Ask CyberGuru: Have I been hacked?

Ask CyberGuru: Have I been hacked?

Ask CyberGuru

In this month’s Ask CyberGuru, we are asked: “I received an email advising that my email account has been hacked and a RAT installed on my computer. Further, it says I have been filmed using my webcam and personal information has been downloaded and will be shared on my social networks if I don’t pay the ransom in crypto-currency. Is this true?”.

There has been a series of emails doing the rounds recently advising that “RAT” (remote access technology) software has been installed onto your computer, threats of a personal nature are made and advised that this software will be made available to your social media if you don’t pay via crypto currency. Along with this, in some cases, the information include may include a password that you may have used.

This type of scam is the current flavour of the month and we have heard of several forms of this scam. One of the reasons these emails have particularly spooked clients is that the emails often contain threats of character assassination such as releasing “video” of the recipient watching adult content to their friends and family on social media, irrespective of whether they have done so or not.

Whilst this email seems threatening and intimidating, generally this email is an attempt to blackmail the recipient into paying money to the scammer. Oftentimes, the password may have been made public through a previously compromised website, and these passwords are often what makes this email more concerning.

If you suspect you may have been compromised in any way, protect yourself by:

  1. Changing all passwords on accounts with the password if displayed or not. Please check the “Have I been Pwned?” website (link opens in new window) to identify if your email account has been listed as being compromised in a data breach. If so, make sure you change any passwords immediately. As the email address and password is known, leaving these changes may cause issues in the future.
  2. Performing a full antivirus scan of your computer using a reputable internet security program. Further, please ensure you use secure (HTTPS) websites only to ensure your information is encrypted and remains safe. Always use internet security software on your computers and devices when online.
  3. Deleting the email and do not respond in any way to the hacker, and most certainly do not pay the ransom. Be wary of emails requesting you click to open a website or to access an important file. Do not take any action on the email.

If you are concerned you may have been or are compromised in any way, please contact CyberGuru for further advice. If you believe you have been the victim of identity theft or any information has been leaked, we strongly recommend that you seek immediate assistance.

CyberGuru talks cyber safety at Seniors Safety Forum

CyberGuru talks cyber safety at Seniors Safety Forum

CyberGuru talks cyber safety at Seniors Safety Forum

Last Friday 17 August, Chris Jeffery, Chief Guru of CyberGuru presented to over 80 senior citizens of the Brisbane’s northside community on Cyber Safety, including both phone and internet scams at the Seniors Safety Forum.

The Seniors Safety Forum, the third of which Chris has presented, is an annual event held in the local area and hosted by Stirling Hinchliffe MP, Member for Sandgate and Councillor Jared Cassidy, Councillor for Deagon Ward, as part of Queensland Seniors Week.

In his session, Chris discussed a range of phone scams, including charity scams and the more recent NBN scams. He also addressed spamming and phishing, as well as tips for online shopping, passwords, internet security software, backups and more.

CyberGuru joined alongside other local organisations, including Council for the Ageing, Queensland Fire and Emergency Services, Queensland Ambulance Service, Queensland Police Service, All About Living Sandgate, Home Assist Secure Sandgate, iHear to discuss safety in the home and in the community in the joint forum.

Chris fielded a range of questions from the audience after the session and provided copies of The Little Black Book of Scams to all who visited his display.

We thank Stirling and Jared for having us. If you would like any information on cyber safety, or presenting at an event which you feel would benefit, please contact us.

If would like any information about Seniors Safety Forum or other upcoming events as part of Queensland Seniors Week, please visit the Queensland Seniors Week website.

CyberGuru presenting at the Seniors Safety Forum

CyberGuru presenting at the Seniors Safety Forum

CyberGuru presenting at the Seniors Safety Forum

Calling all seniors! Chris Jeffery of CyberGuru has been invited to speak at the Seniors Safety Forum at Sandgate on Friday 17 August at 1:00pm.

As this is the first year he will have access to a projector, Chris will be able to show examples of spam and phishing emails and demonstrate what to look for when determining if an email is legitimate.

The forum is hosted by Stirling Hinchliffe MP, Member for Sandgate and Cr Jared Cassidy, Councillor for Deagon Ward as part of National Seniors Week.

Seniors Safety Forum 2018 Flyer

For more information and to register please visit the Queensland Seniors Week website or call 07 3639 9100 (Stirling Hinchcliffe MP) or 07 3667 6011 (Cr Jared Cassidy).

Looking forward to seeing you there!

Who’s reading your email?

Who’s reading your email?

Google Gmail

Recently in the news there has been concern over whether Google is doing enough to keep your email secure. Concern has arisen over the access third-party developers and apps have to your Google account. There are many apps which link to your Google account. During the installation process you set the level of access you’re prepared to give the app. If during the installation of any of these apps you’ve been asked for access to your email, and you’ve agreed to this your email may have been read.

So what does it mean to read an email? In giving an app access to your email it is highly unlikely that people envisage another human physically reading through the contents of their emails and viewing their private email conversations. But this is exactly what you are agreeing to. This is not to say all apps will do so, but they have permission to and may do so at some point. The people with permission to read your email are not Google employees, but third parties such as developers entrusted by Google (and yourself).

Google claims to vet developers and their apps via a stringent, multi-step process. But as Facebook can attest to, once a third party has access to your data it’s difficult to control how they use it. This is not the first time concerns have been raised over Google’s commitment to privacy, with the discovery last year that the Google Home Mini was inadvertently spying on users due to a hardware flaw.

As a safety precaution we advise against giving third-party apps permission to read your email. If you’re concerned you may have given a third-party app access to read your email, you can check using Google Security Checkup (link opens in new window) and make adjustments if necessary.

If CyberGuru can assist in any way, please let us know.

Are you ready for the upcoming SSL/HTTPS changes?

Are you ready for the upcoming SSL/HTTPS changes?

Are you ready for the upcoming SSL/HTTPS changes?

It’s been confirmed, Google has announced that in July 2018 they will begin to identify all websites that do not have SSL certificates as “not secure”. Have you checked whether your website is displaying as secure?

You can check whether your website by seeing if your website if your website address bar contains HTTPS. As per Google’s Blog posts, “A secure web is here to stay” and “Evolving Chrome’s security indicators”, Google Chrome will be identifying websites without HTTPS in their website address as “not secure” in version 68 due out in the next month. It is expected that the other browsers, Mozilla Firefox and Microsoft Edge, will also follow suit in due course.

With only a few weeks until these changes occur, we strongly suggest you ensure that your website has an SSL certificate so it will continue to be displayed as secure. If your website address doesn’t contain HTTPS then your website server will require the installation of an SSL certificate and changes will need to be made to the website itself.

CyberGuru’s newer website hosting plans can take advantage of an AutoSSL certificate at no cost, however we will need to make some changes to the internal workings of your website for it be compliant. This includes enabling the SSL certificate, updating your website’s internal links to ensure they go to the HTTPS version of the website and testing to making sure your website works as it is intended to.

We are providing a service for both CyberGuru clients and non-CyberGuru clients to perform the required changes on your behalf. In order to do this, we will require access to your website’s cPanel account as well as WordPress account. We will be aiming to complete all SSL/HTTPS website changes before July, however we will be working on a “first come, first served” basis depending on popularity of this service.

Please contact us for a quote on how we can make your website SSL/HTTPS compliant.