According to Scamwatch, Australian cyber-crime and scams cost us $56 million last year – and despite our best efforts, cyber criminals are getting more sophisticated each and every day.
With a bit of training and knowhow, we can stand up to cyber criminals by protecting ourselves online. This may be achieved through strengthening our passwords, using anti-virus and anti-malware software, using in-built computer or smartphone security, and some other simple tips, as we’ll share below. But what is cybercrime, and how can we all protect ourselves against it?
What is cybercrime?
According to the Australian Federal Police, cybercrime are crimes directed at computers or information communication technology such as hacking systems or denial of service attacks, or crimes where computers or ICTs are integral to the offence, such as sending out malicious or scam emails to gain personal information so criminals can steal your identity.
If it involves breaching a computer or using a computer or digital system (e.g., a smartphone) to commit the crime, this can be considered a cybercrime.
How to protect against Australian cybercrime
In the wake of the September 2022 Optus security breach, where millions of Australians personal information was stolen and potentially sold to scammers and other cyber-criminals, protecting yourself against cybercrime and scams is as important as ever.
With documents such as drivers’ licences and passports among the information stolen, this could potentially expose those effected to high risk of identity theft.
Ten ways to protect your family against cybercrime – Australia
Here are ten ways to mitigate cybercrime risk by increasing your own personal cybersecurity.
- Nothing left unlocked
Though it may be a pain, if your device or application uses passwords to authenticate usage, you need to set them up immediately. It only takes seconds for a hacker or nefarious actor to access your phone or PC without looking if you don’t have a password or other authentication method installed.
- Use a password manager
Every single application, website, and device you use should have its own password that changes regularly (every three months or so.) These should be strong (combinations of letters, numbers, symbols, and other characters) so they are not easily cracked by hackers using sophisticated cracking rigs. A password manager such as LastPass, DashLane, or KeePass can help you keep track of passwords across your devices, remind you to update passwords, and keep your master list of passwords encrypted so there’s an added layer of protection if your files fall into the wrong hands.
- Use two-factor authentication
Two factor authentication (2FA) this is another layer of protection to prevent “man in the middle” attacks – you not only need a password to get into a site or application, but you’ll also need a special One-Time Password (OTP) generated by an Authenticator app (Google Authenticator or Microsoft Authenticator) or sent to you via SMS or email. These 2FA OTPs (yes, lots of acronyms in cybersecurity!) are time limited – and most good sites or apps will alert you to breach attempts by sending you an OTP when you haven’t requested one.
- Automatically update your software
Out of date anti-virus software is about as useful as a flywire door on a submarine. You need to keep all your software up to date – not because you’re missing out on new functionality, but because developers patch up exploits and vulnerabilities – or update definitions of malware and viruses so they can catch new variants that may be circulating in the “wild.” Set your software to automatically update so you aren’t caught out. Don’t have AV software installed on your devices already? Buy some.
Also check with your smartphone manufacturer if they are still supporting your handset with regular security patches. If not, it may be time to upgrade.
- Monitor your accounts
Having alerts for transactions or unusual activity can help you see if criminal third parties have access to your accounts – real-time transaction alerts on your phone can show you if people are using your credit cards, online payment systems, or bank account or not, and give you extra piece of mind when you’re out shopping so you know where your money is going. You should also request paper copies of bills and transaction reports from time to time to ensure you aren’t caught out.
- Know how scams work
There are many resources out there alerting you and others to the latest scams – scam operations are not some random dodgy guys trying their luck – they are sophisticated organised criminal businesses using cutting-edge technology. Payment redirection scams cost Australian business $227 million in the last year alone – a 77% increase over 2020. Subscribing to ScamWatch or other fraud protection sites that track these scams means you’ll be wise to new scams as they arise.
- Hone your BS detector
If you think it’s a scam, it probably is. Some scams are so authentic looking it can even confuse industry veterans. “Spear phishing” which uses social engineering using public (or stolen) information to glean more information from you can look very convincing. If you’re unsure, ask a trusted friend or colleague or report the email or SMS (or communication) to ScamWatch. YouTube videos produced by dedicated “scambaiters” are also a fun and informative way to keep on top of how scams work (Kitboga and Jim Browning are highly recommended.)
- Sign up to identity protection or breach lists
Identity protection services can help monitor if your personal information has been breached or stolen. The “Have I Been Pwned” service is free and alerts you to mentions of your email address in lists of compromised passwords or other breached personal information. Credit reporting bureaux such as Equifax or Experian also offer paid services that alert you if your credit score or history has changed so you can nip any potential identity theft in the bud before it gets too far. Remember: you can access your credit history for free every three months.
- Watch for warning signs
If you are receiving unauthorised 2FA attempts or emails asking, “is this you trying to login?” – update your passwords immediately. Do not click links in out-of-the-blue “change your password” emails, even if they look legitimate. Sudden loss of cellular network service in a usually high-service area is also a warning sign your identity is being stolen. Always check with your provider if you suspect something isn’t right – it’s better to be safe than sorry.
- Freeze your credit report
Did you know you can request a ban on others accessing your credit report for at least 21 days? This stops criminals from applying for or checking your credit while the freeze is active. Lenders or banks will also need your express written permission to access your report – otherwise they cannot approve the application. This may be essential if you have strong suspicion your identity has been stolen – or you have evidence your identity has been used in criminal activities already.
Community efforts to protect against cyber-crime Australia
Savvy CEO Bill Tsouvalas says the community can help protect against Australian cyber-crime, especially assisting vulnerable people such as seniors and new migrants who may struggle with English. “Some people who get legitimate-looking texts or emails from their bank saying their account is under threat will click without a second thought, especially if they’re not computer literate or have trouble with English.
“It’s up to those of us with IT skills to bring culturally and linguistically diverse communities together to inform one another of new scams, even if they seem obvious to you and others such as myself who interact with financial technology every day. Greater awareness of scams and cyber fraud is as effective as anti-malware and strong passwords. It all begins with us.”
