MyCRA Specialist Credit Repair Lawyers

Tag: Stay Smart Online

  • Keep updated about threats to your credit file:

    Do you really know if your credit rating is safe when you’re shopping, surfing, communicating and transacting online?  When you understand personal information and how it can be used by fraudsters, you want to do all you can to protect your personal information both online and offline. We look at one of the best things you  can do to stay up to date with threats to your identity and credit file, and ensure you Stay Smart Online.

    By Graham Doessel, MyCRA Lawyers www.mycralawyers.com.au.  Stay Smart Online Week 2014.

    Stay Smart Online - Proud Partner LR

    It’s important in our age of technology to be able to confidently engage online.  But it is equally important to be able to stay safe while doing that.

    How do you know when you need to update software? Or change a password? When will you know about Security breaches to entities which hold your personal information?

    The Australian Government provides a free subscription based service to home internet users and small businesses offering practical advice about security issues and observations which could impact you, your finances, your identity and your credit rating.

    The Alert Service provides easy to understand information about the latest internet threats, scams, and other risks, and how they can be recognised and addressed. If you’re using your computer at home (and lets face it – who isn’t?) this is like internet security 101.

    We encourage all of our readers to subscribe to this service. It could just save your bacon one day when it comes to internet threats.

    Click here to subscribe to the Stay Smart Online Alert Service.

    Internet fraud can lead to identity theft and in this situation often your credit file can be misused.

    If a fraudster is able to garner enough personal details to get duplicate documents in your name, they not only have your identity – they have access to your credit rating as well.

    This means they can take out credit in your name…and if they’re well-versed in this process – it may not be evident your identity is even compromised until you go to take out credit yourself and are refused.

    Unravelling the tangled web of identity theft at this point can be at times impossible. And unlike bank or credit card fraud, there’s not always reimbursement to be found. Some victims have found they have had to cop the 5 year default on their credit file, because they don’t understand and therefore can’t prove how the identity theft occurred in the first place.

    So our message this week is: take heed, and safeguard your personal information to prevent identity theft and credit file misuse.

    For more information on credit file misuse, or to get more help or information about the security of your credit file, visit our main site www.mycralawyers.com.au, or you can contact us on 1300 667 218.

  • Stay Smart Online and Keep Your Credit File Safe

    prevent identity theftJoin MyCRA Lawyers as we support ‘Stay Smart Online Week’ running 2 – 6 June 2014. This week aims to help Australians using the internet – whether at home, the workplace or school – understand the simple steps they can take to protect their personal and financial information online.

    This year’s theme – ‘On The Go’ – reflects the importance of staying safe and secure online while using mobile devices when social networking, banking, shopping, and navigating the internet. In this post, we give you an overview of what MyCRA Lawyers will be doing to promote awareness during Stay Smart Online Week 2014, and briefly explain why we choose to partner in this week and how important staying smart online is for the safety of your credit file.

    By Graham Doessel, Non-Legal Director of MyCRA Lawyers www.mycralawyers.com.au.

    Stay Smart Online - Proud Partner LR

    The 2014 Stay Smart Online Week (formerly Cybersecurity Awareness Week) is the seventh consecutive annual event conducted by the Australian Government in partnership with industry, the community sector and all levels of government.

    A range of activities are taking place around Australia, including seminars, industry events and community activities which you can attend or participate online.

    What will MyCRA Lawyers be doing during Stay Smart Online week?

    Monday: Staying Smart Online: Why you need to subscribe to Stay Smart Online Alerts.

    Tuesday: We will be exploring the theme for this year “On The Go” and look at how you can best secure your mobile device when social networking, banking, shopping and generally on the internet, as well as the ramifications of not securing your devices.

    Wednesday: We look at how you can protect your child online – particularly when it comes to their credit file. If you are a parent, and didn’t realise your children can be vulnerable to identity theft, then you don’t want to miss this post.

