Archive for the ‘cybercrime’ Category

Oak Flats woman busted for dodgy online business practices

Monday, July 14th, 2014
Photo courtesy of Widjaya Ivan on Flickr

Photo courtesy of Widjaya Ivan on Flickr

Roselyn Joy Wilson, formerly of Oak Flats, New South Wales, has been fined $6,510 by Fair Trading and ordered to pay a total $11,120 compensation to six customers for scamming them via her fake internet business.

Dozens of customers complained about not receiving generators purchased from Wilson’s online business, Quality Direct Pty Ltd.

The fake online business, www.qualitydirect.com.au, purported to sell generators at a discounted price, provided customers pay for goods upfront.

At least six customers were ripped off between February and June, 2012, after they deposited sums of almost $2000 each into an account but received no generators.

“Consumers were left high and dry by [Wilson], who simply stopped taking calls from frustrated people demanding to know when their generator would be delivered,” Fair Trading Commissioner Rod Stowe said.

“It appears [she] had no intention of supplying the goods she received payment for and she then failed to co-operate with Fair Trading once consumers sought our intervention.

“Failing to provide goods and services in a timely manner is a breach of the Australian Consumer Law and Fair Trading will take action against any online trader who thinks they will get away with such dishonest behaviour.”

Fair Trading received more than 50 complaints about the business in 2011 and 2012, prompting it to warn the public about dealing with Wilson or Quality Direct.

To read more on this story, click here.

Conventional insurance may not cover cyber security breaches: Centre for Internet Safety

Wednesday, December 25th, 2013
Photo credit; elhombredenegro on Flickr

Photo credit; elhombredenegro on Flickr

Companies with an online presence need to look beyond conventional insurance policies to ensure they are protected against more than just cyber attacks, a new report from the Centre for Internet Safety (CIS) has warned.

The University of Canberra-based thinktank warned in the report that many organisations are unprepared to manage risk from a variety of factors beyond simple cyber-attacks. Negligence and human factors accounted for 35% of data breaches in one recent Ponemon Institute-Symantec study, while 29% were due to system glitches and the remainder due to the stereotypical malicious attack.

“Traditional business insurance policies have tended to only cover ‘tangible’ assets such as PCs, laptops and other mobile devices,” the report warns.

“Developing exposures have highlighted that electronic data is not always considered to fall under the definition of tangible assets and is just one area where cyber insurance is designed to fill a gap. Some organisations have discovered gaps in what is and isn’t covered after an attack. Unfortunately for them, by then it is too late.”

The report identified five key issues organisations needed to consider in assessing their cyber risk:

  • identifying the organisation’s tangible assets
  • evaluating its ability to survive without them
  • establishing whether it is principally a business-to-business or business-to-consumer operation
  • evaluating the burden of managing fully automated IT systems
  • assessing the privacy and data breach laws for the markets where it operates.

Companies need to make sure their insurance regimes also cover the ancillary effects of a data breach and its aftermath.

These include:

  • cover for business interruption
  • the cost of notifying customers
  • the cost of regulatory investigations or actions in the event of a breach, “without the requirement for physical damage that is a standard trigger under property policies.”

Other expenses that should be included in cyber-insurance policies include:

  • crisis management
  • hiring a public relations firm to manage a data breach incident
  • forensic analysis
  • repairing and restoring computer systems
  • the loss of business income resulting from the incident.

“An effective cyber insurance policy will include explicit wording which covers first party and third party claims,” the report advises, warning that the nature and scope of cyber-insurance policies must be managed at the business level and not just by the IT organisation.

The 2012 Data Breach Investigations Report found 570 of 855 recorded attacks were targeted at businesses with 11 to 100 employees.

To read more about this story, click here.

Cybercrime still huge concern for Australian businesses

Friday, November 29th, 2013
Photo credit; elhombredenegro on Flickr

Photo credit; elhombredenegro on Flickr

Business standards company BSI says still too many Australian companies aren’t taking cyber attacks seriously.

 BSI recently revised its Information Security ISO and the 2013 revision by BSI of the international standard organisation’s (ISO), ISO 27001 Information Security, combined with the launch of Star Certification for Cloud security providers represents a comprehensive rethink of the organisation’s approach in addressing cyber security.

BSI’s CEO, Howard Kerr, said that ISO 27001 is one of the fastest growing management systems globally, and the 2013 revision of the standard will assist businesses of all sizes to address cyber security threats.

“The challenges currently faced are quite phenomenal and with the introduction of the cloud, these issues potentially impact the whole supply chain,” he said.

According to Symantec’s Internet Security Threat Report 2013 the risk of a cyber attack on any business has risen by 250% since 2010.

As ARN reported back in October Cyber crime costs Australians $1.06 billion, cyber crime cost Australian business $1.06bn in the last year, and affected 5 million people.

Businesses are now doubling their data every 1-2 years, which puts a strain on company infrastructure, and the employees that administer it. Plus, the move to Cloud computing has seen more and more companies putting commercially sensitive information outside the physical company premises – and into the unknown.

Kerr also cautioned that, with the rise of mobility and BYOD, these more flexible forms of working are producing even more security hazards.

“All of these developments are making information security increasingly difficult to manage with threats are growing in sophistication and impact and greater penalties being imposed by regulators for breaches and the risks associated with reputational damage,” said Kerr.

BSI certifies more than 3500 clients in Australia.

