In the last 6 months, there has been a huge increase in the amount of things Victorians are doing online. Social gatherings, work meetings, paying bills and sharing things with family and friends are all things we've had to learn how to do through our devices and computers. So this month, we reached out to Martin Buzzell, a Crime Prevention Officer from Victoria Police to talk all things online security and to get the low down on how people can make sure they are being cyber safe. Here's what Martin had to say:
What are some of the common scams/cyber attacks that have been reported to Victoria Police in the last few months that people should be aware of?
That you owe money to the ATO. Pay up or get arrested. Also, a lot of scams are around dating and romance. The sad thing is they’re fooling a lot of people. This is the site I always visit and read https://www.scamwatch.gov.au/ Note, how there’s an “s” in the HTTP. That means there is end to end encryption between you and the site. Don’t enter passwords or account numbers in any site that doesn’t use the https protocol.
Are there any red flags to look out for when receiving emails or text messages that might seem illegitimate?
Always, always look at the actual address you’re about to click. It should always start with the name of the company, i.e. www.apple.com, not www.go.apple.com. See the difference? When you receive bogus emails, they’re called Phishing emails as they trying to get you to surrender your log in details, credit card numbers or bank details. No company will never ask you for personal details via an email. If in doubt, go to the company directly by typing it into the address bar or contact them with a fresh email or phone call.
We’ve heard that scammers are using better password-guessing technology now, can you share any tips to creating stronger passwords or logins?
Always use at least one symbol in your password. There are only 10 numbers and 26 letters, but there’s hundreds of symbols. Yes, the more common ones are accessed using the shift key, but it makes cracking the password that much harder.
What should people do if they receive an email from a seemingly trustworthy source requesting money or personal/financial information?
As mentioned above, no company will never ask you for personal details via an email. Always contact that company directly by typing it into the address bar or contact them with a fresh email or phone call.
People are sharing more and more online through social media and email at the moment, is there anything to be cautious of when doing this?
I could write an essay on this 😊 Turn off location services on your phone. Turn off location date when taking photos. This is called embedded metadata. Every time you take a photo it stores a lot of information. How the photo was taken, shutter speed, etc, but more importantly, WHERE the photo was taken. When you post these photos on social media, it doesn’t strip out the metadata and it is easily read. So, when you’re taking photos of the kids in the back yard, they know where you live.
Try and watch the Netflix documentary, “The Social Dilemma” it explains a lot of what I could rabble on about. Social media is becoming a very dangerous place for the unsuspecting. Remember Google own Facebook, YouTube and Instagram. Also, if you have a Google account, you log in with the browser and every time you search something, they know it’s you and remember that.
What information can people ask for to determine whether or not an incoming call from their bank or Centrelink, for example, is legitimate?
Firstly, when answering a phone call, don’t ever give your name. if you do, they’ve then already married the number to the name. If they are at all suspicious, ask for a name and number they can be contacted on. Don’t ring it, but call the company directly and verify the details.
What should someone do if they suspect they have been hacked or if they feel they may have given out information to the wrong person?
They need to ask "what information have I given?" then change that information. If it’s banking details, change the password straightaway. People are never hacked in Facebook, but they let them in when they visit certain sites that they click on within Facebook. What does it always ask? “Login with your Facebook details.” Once you do, you’ve let them in.
Are phone and text scams becoming more and more common these days, or is cybercrime usually through email?
It’s a bit of both, they’ll try from all angles to try and get your money. Windows10 comes with virus protection, but not spam protection. I run Malwarebytes on my Windows 10 machine and “Clean my Mac” on my Macbook.
Lastly, never ever ever use free WiFi! If you have to, use what's called a VPN (Virtual Private Network) connection.