Protect your business from fraud

Protect your business from fraud

Caltex / Friday, August 4, 2017

With yet another devastating cyber attack making headlines recently, managing security is top-of-mind for many business owners – and it’s not just about computer security.

With the Australian Cyber Security Centre reporting that there were 14,804 cyber security incidents affecting Australian businesses between July 2015 and June 2016, the security of all business services and the protection of sensitive information should be paramount for all SME owners in order to reduce the risk of cyber crime and fraudulent activities.

Here we talk to a cyber security and privacy expert about the importance of business security and ways you can keep all your sensitive information secure.

Michael McKinnon, an expert at leading Australian cyber security consulting practice Sense of Security, says while controlling access to business information is key, there’s also the need to classify that data.

“Businesses need to identify and understand what critical information they’re holding – they need to think laterally about how and why that data might appeal to an attacker – and take appropriate measures to treat all data according to the risk that holding it represents,” he says.

“And protecting confidential information doesn’t just mean keeping it private; there’s also the need in business to ensure the data cannot be tampered with by unauthorised parties.

“In terms of practical steps that businesses need to address, managing staff credentials is important as well as having password policies in place that govern how complex passwords need to be and how often they may need to be changed.”

He says awareness is central to avoiding the risk of fraud.

“Businesses need to be aware of any financial processes where obvious fraud can occur such as supplier payment systems, expense claims, payroll, discount vouchers, coupons and refund payments,” he says.

“More complex and less obvious examples can involve modifying stock levels in a database, or writing inventory off as damaged, but then selling it to second-hand buyers.

“Any assets that the business is in possession of that isn’t part of an asset register but that could be cashed-in quickly are at risk.”

Restricting access can reduce risk

Ensuring that only relevant staff members are approved to access company credit cards and accounts, fuels cards for the refuelling of fleet vehicles and internal databases, can reduce the risk of fraudulent activities.

Some fuel cards offer extra security in additional features that can track fuel usage and have a vehicle-specific PIN. They can also offer dedicated customer service for stolen cards.

Find out how Caltex StarCard can help protect your business from fraud.

McKinnon says keeping antivirus software up to date on office and employee computers, laptops and mobile devices should be part of a broader strategy.

“Using antivirus software can be helpful at detecting malicious software and apps, but it forms only one part of what should be a much larger strategy for protection,” he says.

“Keeping all office and employee computers and mobile devices up to date with the latest security updates, and running the latest operating system versions that have been patched against known vulnerabilities is critical.

“In the recent WannaCry ransomware outbreak, for example, the devices mostly affected were Windows 7 computers that had not been updated in the preceding two months. ‘Patch management’ – the process that businesses should be employing to manage how they’re updating their computers – should be treated as a default requirement of every IT department.”

Keep it safe

The Federal Government’s Stay Smart Online initiative offers the following checklist to assist in business security and fraud prevention.

* Create cryptic passwords to ensure the online safety of your business.

* Regularly back up all your business information including accounting files, invoicing and quoting systems, letters and emails, information and resources, and even your website files.

* Stay vigilant and up to date with news on the latest scams and threats.

* Know who has access to your business information and make sure employees have their own logins and passwords. By limiting access on a need-to-know basis, you reduce the risk of an ‘insider’ accidentally or maliciously releasing confidential information.

* Ensure you have anti-virus software that is automatically updated, and don’t trust wi-fi networks you don’t control.

* When it comes to mobile phones, keep them locked when not in use in case of loss or theft. Also try to limit the business information stored on them, including email.

Original article found HERE at SmartCompany.com.au

Posted in Uncategorized | Leave a comment

Queensland Police shut down three more “fake trader” barbecue websites

Queensland Police shut down three more “fake trader” barbecue websites: How to keep customers’ trust amid scam concerns

Emma Koehn / Wednesday, September 13, 2017

Queensland’s financial and cyber crimes group has shut down three more “fake trader” websites advertising barbecues and fitness equipment, three months after two Latvian nationals were arrested for their alleged roles in setting up a range of similar sites.

