MyCRA Specialist Credit Repair Lawyers

Tag: Cyber-Security Awareness Week 2013

  • Cyber-security to protect your financial identity.

    SSO_Logo+WebHow can what you do online impact your ability to obtain credit? Understand the risks and protect your credit rating.

    MyCRA is a partner for Cyber Security Awareness Week 2013, running this week until 24 May.  The aim of Awareness Week is to help Australians using the internet – whether at home, the workplace or school – understand the simple steps they can take to protect their personal and financial information online.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    Cyber Security Awareness Week 2013 is an Australian Government initiative, held annually in partnership with industry, community and consumer groups and state and territory governments.

    One of the big risks for Australians is that their internet use will lead to fraudsters stealing their personal information for purposes of identity theft (now the fastest growing crime in Australia) and potentially fraud. The good credit rating of the victim could then be damaged.

    It is reported that 1 in 6 people in Australia is a victim or knows someone who has been a victim of identity theft or fraud in the past 6 months.

    Victims are not always ‘gullible’ as may be the impression in the wider community. Many experts say it is not a matter of if you experience an identity theft attempt, but when.

    Increasingly it comes from professional fraudsters whose main occupation is to steal personal information and financial details in order to commit fraud.

    The internet is a big source of personal information and its ever increasing use makes you more vulnerable to identity crime than ever.  This means identity crime can have very long arms – often it originates from overseas crime syndicates. Social networking, online banking, company databases can also be sources.

    The unlucky identity theft victim is unaware of the fraud until their identity is misused, and their credit rating with it. When identity theft damages your credit rating – it is because the fraudster has been able to overtake credit accounts, or has gained access to enough personally identifiable information about you to forge new identity documents.

    If credit accounts are not repaid – after 60 days you may be issued with written notification of non-payment and the intention for the creditor to list a default on your credit file. It is at this moment that some people who were previously unaware of any problems find out they have been victims of this more sophisticated type of identity theft.

    Protecting Your Financial Identity Online

    stay smart onlineYou can provide a safety buffer for yourslef and your family around one of the main channels for fraudsters to enter our lives – the internet.

    Remember the top tips

    Stay Smart Online encourages all Australians to remember these ten simple tips to improve their online security:

    1. Install and update your security software and set it to scan regularly
    2. Turn on automatic updates on all your software, particularly your operating system and applications
    3. Use strong passwords and different passwords for different uses
    4. Stop and think before you click on links and attachments
    5. Take care when buying online – research the supplier and use a safe payment method
    6. Only download “apps” from reputable publishers and read all permission requests
    7. Regularly check your privacy settings on social networking sites
    8. Stop and think before you post any photos or financial information online
    9. Talk with your child about staying safe online, including on their smart phone or mobile device
    10. Report or talk to someone if you feel uncomfortable or threatened online – download the Government’s Cybersafety Help Button

    For specific help with safe banking, we refer to the Australian Bankers’ Association’s recommendations:

    Protect your passwords – ensure you keep confidential your PIN and Internet banking logons and passwords. Avoid using the same logon/passwords for multiple websites, especially when it enables access to websites that include sensitive personal information. Set a pass code for your device and a PIN for your SIM. If your banking app allows logon with a PIN, make sure it is different to the one used to unlock your       mobile device. Make sure your password or code is something that’s hard for others to guess but easy for you to remember.  A bank will never ask you to provide passwords or PINs by e-mail or over the telephone.

    Lock – set your smartphone and tablet to automatically lock. The password will protect your device so that no-one else can use or view your information. Also store your device in a secure location.

    Contact your bank if you lose your smartphone or tablet – call your bank immediately to tell staff about the loss and provide your new phone number, especially if your bank uses an SMS message to authenticate transactions.

    Clear your mobile devices of text messages from banks especially before sharing, discarding or selling your device.

    Be careful what you send via text – never use text messages to disclose any personal information, such as account numbers, passwords or other personal information that could be used to steal your identity.

    Use only official apps – make sure to only use apps supplied by your financial institution and only download them from official app stores.

    Delete spam and scam e-mail – if the offer sounds too good to be true – it probably is.

    Guard identity information carefully and only provide it to trusted people and entities.  This includes date of birth, current address, driver’s licence and passport details.

    Anyone interested in online safety should subscribe to the email notifications from Stay Smart Online Alert Service. The Stay Smart Online Alert Service is a free subscription based service that provides home users and small to medium enterprises with information on the latest computer network threats and vulnerabilities in simple, non-technical, easy to understand language. It also provides solutions to help manage these risks.

    Also, you can look at securing different sections of your internet use in more depth with the help of Stay Smart Online’s key factsheets for online security.

    Check your credit file regularly, and act quickly on any discrepancies there – which can often be the first sign of identity theft. Copies of credit files can be ordered from one or more of Australia’s credit reporting agencies, and are free for the credit file holder once per year.

