I understand it can sometimes be frustrating explaining the basics to someone like why password reuse is a bad, bad, not very good, terrible idea. I think it helps to keep in mind though how we'd feel if our mechanic, hair dresser, barista, doctor or dentist made fun of us for not knowing the fundamentals of their field instead of delighting in the opportunity to educate us. It's easy to lose sight of what people are up against when we're surrounded by our infosec echo chambers.

Everyday people are caught in the exact trap that teams of experts over decades have specially designed for them to sell them the feeling of safety while monetising their lack of technical understanding. It's important we help those who are willing to understand, and if we have to, find a way to manage the risk of those who are wilfully negligent.

#cybersecurity #awareness #securethenation #australia #risk

Seeing an uptick in the last 2 weeks of those nasty graphic sextortion emails doing the rounds again for corporates. Thier MO is to spoof the mail headers and make it look like you've sent an email to yourself, giving off the impression your account has been hacked. If you open the email it'll be a wall of text where the cyber criminal claims all sorts of vulgar garbage about how they've infected your computer with malware, they've got recordings of you doing embarrassing things and if you don't pay X bitcoin they're going to send the videos to everyone you know. This is a well known scam.

The part that's scaring people is the email does look like it's been sent from your email account. Hovering over the email doesn't reveal an alternate address, it looks legit. It's not until you check the email headers that you can clearly see it's forged. This content can be very confronting and distressing and that's exactly the point. The juxtaposition between the professional environment and receiving an email like this at work is meant to send you into a tail spin of shame and embarrassment so you don't think clearly and make mistakes.

It's OK, if you've recieved this email many people have received this just like you, it's not your fault, you've done nothing wrong. These people are gross and trying to scam as many people as possible and you've just happened to be one of them. It's highly unlikely they have access to your account. Always reach out to your IT or a close tech savvy friend or family member to talk about if it you're unsure of what to do in your circumstances. Otherwise block, delete move on.

#Australia #scam #email #cybersecurity #securethenation

Seeing a notable increase of the "Hi Mum" SMS scam being sent out in the lead up to the holidays in AU. If your family is in AU, please remind them of the common scams going around these holidays, it'd be a terrible time to fall victim to one of these.

The "Hi Mum" scam is a "family impersonation” scam. It's not particularly new but scammers will use what works. I've had 3 reports of this scam being successful this past week among quite a few recipients in my circles.

The victim receives an #unsolicited text or social media message claiming to be their child and letting the parent know they've lost their phone, that this is the best way to contact them and to delete their old number. They'll often establish rapport and then ask for money with a premise like they can't access their funds because of their lost phone or they need help with a bill.

Remember to talk to your family about these scams, it's easy to forget to let them know when you spend all day warning others about it for your job.

More info on AU scams can be found here:
https://www.scamwatch.gov.au/
#scam #holidays #impersonation #securethenation