    Thursday: We are holding Stay Smart Online Awareness Day in our office. The team is getting involved and wearing the Stay Smart Online colours to promote this week. We will also be putting out a series of Facebook posts around crucial online safety topics. Don’t miss out on our great safety tips for protecting yourself and your credit file. In addition, we will post in our blog about Facebook itself in more depth and take a look at the dangers of Facebook to your credit file.

    Friday: We look in more detail the reasons why online security and savviness is so important for your credit file, and feature the best tips to protect yourself in the online space to prevent credit file misuse.

    Why did MyCRA Lawyers choose to partner for Stay Smart Online Week?

    It has never been a more important time to think about protecting personal information.

    Recent statistics released from the Australian Institute of Criminology show 1 in 5 Australians surveyed had been a victim of identity theft. The survey revealed 1 in 5 Australians have had their personal information misused, and 10 per cent had experienced the misuse in the past year. The statistics are higher than similar research conducted in the United Kingdom and the United States.

    Dr Clare Sullivan, an identity crime expert and law lecturer at the University of South Australia, says people get upset about the loss of money, but that was usually temporary, and was actually the least of their worries.

    “It’s the loss of identity. Once that has been compromised it’s compromised forever. People don’t realise how important that is and it could come up in six months or a year’s time or five years’ time,’’ she told news.com.au following the release of the survey.

    It is precisely this loss of identity which can lead to an even bigger type of fraud than simple bank or credit card fraud. If a fraudster is able to garner enough personal details to get duplicate documents in your name, they not only have your identity – they have access to your credit rating as well. This means they can take out credit in your name…and if they’re well-versed in this process – it may not be evident your identity is even compromised until you go to take out credit yourself and are refused.

    Unravelling the tangled web of identity theft at this point can be at times impossible. And unlike bank or credit card fraud, there’s not always reimbursement to be found. Some victims have found they have had to cop the 5 year default on their credit file, because they don’t understand and therefore can’t prove how the identity theft occurred in the first place.

    So our message this week is: take heed online, and safeguard your personal information to prevent identity theft and credit file misuse.

    For more information on credit file misuse, or to get more help or information about the security of your credit file, visit our main site www.mycralawyers.com.au, or you can contact us on 1300 667 218.

     

    Image 1: marin/ www.FreeDigitalPhotos.net

    Image 2: Courtesy of Stay Smart Online

  • Critical internet security information: bug ‘Heartbleed’

    Is your website or online service running OpenSSL? Or are you an internet user who gives out personal details or uses services within OpenSSL? Then your security may be at risk. According to internet security experts ‘Heartbleed’ is a major vulnerability in common encryption software which is affecting many websites and online services. Heartbleed is so widespread it could leave millions of servers on the internet open to an attack and could allow sensitive data including usernames and passwords to be stolen. We look more at this vulnerability, what you can do about it, and what the risks are when personal and financial information has been stolen, especially for the affected person’s credit rating.

    By Graham Doessel, Non-Legal Director MyCRA Lawyers www.mycralawyers.com.au.

    internet security

    The bug

    The Government’s Stay Smart Online (SSO) website has issued a HIGH priority security bulletin for those websites and online services running OpenSSL due to a major security vulnerability which has been discovered:

    The OpenSSL vulnerability is reported to have been around since 2011. Following recent publicity, there is growing evidence that websites are being targeted using this vulnerability.

    According to SSO, around two-thirds of websites and many other services currently use affected versions of OpenSSL (which stands for Open Secure Socket Layer, the most common cryptographic software used on most web servers). You would recognise websites using OpenSSL by the small padlock icon in the browser address bar or the ‘s’ added to the ‘http’ prefix for web addresses.

    There is an official webpage for this bug, and I encourage all to read the webpage, and seek help in this area if necessary. It advises that unlike bugs in single software or library which are able to be fixed by new versions, this bug is more dangerous because it has left a large amount of private keys and other secrets exposed to the Internet. Considering the long exposure, ease of exploitation and attacks leaving no trace this exposure should be taken seriously.

