With 88% of Australian employees (https://www.cmo.com.au/article/672072/report-most-australian-employees-work-from-home/) now working from home while we #flattenthecurve, (https://www.flattenthecurve.com/) all employers are hurriedly trying to adapt to the change in circumstances. Unfortunately, this also means criminal elements are ramping up their own efforts and preying on the already scared and vulnerable.
Many of these emails are simply phishing exercises preying on the either the misinformed or, particularly in the current circumstances, people who have hurriedly set up remote working solutions and are unsure if their current cyber security solutions match their working from home environment.
We recently wrote a blog on avoiding Whale Phishing. (https://www.allmanagedit.com.au/blog/whale-phishing-australia/) For those that missed it Whale Phishing is elaborate attempts to defraud companies. However, several of our clients have since reported receiving emails with subject lines such as “Your Site Has Been Hacked” or “Warning, your company will be shut down”. Whilst many of these emails are a considered phishing, as they add the element of extortion, people tend to feel an additional level of stress.
The emails usually continue a quite formal and usually a well written manner and have headings such as:
PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS!
We have hacked your website XXXXXXX and extracted your databases.
How did this happen?
What does this mean?
How do I stop this?
Please send the bitcoin to the following Bitcoin address (Copy and paste as it is case sensitive):
How do I get Bitcoins?
What if I don’t pay?
This is not a hoax, do not reply to this email, don’t try to reason or negotiate, we will not read any replies. Once you have paid, we will stop what we were doing and you will never hear from us again!
Please note that Bitcoin is anonymous and no one will find out that you have complied.
If you or one of your employees does receive an email like this here are our recommendations:
1. Most importantly - DO NOT REPLY... EVER…
2. Report it (https://www.cyber.gov.au/report) immediately to the Australian Cyber Security Centre.(https://www.cyber.gov.au/) The reporting process is very straight forward and takes about 10 minutes.
3. For peace of mind, check if you’ve been pwned on this site here (https://haveibeenpwned.com/).
Making sure that your remote working solution is protected is the next step.
At All Managed IT (https://www.allmanagedit.com.au/) we deploy a range of Counter Phishing, anti-virus and anti-hacking strategies to protect our clients. For peace of mind and to protect your business, please contact us on 1300 720 790.