Australians continue to be caught out by websites advertising sales on large outdoor items like barbecues and complaints have been made to the Australian Cybercrime Online Reporting Network (ACORN) from shoppers who had been scammed sites promising the delivery of goods, according to Fairfax.

On Tuesday Queensland Police confirmed it had shut down three shopping websites it has identified as fake: www.barbecuecity.com.au, www.gardenoutdoorsales.com.au, and www.topmarineoutboard.com.au.

Investigations into the area of fake trader sites continue after two Latvian nationals were arrested by Queensland Police in June, after allegedly defrauding customers of $250,000 through fake shopping websites.

Fairfax reports the police do not believe the same pair are directly behind the new websites, but are considering links between the newly closed websites and so-called “fake trader” sites that have previously been uncovered.

The three sites closed this month asked for payment details from shoppers but did not deliver the advertised goods, say Queensland Police.

“Anyone who wanted to purchase these items were asked to provide credit card details and also offered a further discount if payment was made via direct bank to bank transfers. Customers who paid the money never received the equipment,”  Detective Acting Inspector Brad Hallett said in a statement.

Police advise any shoppers who believe they may have been affected by a similar scam to contact ACORN directly, and recommend only using trusted websites and those that provide buyer protection when making purchases online.

SmartCompany contacted ACORN and Queensland Police for further comment but did not receive a response prior to publication.

Brand trust is key

When the issue of fake trader sites was raised by police earlier this year, Small Business and Family Enterprise Ombudsman Kate Carnell said there was “no doubt” such websites are costing small businesses money.

SMEs can be affected by these sites in a number of ways, she said, from being caught out by scammers themselves, to the effect of shoppers being reluctant to trust online shopping sites more generally.

“For a small business legitimately trading online, you don’t want any reduction in the confidence consumers have with online traders,” she said.

Director of InsideOut PR Nicole Reaney says stories like this present a significant challenge to new online sellers, because establishing brand trust can be difficult if a business enters the online market with no existing reputation.

Smaller operators can overcome these concerns by using a couple of approaches, she says.

The first is to jump on any negative news around online shopping and warn your networks that this occurs.

“Legitimate brands can embed a trusted position by communicating this consumer concern to its existing customers and encouraging them to be careful and share this information,” she says.

The second approach is to make sure there’s an opportunity for customers to connect with a real person through your business page, so customers can feel assured they are dealing with a legitimate person.

Checking in with your shoppers will ensure they feel connected throughout the process, Reaney says.

“A simple voice on the other end of the phone is enough to put minds at rest and alleviate any concerns.”
Original article found HERE at SmartCompany.com.au
Posted in Uncategorized | Leave a comment

Poisoned water holes: the legal dangers of dark web policing

Poisoned water holes: the legal dangers of dark web policing

Ian Warren, Deakin University; Adam Molnar, Deakin University, and Monique Mann, Queensland University of Technology

This article is part of a series on how law enforcement is fighting crime across digital borders.


Australian police are using “poisoned watering holes” to investigate crime on the dark web. By taking over illegal marketplaces that traffic in child pornography or drugs, law enforcement are collecting information about criminals all over the world.

Of course, crimes that occur on the internet often cross international borders, but this situation is creating troubling new standards in transnational policing.

Research, including our own, indicates that as police operations move into online environments, new rules for digital evidence collection and exchange must be developed to assist prosecutions while preserving due process and human rights.


Read More: Spyware merchants: the risks of outsourcing government hacking


Investigations on the dark web readily transcend geographic demarcations fundamental to the use of search warrants and the admissibility of evidence.

Some enforcement agencies have conducted online investigations and attempted to access or transfer information outside existing domestic and transnational legal frameworks. This is common in cases involving dark web sites that distribute child exploitation material (CEM).

Without proper checks, police could have significantly expanded scope to search homes and computers around the world, even in cases not involving CEM.

Watering holes and network investigative techniques

The techniques used in online investigations can have potentially problematic legal standing.

Playpen was a dark web site used to distribute CEM. The FBI seized the site in 2015, and obtained a warrant to continue its operation on a government server.