    Heartbleed.com explains in more detail what the bug does:

    The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

    The even scarier part of this vulnerability, is that if there had been someone hacking information, they would leave no trace of attack.

    Who is at risk

    OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet.

    According to Heartbleed.com:

    Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.

    How widespread is this?

    The most notable software using OpenSSL are the open source web servers like Apache and nginx. The combined market share of just those two out of the active sites on the Internet was over 66% according to Netcraft’s April 2014 Web Server Survey. Furthermore OpenSSL is used to protect for example email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and wide variety of client side software. Fortunately many large consumer sites are saved by their conservative choice of SSL/TLS termination equipment and software. Ironically smaller and more progressive services or those who have upgraded to latest and best encryption will be affected most. Furthermore OpenSSL is very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates.

     

    Affected versions of the OpenSSL

    Status of different versions:

    •OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

    •OpenSSL 1.0.1g is NOT vulnerable

    •OpenSSL 1.0.0 branch is NOT vulnerable

    •OpenSSL 0.9.8 branch is NOT vulnerable

    Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

    In Australian Broker on Wednesday, Deloitte security, privacy and resilience head Anu Nayer said it is vital for businesses who run a website or online service that the company’s technical team knows all the websites and web services the organisation has so they can check all the necessary sites. He outlined some important questions to determine your level of risk:

    •How have you determined whether each of our websites and web services has OpenSSL service enabled?

    •What type of sensitive information do we have that is accessible from the internet? What type of information would have been at risk?

    •Have we looked at our logs to determine if there have been any successful or unsuccessful attempts to exploit this issue? What did we find? Are we monitoring our network to look for indications of attacks?

    •What steps have we taken to mitigate the issue?

    •How have you confirmed that the fixes have been applied successfully?

    •Have you got assurances from our vendors, external hosting providers and application cloud services that they have fixed any vulnerable systems?

    The risks

    Obviously the information being shared in OpenSSL is of a secure nature for one reason or another, so someone with access to this information could do a whole host of things, including make use of, or on-sell information to fraudsters, cyber-terrorists or spammers.

    They can also use the information to commit identity theft – the fastest growing crime in Australia.

    Information like dates of birth, account numbers, full names and other personal information can be used to steal your identity and take credit out in your name. Fraudsters have been known to go so far as to take out personal loans, credit cards and even mortgage homes in their victim’s name. Unfortunately fraudsters are never so kind as to pay this credit back – which leads to defaults on your credit rating. Most victims are unaware of this until they apply for credit in their own right and are flat out refused.

    Defaults remain on the credit file of individuals for between 5 and 7 years. Often not much of a trail is left and prosecutions don’t come easily.

    The fix

    Open SSL 1.0.1g or newer should be used.

    If this is not possible software developers can recompile OpenSSL with the handshake removed from the code by compile time option -DOPENSSL_NO_HEARTBEATS

    Nayer says for organisations, it would also pay to consider if it is appropriate to revoke any Certificates which were used while the organisation ran exposed versions of OpenSSL.

    “Even after a fix is applied, the private cryptographic keys your systems are relying on to protect their communications could already have been compromised and this fix won’t address that compromise,” he said.

    For consumers, changing passwords regularly may help, and in addition a regular credit check can ensure you aren’t vulnerable to identity theft. Look for changes in personal details as well as suspicious credit enquiries in your name as a first sign of identity theft.

    Image: joesive47/ www.FreeDigitalPhotos.net

     

  • Online shoppers preyed on by fraudsters this Christmas

    Media Release

    christmas shopping onlineOnline shoppers preyed on by fraudsters this Christmas.

    26 November 2013

    More Australians will shop on the internet this Christmas, but a consumer advocate warns the increase in online trading could bring out more fraudsters looking to prey on time-poor and budget conscious consumers with schemes to not only take money, but personal information for purposes of identity theft.

