CyberGuru talks cyber safety at Seniors Safety Forum

CyberGuru talks cyber safety at Seniors Safety Forum

CyberGuru talks cyber safety at Seniors Safety Forum

Last Friday 17 August, Chris Jeffery, Chief Guru of CyberGuru presented to over 80 senior citizens of the Brisbane’s northside community on Cyber Safety, including both phone and internet scams at the Seniors Safety Forum.

The Seniors Safety Forum, the third of which Chris has presented, is an annual event held in the local area and hosted by Stirling Hinchliffe MP, Member for Sandgate and Councillor Jared Cassidy, Councillor for Deagon Ward, as part of Queensland Seniors Week.

In his session, Chris discussed a range of phone scams, including charity scams and the more recent NBN scams. He also addressed spamming and phishing, as well as tips for online shopping, passwords, internet security software, backups and more.

CyberGuru joined alongside other local organisations, including Council for the Ageing, Queensland Fire and Emergency Services, Queensland Ambulance Service, Queensland Police Service, All About Living Sandgate, Home Assist Secure Sandgate, iHear to discuss safety in the home and in the community in the joint forum.

Chris fielded a range of questions from the audience after the session and provided copies of The Little Black Book of Scams to all who visited his display.

We thank Stirling and Jared for having us. If you would like any information on cyber safety, or presenting at an event which you feel would benefit, please contact us.

If would like any information about Seniors Safety Forum or other upcoming events as part of Queensland Seniors Week, please visit the Queensland Seniors Week website.

CyberGuru presenting at the Seniors Safety Forum

CyberGuru presenting at the Seniors Safety Forum

CyberGuru presenting at the Seniors Safety Forum

Calling all seniors! Chris Jeffery of CyberGuru has been invited to speak at the Seniors Safety Forum at Sandgate on Friday 17 August at 1:00pm.

As this is the first year he will have access to a projector, Chris will be able to show examples of spam and phishing emails and demonstrate what to look for when determining if an email is legitimate.

The forum is hosted by Stirling Hinchliffe MP, Member for Sandgate and Cr Jared Cassidy, Councillor for Deagon Ward as part of National Seniors Week.

Seniors Safety Forum 2018 Flyer

For more information and to register please visit the Queensland Seniors Week website or call 07 3639 9100 (Stirling Hinchcliffe MP) or 07 3667 6011 (Cr Jared Cassidy).

Looking forward to seeing you there!

Be wary of fake Microsoft Office 365 emails

Be wary of fake Microsoft Office 365 emails

Be wary of fake Microsoft Office 365 emails

Over the past few weeks, we have seen an increasing number of fake Microsoft Office 365 emails being received by clients. These email messages, whilst appearing to be genuine, are malicious emails sent by unauthorised third-parties.

The third-party is attempting to gain access to your email account through the use of your account details (username and password) and possibly also infect your computer or network with malware. Should they gain access to your account, they will access your emails and send messages to your contacts in your address book requesting they make payment to a specified bank account.

If you receive an email requesting that you login to Office 365 to access an invoice sent from a customer or supplier, or Microsoft advising your mailbox storage is full, or that your password is about to expire, then we strongly suggest you do not provide any information or click on any links, simply delete the email.

An example of such an email is shown below:

Example of fake Microsoft Office 365 EmailIf you find you are unsure of the legitimacy of the email then please contact us and we can advise.

Online file sharing locations being used for phishing expeditions

Online file sharing locations being used for phishing expeditions

Online file sharing locations being used for phishing expeditions

When we have discussed phishing in previous articles, we mention they often come from financial or corporate organisations such as PayPal, Apple or Telstra. However, we have recently become aware of a number of new types of phishing scams, targeting those who use online file sharing, such as Google, OneDrive and Dropbox.

Phishing scams are emails which appear to be coming from a reputable source, but are in fact not from the originating organisation but someone else who is seeking your personal information for malicious purposes. They not new, but are become increasingly sophisticated due to the advent of online file hosting that can easily enable files to be stored and not scanned by usual methods.

The Google Drive or Google Docs phishing scam comes through via an email, appearing to be from a particular sender you may have received an email from in the past. The subject line is often titled “Financial Documents” or similar. It looks nearly identical with a document being sent from Google Drive, with subtle differences, it also contains a link to open the file, as well as some other information from Google, as can be seen in the screenshot below:

Google Drive Phishing email - example of phishing email
Example of Google Drive phishing email (thumbnail – click image to open larger version)

Google Drive Phishing email - example of legitimate email
Example of Google Drive legitimate email (thumbnail – click image to open larger version)

We became aware of several organisations who have been infected by this Google Drive or Google Docs phishing scam. For the purposes of this article, we contacted a number of these organisations to discuss this with those to understand it in more detail. We appreciate the time and honesty of these organisations to find out more (especially once their initial embarrassment passed!). It helped us to understand the issues and what to look for and educate our clients and Blog readers.

The process seems to be:

  1. A user clicks on the link in the email which takes you to Google Drive to log in and download the malicious file. From each of the circumstances that we identified, it appears they were taken advantage of after first downloading and then running a file which accessed their email address book and sends the email to them requesting they download the same file.
  2. Once the malicious file opens, it then accesses address book and sends a similar to email to your contacts, are suggesting they download a file. Further, due to a nature of this file, you may actually unaware of the issue until the emails were returned as undeliverable or from recipients asking why they received a file.

We have also heard of reports of another scam that contains a similar Google Account login page, whereby you ask are asking however it is actually instead takes you to another website and steals your account information.

Further research has identified the same similar Dropbox and OneDrive as well. We recommend that you follow the following tips to protect yourself:

  1. Make sure you always sign-in directly to the service (using Google.com, Dropbox.com or OneDrive.com, don’t use the links contained within the email unless you are sure they are the correct ones.
  2. If you aren’t expecting to receive an attachment, only download or accept files after confirming from the sender that they intended to send you such a file. Instead of replying to the email that is sent, call or text the sender to confirm that they were wanting to send you such a file.
  3. If you do receive an email that is suspicious or not expected, immediately delete the emails from your computer, carefully ensuring you don’t click on any links, you don’t want to share these!

Through our Support solution, CyberGuru can review your computers to ensure there is appropriate security in place, as well as our Training to help you and your staff become aware on how to identify phishing to protect you and your data. Please contact us today for further information.