The FBI used a Network Investigative Technique (NIT), also known as Computer Network Exploitation, to identify Playpen users. This distributed malware onto any computer used to log into the site.

The NIT enabled the FBI to identify the IP addresses, log-in times, and operating systems of around 150 computers located in the United States and more than 8,000 computers located in 120 countries. Up to 215,000 registered Playpen users globally could be affected.

 

A Fast Explainer Of The Dark Web.

 

According to the Electronic Frontier Foundation, Playpen is the largest known US government hacking operation. But it was authorised by a single warrant issued in Eastern Virginia.

Specialist online units in Australia, such as Task Force Argos in the Queensland Police Service, have also used “poisoned watering hole” tactics.

Australian convicted child sex offender Shannon Grant McCoole, who administered “The Love Zone” site, was apprehended after a tip from Danish police. Task Force Argos investigators then effectively ran the site “while feeding information to international law enforcement colleagues”.

The investigation identified many users located in other countries, including several who were prosecuted in the United States.

Details of the warrant used in this investigation are unclear, which is common in cases involving CEM that result in guilty pleas.

Darkweb investigations and the law

There are some established methods for law enforcement sharing information across borders.

Mutual Legal Assistance Treaties (MLATs) are similar to extradition treaties. States seeking access to digital evidence located offshore must first issue a formal request.

MLATs aim to protect the legal rights of people suspected of transnational or offshore offending. However, available US cases involving The Love Zone do not appear to mention MLAT procedures.

This has troubling implications for the right to a fair trial.

It’s possible Task Force Argos informally communicated the IP addresses of US-based site users directly to US authorities. Queensland Police declined to comment on the warrant.

The geographic scope of the Playpen NIT warrant, on the other hand, is extremely unclear. Some US courts have declared the NIT warrant to be valid only within Eastern Virginia.

At least one US court has ruled that warrants to search homes and seize computers outside of this district produced evidence viewed as the “fruit of the poisonous tree”.

In other words, because the dark web’s infrastructure could only enable law enforcement to uncover the locations and identities of suspects through the defective NIT warrant, any physical evidence seized from a subsequent warrant to search a home was inadmissible.

However, some US courts seem willing to admit evidence from the Playpen NIT because the FBI is regarded by the courts as acting in good faith in both seeking and executing it.

Legal geographies of online investigations

Law enforcement agencies are keen to maintain secrecy of dark web CEM investigations. But there is concern from legal experts that informal police networks routinely operate outside of established MLAT procedures.

The MLAT process is slow, technical and cumbersome. This may fuel the acceptance of questionable NITs and exchange of data between police to streamline transnational dark web investigations. But it could also undermine complex cyber-prosecutions and the fairness of criminal trials that rely on electronic evidence.


Read More: Inside the fight against malware attacks


The informal exchange of criminal intelligence and use of malware is understandable where child welfare is at stake. But these investigative methods undercut current attempts to preserve due process and digital security standards.

The ConversationSuccess in these types of investigations cannot solely be measured by prosecution and conviction rates. It should also be measured by the legality, ethics and transparency of transnational investigative procedures and the rules that underpin them.

Ian Warren, Senior Lecturer, Criminology, Deakin University; Adam Molnar, Lecturer, Criminology, Deakin University, and Monique Mann, Lecturer, School of Justice, Researcher at the Crime and Justice Research Centre and Intellectual Property and Innovation Law Research Group, Faculty of Law, Queensland University of Technology

This article was originally published on The Conversation. Read the original article.

Posted in Uncategorized | Leave a comment

Police warning over private rentals as cannabis growhouse discovered

 

Police warning over private rentals as cannabis growhouse discovered

Sophie Foster

16 AUG 2017

 

Police vision of a cannabis crop in a house in Hea 

Police vision after a cannabis crop was seized in Heathwood. Picture: Supplied

POLICE have warned property investors not to rent homes out privately after seizing $850,000 worth of cannabis plants from one house.