To read more on this story, click here.

Australian small business websites hit by hackers in wake of spying scandal

Wednesday, November 6th, 2013
Photo credit; Eliot Phillips on Flickr

Photo credit; Eliot Phillips on Flickr

Hackers claiming links to international activist group Anonymous defaced dozens of websites belonging to Australian businesses recently.

A group calling itself Anonymous Indonesia posted on Twitter a list of more than 100 Australian sites it had hacked, saying the action was in response to reports of spying by Australia.

The websites were defaced with a message reading “Stop Spying on Indonesia” and are mainly owned by small Australian businesses. They seemed to have been chosen at random.

Australia has been implicated in spying by its role in a U.S.-led surveillance network.

Reports that the Australian embassy in Jakarta was being used for spying prompted Indonesia to summon the Australian ambassador last week. And China demanded an explanation from the United States after the Sydney Morning Herald newspaper reported Australian embassies across Asia were part of the U.S. operation.

To read more on this story, click here.

Small and medium businesses in Australia face cyber attack threat

Friday, October 18th, 2013
Photo credit; Mathieu Plourde on Flickr

Photo credit; Mathieu Plourde on Flickr

Cyber attacks hit 75% of small and medium sized businesses (SMB) last year, according to online security company McAfee, which says Australian businesses have been under concerted attacks online.

“There is a real imperative to better understand how to keep business assets safe — from data to devices, email and web,” says McAfee’s SMB Manager for Asia Pacific, Robbie Upcroft.

In its May State of Cybersecurity in Australian SMBs report, McAfee warned that almost half of SMBs in Australia had experienced a targeted attack in the past 12 months (44.5 per cent) with one in five (21 per cent) of this number experiencing three or more attacks.

And, in a worrying sign, McAfee found that just under half (46 per cent) of Australian SMBs indicated they had experienced security breach or data loss “by deliberate sabotage from current or ex-employees in the last year.”

To read more about this story, click here.

Scoopon gets hit with accusations of cheating

Thursday, July 11th, 2013

The Australian Competition and Consumer Commission (ACCC) has levied accusations against online coupon website Scoopon in Federal Court. 

The ACCC has alleged that Scoopon engaged in misleading and deceptive conduct and made false and misleading representations to businesses and consumers.

The ACCC alleges that Scoopon:

  • misled consumers regarding their ability to redeem vouchers, their refund rights and the price of goods advertised in relation to some of its deals;
  • that Scoopon told businesses there was no cost or risk involved in running a deal with Scoopon, when a fee was in fact payable to the site, and;
  • that Scoopon misled businesses by claiming that between 20 and 30% of vouchers would not be redeemed, when there was no reasonable basis for this representation.

The ACCC is seeking declarations, injunctions, community service orders, pecuniary penalties and costs in the Scoopon case.

To read more on this story, click here.

Is hacking on the rise?

Tuesday, June 21st, 2011

As I’ve been reading the technology sections of various online news sources lately, I’ve been coming across more and more stories of websites being hacked.

Some of the more recent attacks included the high profile breach of personal data from Sony, down to a less serious fake news story on the PBS news website, announcing Tupac was alive in New Zealand.

theage.com.au has an article exploring these in more depth, along with other breaches and there effect on those who were targeted.

 

Online site probes new privacy fears

Thursday, December 23rd, 2010

SMH reports that the website www.reverseaustralia.com is a directory which links names and phone numbers, to addresses.  It has caused the Australian Communications and Media Authority to investigate whether it constitutes a privacy breach.

The service, created by an Australian man living overseas, not only links to phone numbers which may otherwise be unlisted, but also asks users to login using their Facebook details, which is arguably also using private information.

James (first name given only), the maker of the site, wants to create an i-Phone Ap for this service too.

Tap and Pay: new card technology

Friday, October 29th, 2010

Don’t have cash, don’t want to sign or use your pin? Just tap your card in front of the new reader, and you are off.  Mastercard and Visa have been rolling out  the “tap and pay” machines for transactions under $100 AUD.

Banks are quick to roll out the machines, with Commonwealth Bank expecting to have 20,000 introduced in stores by the end of the year. NAB expects to have 25,000 out by mid 2011.

Not all cards have the technology yet, but those that do have the logo clearly displayed on the card.

What about privacy and theft concerns? Commonwealth Bank says the $100 limit is too small to attract fraudsters, who are interested in large, big ticket purchases.  The Banking Ombudsman notes that the Electronic Funds Transfer Code of Conduct covers transactions using tap and pay, so customers can be compensated for fraud providing the other conditions under the code of conduct are met.

The full article from Sydney Morning Herald is available here.

You have been served – by Facebook!

Thursday, October 21st, 2010

Police in Victoria used non-traditional means (where traditional means had otherwise not been a success) to serve a man with court papers via Facebook, reports Sydney Morning Herald today.

A local magistrate allowed the service of the court documents by Facebook, then Senior Constable Walton read out the court order in private messages. After the final message was sent, Victorian Police were able to contact the man who confirmed he had received the messages.

The end result was that the woman who was being harassed by this man, was able to get a desired outcome by being able to serve him with these documents, although Facebook itself was of no assistance to the Police.

Internet bullying, stalking and intimidation are taken very seriously. ‘In this instance we were able to deliver justice through the same medium as the crime committed’ says Senior Constable Walton.