Cybercriminals are once again working hard to take advantage of the COVID-19 situation through new phishing campaigns. Most recently, a wide range of political and private-sector organisations in Australia have come under cyber-attack by a “sophisticated state-based cyber actor”. This phishing tactic is called spear phishing.
What is spear phishing?
Spear phishing is a personalised and more targeted form of phishing, carefully designed to pursue businesses or individuals to obtain confidential information for fraudulent purposes. These emails are carefully designed and tailored to each recipient, so when it appears in the user’s inbox, it seems to be from a legitimate and trustworthy source. Some attackers will go as far as researching individuals they are targeting, so the email communication looks genuine at first glance. Traditional security often does not stop these attacks because they are so cleverly personalised. As a result, they are becoming more difficult to detect.
What you need to look out for?
- Emails with links to files or attachments
- Slight spelling errors. For example, the letter “o” might be replaced with the number “0”
- A sense of urgency in the email to change passwords or update personal information
- Uncommon words and terminology not usually used by the supposed sender.
What you can do to protect yourself against spear phishing
- Check the sender email address first and foremost. Do not simply trust the displayed names and carefully look at the email address it is sent from
- Do not click links/attachments from people you do not know and if you are unsure, contact the person directly to see if it is a legitimate email
- Use caution, particularly if an email ever asks for personal information
- Update your software. Updates usually include the latest patches for viruses and other malware
- Educate yourself and others into cybersecurity awareness.
Living in the digital age and moving into the future, it is important that we know the risks that come with advances in digital technology. Our staff receive constant training and updates on the most recent cyber-attacks to protect our organisation from being penetrated by malicious malware. We have also introduced additional authentication measures to further protect us from being a target of these attacks.
The protection of our Members and their personal information is always our first priority. If you think you may have entered your credit card, account details or any personal information into a phishing site, please contact us immediately on 1300 36 2000.