    Graham Doessel, Non-Legal Director of MyCRA Lawyers, a firm which helps clients dispute their credit rating, says any unfamiliar retailer should be treated with caution, particularly those seeking personal information.

    “Consumers should be weary of those retailers seeking more personal information than would normally be necessary for a standard transaction, as we know that personal information can be stored and used to commit identity theft against unsuspecting consumers,” Mr Doessel says.

    “If fraudsters are able to get enough personal information they can request replacement copies of identification in your name and gain hold of your credit rating, so it may be your personal details that the crooks are really after.”

    He warns that unlike cases of bank fraud, where consumers may be reimbursed for stolen funds, an identity fraud case can be much more complicated and harder to recover from.

    “An identity theft victim may not always know the exact circumstances leading to debts in their name. In some cases they don’t even know they’ve been a victim until they apply for credit. There can be defaults and Judgments against their name which see them locked them out of credit for 5 years,” he says.

    According to the ACCC’s annual report on scam activity, online shopping scams have increased by 65 per cent since 2011. The ACCC cites the increase in online activity as the reason for the rise in scams.

    The Government’s Stay Smart Online website provides some online transaction safety advice:

    • Be wary if the website looks suspicious or unprofessional or makes unrealistic promises. Bargains which look too good to be true often are.
    • Only pay via a secure web page-one that has a valid digital certificate.
    • Use a secure payment method such as PayPal, BPay, or your credit card. Avoid money transfers and direct debit, as these can be open to abuse. Never send your bank or credit card details via email.
    • Always print and keep a copy of the transaction. Keep records of any emails to and from the seller.
    • Always conduct transactions within the auction website. Avoid private contact or payment directly with buyers or sellers-scammers will often use this ploy to ‘offer a better deal.

    Mr Doessel says if people worry they may have been caught out by identity theft this Christmas, they should act quickly to prevent credit file repercussions.

    “They should contact Police immediately, as well as their bank. They should also order a copy of their credit report – which would indicate if their credit file had been misused,” he says.

    In some cases victims may need the services of a credit reporting lawyer following identity theft to help with recovering their good name.

    About MyCRA Lawyers    : MyCRA Lawyers is an Incorporated Legal Practice focused on credit file consultancy and credit disputes. MyCRA Lawyers means business when it comes to helping those disadvantaged by credit rating mistakes.

    /ENDS.

    Please contact:

    Graham Doessel – Non-Legal Director MyCRA Lawyers Ph 3124 7133

    Lisa Brewster – Media Relations     media@mycra.com.au

    Ph 07 3124 7133     www.mycra.com.au  www.mycra.com.au/blog

    MyCRA Lawyers     246 Stafford Rd, STAFFORD Qld

    http://www.accc.gov.au/publications/targeting-scams-report-on-scam-activity/targeting-scams-report-of-the-accc-on-scam-activity-2012
    http://www.staysmartonline.gov.au/home_users/protect_yourself2/smart_online_shopping

    Image: sixninepixels/www.FreeDigitalPhotos.net

  • ‘TAX REFUND NOTIFICATION’ Don’t get caught out with this scam at tax time.

    tax refund notificationA high priority alert has just been issued from Stay Smart Online in regards to malware-carrying emails supposedly from the Australian Taxation Office, which could send your credit file into the doghouse. Most people who regularly read this blog will probably be well aware of the high prevalence of scam emails designed to capture your financial details either directly or through malware. They would also be well aware of the dangers that can pose for your ability to obtain credit in your own right if fraudsters steal your identity and pose as you to take out credit in your name. But we feel it is important to remain vigilant in warning the community when such emails are on the increase. They could just catch out someone you know. So we look at the details on this email and its variants, and what dangers it poses for the financial information of ordinary Australians.

     

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    Today Stay Smart Online (the government’s online safety website) issued a warning about cyber criminals taking advantage of the upcoming tax deadline for filing tax returns by launching thousands of scam emails. The emails are purporting to be from the ATO, but contain malware which can steal your personal information.

