAT) in order to gain control of Windows devices.

The fake game first appeared in 2022, following in the footsteps of a similar scam by the same operators which advertised a file for Adobe Visual Studio.

Their aim was to draw users in on both the popularity of Pokémon and the potential financial gain of NFTs, Pokemon-go[.]io allowed users to download what they believe is the game’s installer by clicking the “Play on PC” button.

Instead, those who open the proverbial Poké ball and try to download the game will unknowingly install the NetSupport RAT, allowing Cyber Criminals to take control of the victim’s device.

This poses an additional risk, with the scam enticing young children, who are less likely to be able to identify a non-legitimate website.

Whilst NetSupport RAT is a legitimate program designed for use by administrators, (allowing them to remotely access devices and fix issues), Cyber Criminals are well known to abuse the software to gain control of victims’ devices and lock them and steal data in return for a ransom, as well as for other intentions.

This week's Training module

MODULE 4

Cyber Threat Reporting (1/1)

Cyber Security Vigilance Program

Version 16-11-2022

Cyber Security Vigilance

homeapartmentcloud-downloadlinkcross