A new era of cyber-criminals

There’s been heightened focus on the cybersecurity landscape this year due to COVID-19 and the sudden impact it’s had on our daily lives. With more of us working remotely and increasing our reliance on email, this has provided an open playground for cyber-criminals to manipulate.

Security experts, such as Laura Hartley, Head of Public/Private Partnerships, Enterprise Security, NAB, and Ryan Janosevic, COO and Co-founder, RetrospectLabs, are at the forefront of industry discussion, as they work to enable organisations to protect against potential risks.

At the top of their fields, Ryan and Laura give us a glimpse into the profile of a cybercriminal and insights into the most common cyber threats to businesses and individuals today.

Mirroring Ryan’s sentiment, Laura describes the recruitment process for cyber-criminals, also known as hackers, cyber actors or fraudsters. “Cyber-crime organisations actively target students as they are leaving university – graphic designers, computer programmers, you name it – offering them graduate programs and the opportunity to join their lucrative businesses”.

Just as the skillsets of the people within cyber-crime are diversifying, so too are their motives.

"It’s important to understand that your data is valuable and is of interest to a broad range of cyber actors, no matter who you are, no matter what your business does. Cyber criminals don’t have a great set of morals, so they’ll leverage anything, even a global pandemic, to get what they want. That’s why it’s vital to understand these types of threats and practise good cyber-hygiene ,” said Ryan. Cyber-crime does not discriminate and is a reality of being online in 2020. Email based scams remain the primary threat targeting businesses today and are becoming more and more comprehensive. In August 2020, the ACCC announced that the number of reported phishing scams is up by 44 per cent compared with the same time last year.

“A common email scam we see happen to customers is invoice fraud – a process that involves a cyber-criminal calling your company impersonating a supplier to say their payment details have changed, and providing alternative details for a bank account they control”, shared Laura. “Businesses may action the request to update payment details, not realising that they are not communicating with the real supplier. In some cases, weeks or months of legitimate invoices may be paid into the account controlled by the criminal before the recipient realises something is amiss. It’s important to remember that this can happen to any business, any person. To safeguard from this type of fraud is a simple process fix. If you don’t already, always verbally confirm change of account details before actioning the request”, said Laura.

1. Email you from unofficial addresses;

2. Send you an email advising you to click a link to log in to the platform;

3. Request files or information from you via a third-party service;

4. Ask for your MFA code; or 5. Call you from unverified phone numbers

Visit our dedicated security page on the Community to read more.

The good news is that there’s many simple things you can do to protect your business from cyber crime and fraud. Visit the Australian Cyber Security Centre’s (ACSC’s) website, ask a question on PEXA’s dedicated Security page or visit the NAB Security Hub. If you’d like to hear more from Laura and Ryan, they recently accompanied PEXA’s GM, IT Security, David Willett, in a webinar to discuss cyber-security and answer attendee questions. Click here to watch.