    Image 1: courtesy of Stay Smart Online

    Image 2: Ambro/ www.FreeDigitalPhotos.net

     

     

  • Bloggers and small business sites a target for cyber-criminals

    Press Release MyCRA

    blogBloggers and small business sites a target for cyber-criminals.

    23 May 2013

    There’s a gaping hole in cyber-security, and once again, the ‘little guy’ is at risk.

    Experts warn Australians using WordPress or similar sites about the risks of being hacked by cyber criminals unless they bump up their safety measures.

    “Small businesses and bloggers often don’t have the money to invest in online safety – and also believe their small site or blog is ineffectual, when in fact its resources make it a prime target for hackers,” Online expert Daniel Smith says.

    These warnings come as part of Cyber-security Awareness Week 2013, and follow the world’s biggest ever WordPress and Joomla attack last month.

    Mr Smith says the event demonstrates the ease with which small sites can be easily infiltrated and used to make a big impact as part of a systematic attack.

    WordPress currently powers over 60 million websites and is read by over a quarter of a billion users every month. WordPress and Joomla were recently attacked by a botnet of tens of thousands of individual computers. The botnet targeted users with the login “admin”, trying thousands of possible pass words.[fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][i]

    Mr Smith says accessing sites can be easy if pass-phrase security is lax, particularly when the user ‘admin’ is used.

    “I liken it to a locksmith with a whole set of generic keys – he can turn the keys in many doors until he finds one that fits. Hackers have common pass word ‘keys’, and they roll trials of these words until one unlocks the computer, and enables them to use the resources that power the site which are far more than could be gained by a singular desktop computer,” he explains.

    He says the ramifications for individuals and businesses who become part of a botnet are loss of data, loss of secure personal information and break-down of the site.

    “I know victims of who have had to close their business down because they have lost so much information without having any backups,” he says.

    But he warns, hackers don’t always delete the information, but may leave it intact, putting in files in back doors so that they can go undetected – making use of these resources again and again.

    “Hackers can on-sell information to fraudsters, cyber-terrorists or spammers, and can also on-sell the entire botnet to be used in a distributed denial of service (DDOS) event,” he cautions.

    A national credit expert warns fraudsters can use the information to commit identity theft – the fastest growing crime in Australia.[ii]

    CEO of MyCRA Credit Rating Repair, Graham Doessel says information like dates of birth, account numbers, full names and other personal information can be used to steal your identity and take credit out in your name.

    “Fraudsters have been known to go so far as to take out personal loans, credit cards and even finance homes in their victim’s name,” Mr Doessel says.

    “Unfortunately fraudsters are never so kind as to pay this credit back – which leads to defaults on your credit rating. Most victims are unaware of this until they apply for credit in their own right and are flat out refused.”

    Defaults remain on the credit file of individuals for between 5 and 7 years.

    “In the past it has not been easy for identity theft victims to prove they didn’t initiate the credit, particularly if they have no idea how they were duped in the first place. Often not much of a trail is left and prosecutions don’t come easily,” he says.

    Both Smith and Doessel say prevention is key, and recommend you make some simple but important changes to the way you log in to your WordPress or other sites:

    1. Use secure pass phrases. Come up with a unique scheme that is a minimum of 8 characters long – for example every 3rd vowel could be a number or symbol and you should always add some uppercase letters, numbers and any character that requires the shift key to type. Use multiple words in a pass phrase. You could use two unrelated words which are memorable to you.

    2. Use a different pass phrase and user for each account.

    3. Use a unique user name – not the default setting. Never use ‘admin’ as a user name.

    4. Minimise login attempts. Restrict the number of attempts to access the site before the user is ‘locked out’.

    5. Include a 2-step verification plug-in. You can download a plug-in which requires 2-step authentification similar to bank requirements when logging in to the site. This is harder to infiltrate by hackers, but Mr Smith says many don’t use 2-step verifications because they seem inconvenient.

    “We may need to get a little inconvenienced to prevent what could be a personal or business disaster, or in worst case scenario, a future global disaster,” he says.

    MyCRA is a partner for Cyber Security Awareness Week 2013 – an Australian Government initiative through Stay Smart Online, to help Australians using the internet – whether at home, the workplace or school – understand the simple steps they can take to protect their personal and financial information online.[iii]

    To stay one step ahead of fraudsters, you can subscribe to Stay Smart Online Alerts at no charge – which lets you know about cyber issues as soon as they unfold http://www.staysmartonline.gov.au/alert_service.

    /ENDS.

    Please Contact:

    Graham Doessel – Founder and CEO MyCRA Ph 3124 7133

    Lisa Brewster – Media Relations MyCRA & for comment from Daniel Smith Web analyst  media@mycra.com.au

    http://www.mycra.com.au/ www.mycra.com.au/blog

    246 Stafford Rd, STAFFORD Qld

    MyCRA Credit Rating Repairs is Australia’s number one in credit rating repairs. We permanently remove defaults from credit files.

