The world has become more connected than ever before. With global mobile and broadband penetration at an all-time high across the world, and with the internet used in our daily lives for both work and play, cyberthreats are accordingly on the rise. Both businesses and consumers are vulnerable, with dangers ranging from social engineering attacks to scams.
Australian consumers need to be aware that the internet has become more dangerous than ever before. There are over a million phishing websites with over a billion malware programs. Attacks have become so sophisticated that even tech proficient users can fall victim to them since the attacks are also always evolving.
For Australian businesses, delivering digital services and products over the internet and having to transact with sensitive financial information, protecting websites and applications is paramount. Malicious bots are constantly targeting customer accounts, along with non-stop social engineering attacks and a rise in AI-driven scams. We’ve also seen how possible it is for AI-powered malware and ransomware to be deployed, supported by malicious Generative AIs like FraudGPT and WormGPT.
According to the Australian Competition and Consumer Commission (ACCC) Targeting Scams Report, Australians lost a record $3.1 billion to scams in 2022, which was an 80 per cent increase on total losses recorded in 2021. There was also an explosion of reported losses to phishing scams in 2022 which skyrocketed by 469 per cent to $24.6 million in 2022.
Three areas for cyber vigilance
When it comes to spotting internet scams, there are three areas where Australian businesses and consumers need to be vigilant:
1. Unsolicited messages that either come from a stranger out of the blue, or from someone you know, such as a friend or colleague. It’s important to stop and think about the intention and why they might suddenly need personal or confidential information, or money. Messages often play on emotions and sympathy, for example claiming an urgent disaster or medical emergency, to get the recipient to transfer funds to the requestor.
2. Requests to download apps on a mobile device or computer, to “facilitate a transaction” or a business agreement. This could be malware that enables remote control of the computer and keylogging, so that attackers are able to harvest log-in details the next time someone uses online banking, and drain their bank accounts. Criminals can even bypass multi-factor authentication and One-Time Passwords
if devices are compromised.
3. Brand communications whether by email or SMS or phone should be verified before you act on them. Use the contact information from the organisation’s main website as they should have channels for you to cross check. Many businesses have adopted a Zero Trust approach in defending against cyber threats, and consumers can also do likewise better protect against scams. For example, we should never blindly trust anything or anyone in the digital world, always be guarded against random requests and lastly always check and verify the request as well as its requestor.
How Australian consumers can stay protected
The most important action to protect personal data is to turn on multi-factor authentication (MFA) if it’s available. Most service providers are already providing MFA options as part of their account security settings, including on social media apps such as Facebook, LinkedIn and TikTok.
Always check the data privacy settings on your accounts in terms of who can see that information, particularly on social media sites.
It is also recommended not to reuse passwords across multiple websites, as attacks such as credential stuffing are becoming very common. This is where hackers use stolen account credentials to conduct large-scale automated login attempts on multiple different websites.
Make sure you stay informed about the latest and common scams from your local law enforcement agencies. In Australia there’s Cyber.gov.au as well asScamwatch. Many banks also have dedicated pages with the latest alerts and advice as these do update frequently.
Lastly, consumers need to be vigilant and monitor suspicious logins as well as financial transactions on their credit cards. These might indicate their account has already been compromised. While Banks use increasingly sophisticated algorithms to block suspicious transactions and may alert customers for extra verification, there will be chances where fraud can still happen.
Steps Australian businesses can take to improve data protection
First of all, businesses need to implement a very rigorous Vulnerability Management Programme, to ensure that any internet-facing and public-facing systems, applications and APIs are free of vulnerabilities. An essential part of this is to ensure that their systems are always up to date with the latest patches and hotfixes.
Secondly, organisations must implement a strong data protection strategy as the organisation will be storing customers’ personal and financial information when customers transact with the business. There is a legal and ethical duty to safeguard this from unintended or unauthorised data exposure, and to ensure that the privacy of customer data is kept intact.
Thirdly, businesses need to continuously ensure that not only their own employees but also their customers are continuously made aware of the latest threats and scam techniques, and how to identify and mitigate them. More importantly, businesses should provide a channel for consumers to verify authenticity as well as to report scams. There are also many instances where customers would like to report being victimised by a scam but don’t know how to best contact the business.
Start cyber safety education early
For parents and guardians, there is a responsibility to educate children in safe internet use. Simply putting on parental locks isn’t enough. Children need to know how to protect themselves and to distrust any requests or gifts from strangers in online games and chats.
Parents should also be aware that cyber criminals may impersonate as their child’s friends on social media and in games. Many children use multiplayer games where threats and predators lurk, and it’s vital that parents educate them, as well as having cyber safety programs in schools.
Living in an increasingly digital and connected world, the collective effort of individuals, businesses and educational institutions in promoting online safety is more important than ever. By understanding the threats, implementing robust security measures and fostering an environment of awareness and education, we can help to ensure that our online experiences will be more enriching and safer.
By Reuben Koh, Director, Security Technology & Strategy APJ, Akamai
This article was first published by Enterprise IT World