A statement from Queensland Police said a “significant cannabis growhouse” was located at a Heathwood address, about half an hour from the Brisbane CBD.

Detective Inspector Lance Vercoe of the Drug and Serious Crime Group warned such occurrences were not uncommon.

“We are seeing this type of hydroponic setup more often, with criminals paying cash to rent directly from the property owner,” he said.

“The offenders have caused tens of thousands of dollars’ worth of damage to the property, breaking through doors and walls in order to grow the cannabis.

“Members of the public who seek to rent their properties should be extremely wary of renting their properties out privately and should consider taking the appropriate steps to protect your property.”

The two storey house was unoccupied when detectives executed a search warrant. The search was conducted after a tipoff from members of the public.

Original article found HERE at The Courier Mail.

Posted in Uncategorized | Leave a comment

The sex predators operating online, targeting mobile savvy teenage victims with shock tactics

The sex predators operating online, targeting mobile savvy teenage victims with shock tactics

CARLY thought she was chatting to a boy her age but when they met, he was a 50-year-old paedophile who murdered her. Her mum has a warning for all parents.

Keep your children safe from online predators

EXPERTS have warned of the shocking tactics sex predators employ in order to lure unsuspecting child victims, including infiltrating popular mobile apps.

The growing use of smartphones among young Australians is putting them at risk of contact with paedophiles, as well as a bombardment of explicit content.

Cyber safety expert Ross Bark said kids weren’t equipped with the knowledge and maturity to navigate the dangers of the online world.

“People are waiting there (on mobile apps) literally to pounce on these young children,” Mr Bark told A Current Affair.

In a special report, the Channel Nine show looked at various chat, social networking and gaming apps popular among young users. Among those probed was Kik, Snapchat and Musical.ly.

Experiment with them, posing as a young teenage girl, the program found an array of R-rated material, requests for explicit video chat and even attempts at grooming.

Detective Superintendent Linda Howlett is the commander of the New South Wales police Sex Crimes Squad, which has made 100 arrests for online grooming so far this year alone.

“Sex offenders will go on particular sites that are aimed at children, for the purpose of meeting the child and having sex,” she warned.

Experiment with apps, posing as a young teenage girl, the program found an array of R-rated material, requests for explicit video chat and even attempts at grooming.

Experiment with apps, posing as a young teenage girl, the program found an array of R-rated material, requests for explicit video chat and even attempts at grooming.

Of particular concern is opt-out privacy settings and inadequate protections on mobile phones.

Sonya Ryan’s daughter Carly was just 15 when she was murdered by who she thought was a boy named Brandon.

“Time stopped and my entire life just fell to pieces,” she said.

The two had been chatting online for 18 months and became close. When Sonya became suspicious, she banned Carly from talking to him anymore.

“But it was too late. He had her hooks in her.”

Garry Newman was sentenced to life in prison for the 2007 murder of Carly.

Garry Newman was sentenced to life in prison for the 2007 murder of Carly.Source:Supplied

Garry Newman, a 50-year-old paedophile, was sentenced to life in prison for the 2007 murder of Carly.

When police raided his home to arrest him just 11 days after he killed Carly, Newman was on his computer posing as Brandon and talking to another teenage girl.

The lengths he went to in order to dupe his victims was shocking, Sonya said.

“There was looped vision of a boy typing, so when I looked over Carly’s shoulder that’s what I’d see.”

He had multiple fake profiles that he had carefully constructed, as well as several mobile phone numbers.

Cyber safety experts warn parents to be vigilant about mobile phone privacy settings.

Cyber safety experts warn parents to be vigilant about mobile phone privacy settings.Source:istock

Detective Superintendent Howlett said stranger danger had well and truly moved off the streets and into potential victims’ pockets on their phones.

She warned parents to be hyper vigilant, but also to check privacy settings to ensure they are as robust as possible.

Mr Bark echoed the advice, saying even apps that require users to add those they want to communicate aren’t completely private.

Original article found HERE at news.com.au

“If it’s not set up properly, anyone anywhere in the world can see your posts,” he said.

Posted in Uncategorized | Leave a comment