    Stuart Miles/ www.FreeDigitalPhotos.net[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • Lax cyber-security makes us all vulnerable: Cyber Security Awareness Week 2013

    password securityIf your password is one of the most 1,000 common passwords, it could be hacked in literally seconds…

    Are you one of the millions of Australians who have a pretty basic password? We show you how important strong passwords and other security measures are to keep you, your credit file, your business and perhaps your country safe from cyber-attack. This week is Cyber Security Awareness Week 2013, hosted by Stay Smart Online. This is an Australian Government initiative, held annually in partnership with industry, community and consumer groups and state and territory governments. As part of this week we have been fortunate to speak with online expert Daniel Smith about cyber-security. He gives us a unique insight into the importance of cyber-security awareness for every ordinary Australian.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    You may have heard last month about the biggest ever global brute-force attack. You may have heard about it, but like many it may have gone straight over your head. But the ramifications of an attack like this are pretty important.

    The attack was on WordPress sites, which currently powers over 60 million websites and is read by over a quarter of a billion users every month. WordPress was attacked by a botnet of tens of thousands of individual computers. The botnet targeted WordPress users with the username “admin”, trying thousands of possible passwords.

    But online expert Daniel Smith warns this attack is definitely only a small taste of things to come.

    “Last month’s attack was orchestrated on a large scale, but this happens continuously on an individual basis on sites like WordPress, Joomla, Drupal or similar,” Daniel says.

    “I liken it to a locksmith with a whole set of generic keys – he can turn the keys in many doors until he finds one that fits. Hackers have common password ‘keys’, and they roll trials of these passwords until one unlocks the computer, and enables them to use the resources powered by the site which are far more than could be gained by a singular desktop computer,” he says.

    The ramifications for individuals and businesses who become part of a botnet are loss of data, loss of secure personal information and break-down of the site.

    “I know victims who have had to close their business down because they have lost so much information,” he says.

    But he warns, hackers don’t always delete the information on these sites, but may leave it intact, putting in files in back doors so that they can go undetected – making use of these resources again and again.

    “Hackers can on-sell information to cyber-terrorists or spammers, and can also on-sell the entire bot-net to be used in a brute-force attack that is capable of crashing a country’s economy,” he cautions.

    He says individuals with a WordPress or similar blog, and small companies could be at risk.

    “They don’t have the money to spend on security protection that a larger business would – and they are the ones that think their small site or blog is ineffectual, when in fact its resources make it a prime target for hackers,” he says.

    So just how easy is it to find these passwords?

    “I did a quick 5 minute search on the internet yesterday, and found a list of 6 million usernames and passwords that are out there. If I went searching for more in depth, there would be more there,” he says.

    Daniel says what’s gone wrong, is that the way we’ve been taught to create usernames and passwords is in fact broken. He says we need to make these changes to the way we run sites like WordPress:

    1. Use secure pass phrases. Come up with a unique scheme that is a minimum of 8 characters long – for example every 3rd vowel could be a number or symbol and you should always add some uppercase letters, numbers and any character that requires the shift key to type. Use multiple words in a pass phrase. You could use two unrelated words which are memorable to you.

    2. Use a different password for each account.

    3. Use a unique username – not the default setting. Never use ‘admin’ as a username.

    4. Minimise password login attempts. Restrict the number of attempts allowed to access the site, before the user is ‘locked out’, which prevents multiple attempts to crack the password.

    5. Include a 2-step verification plug-in. You can download a plug-in which requires 2-step authentification similar to bank requirements when logging in to the site. This is harder to infiltrate by hackers, but Mr Smith says many don’t use 2-step verifications because they seem inconvenient.

     

    “We may need to get a little inconvenienced to prevent what could be a business disaster, or in worst case scenario, a future global disaster,” he says.

    So where do we as credit repairers come in to cyber-security?

    Stealing passwords or personal information through these channels can lead to identity theft and potentially fraud. Hackers can on-sell your personal information to fraudsters who have identity theft as part of their repertoire.

    Information like dates of birth, account numbers, full names etc can be warehoused and used to steal your identity and take credit out in your name. Fraudsters have been known to go so far as to take out personal loans, credit cards and even mortgage homes in their victim’s name.

    Unfortunately fraudsters are never so kind as to pay this credit back – which leads to defaults on your credit rating. Most victims are unaware of this until they apply for credit in their own right and are flat out refused.

    For between 5 and 7 years you can be locked out of credit while your credit rating shows up someone else’s defaults.

    Unfortunately in the past it has not been easy for identity theft victims to prove they did not initiate the credit, particularly if they have no idea how they were duped in the first place. Often this sophisticated type of fraud is instigated by overseas crime syndicates who don’t leave much of a trail, or even if they do, can’t be prosecuted easily.

    SSO_Logo+WebPrevention really is key to protecting your credit file from this fraud – so spend some time and make sure the passwords on your site, or others that you use, are as secure as possible.

    To stay one step ahead of fraudsters, you can subscribe to Stay Smart Online Alerts – which let you know about security issues as soon as they unfold.

    Image 1: digitalart/ www.FreeDigitalPhotos.net

    Image 2: courtesy Stay Smart Online.