Security Advisory

Please see the guidance provided by the Australian Cyber Security Center to avoid cases of Malware and Phishing.

Malware

Malware is the term used to refer to any type of code or program that is used for a malicious purpose. 

Malware is distributed in several ways:

• By spam email or messages (either as a link or an attachment)

• By malicious websites that attempt to install the malware when you visit, by exploiting weaknesses in your software

• By masquerading as a good application you download and install yourself. Some malware even pretends to be anti-virus or security products.

The following signs may indicate there is malware on your computer:

• your web browser starts on a different homepage than normal

• your files are inaccessible

• random error messages appear, or

• new programs, toolbars and icons have been installed.


To check if your computer is infected by malware, run a full scan using your anti-virus software and follow the instructions to remove it. 

Read the UK NCSC guide on mitigating malware

More information: https://www.cyber.gov.au/acsc/view-all-content/threats/malware

Phishing

Phishing is a term for deceptive messages which often pretend to be from a large organisation you trust to make the scam more believable. They can be sent via email, SMS, instant messaging or social media platforms. They often contain a link to a fake website where you are encouraged to enter confidential details.

The best way to protect yourself from phishing attempts is to stay abreast of current threats, be cautious online and take steps to block malicious or unwanted messages from reaching you in the first place.

Take the following steps to protect yourself from phishing attempts:

• Don’t click on links in emails or messages, or open attachments, from people or organisations you don’t know.

• Be especially cautious if messages are very enticing or appealing (they seem too good to be true) or threaten you to make you take a suggested action.

• Before you click a link (in an email or on social media, instant messages, other web pages, or other means), hover over that link to see the actual web address it will take you to (usually shown at the bottom of the browser window). If you do not recognise or trust the address, try searching for relevant key terms in a web browser. This way you can find the article, video or web page without directly clicking on the suspicious link.

• If you're not sure, talk through the suspicious message with a friend or family member, or check its legitimacy by contacting the relevant business or organisation (using contact details sourced from the official company website).

• Use a spam filter to block deceptive messages from even reaching you.

• Understand that your financial institution and other large organisations (such as Amazon, Apple, Facebook, Google, PayPal and others) would never send you a link and ask you to enter your personal or financial details.

• Use safe behaviour online. Learn how to use email safely and browse the web safely.

• Stay informed on the latest threats – sign up for the ACSC Alert Service. You can also find information about the latest scams on the Australian Government’s Scamwatch website.

What to do if you think you have been Phished.

If you think you’ve entered your credit card or account details to a phishing site, contact your financial institution immediately.

Report scams to the ACCC via the Scamwatch report a scam page. Your report helps to warn people about current scams, monitor trends and disrupt scams where possible. Please include details of the scam contact you received, for example, the email or screenshot.

You can also contact IDCare on 1800 595 160 or via www.idcare.org for support if you believe your personal information has been put at risk.

You should also lodge a report with the Australian Cyber Security Centre's ReportCyber.

Find more information on where to get help if you think you have fallen victim to a scam on the Scamwatch website.