    Security firm Bitdefender reported the detection of three email spam campaigns in late July and early August that saw up to 10,000 spam emails sent on 6 August. This surpassed the 3,000 messages sent on 23 July and the 5,000 messages sent on 15 July.

    “This sort of malicious outbreak is expected to continue heavier and more targeted as the tax time approaches its deadline in October,” a Bitdefender advisory warned. “Attackers hope their targets are too concerned with their financial duties to double check the sender’s address and discover the con.”

    If your system is infected by the malware in these messages, private data such as passwords and logins for financial institutions can be stolen and distributed to cyber criminals who will exploit it for financial gain.

    If your computer becomes infected, not only can personal information be stolen, but malware may force the computer to join a global ‘botnet’ that uses thousands of slave computers to distribute further malware-laden emails—or it might take part in distributed denial of service (DDoS) attacks. Among other things, this can seriously reduce the effective speed of a home Internet connection.

    What the emails look like…

    Most common spam emails

    ‘Australian Taxation Office – Refund Notification’, with body text including ‘TAX REFUND NOTIFICATION’. It instructs you to open an attachment called ‘ATO_TAX_pokeefe.zip’ or similar. The attachment is typically malware.

    ‘New information regarding lodgement’ and suggests that the ATO has been attempting to refund a payment to “the credit card we have on file.” Recipients are advised to log into an ‘e-portal’ to receive the refund manually, and that “during the payment process you will be given the opportunity to update the credit card that is on record.”

    Important Information…

    The ATO will never ask for such information via email. Any email that requests additional information before a refund can be released is a hoax.

    If you receive a message like this, do not under any circumstances open the attachment. Delete the message immediately. Never open attachments that arrive with these sorts of messages.

     

    Identity theft and your credit file

    Identity theft can lead to fraud, and can affect your credit file. It often goes undetected until the victim applies for credit and is refused.

    Any kind of credit account (from mortgages and credit cards through to mobile phone accounts) which remains unpaid past 60 days can be listed as a default by creditors on the victim’s credit rating, and those defaults remain there for 5 years.

    The consequence of people having a black mark on their credit rating is generally an inability to obtain credit.  Most of the major banks refuse credit to people who have defaults, or even too many credit enquiries, so it is really essential to keep a clean credit record.

    If you think your identity has been stolen, or that your personal information has been compromised there are three things you should do to protect your credit file:

    1. Contact Police immediately

    2. Contact the credit reporting agencies which hold your credit file.

    3. Contact your Credit Providers – especially financial institutions.

    If you think your tax file number has been stolen, you can visit the ATO’s Client Identity Support Centre for more help. They also give comprehensive advice on what to do in different situations of theft of your personal information.

    By law in Australia, if a listing contains inconsistencies the credit file holder has the right to negotiate their amendment or removal.

    But to clear their good name, the identity theft victim needs to prove to creditors they did not initiate the credit – which can be difficult. Not only are victims generally required to produce police reports, but large amounts of documentary evidence to substantiate to creditors the case of identity theft.

    Contact www.mycra.com.au for more details on credit repair following identity theft.

    Image: Stuart Miles/ www.FreeDigitalPhotos.net

  • Google Chrome doesn’t secure stored passwords

    protect passwordStay Smart Online (SSO) has issued an urgent warning to Google Chrome users who save their passwords to their browser. Passwords are not secured properly – allowing other users to be able to view all saved passwords! We look at the vulnerabilities for this method on any browser, and look at what other methods of password retrieval computer users can to adopt to protect their important personal information and ultimately – their credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    Here is an excerpt from the SSO warning – issued on Friday:

    Chrome will typically prompt you to save your password for a site that you visit, and remember this for future logins. While other browsers offer the option of a “master password” that can be activated to protect your passwords, Chrome does not.

    On any Google Chrome browser, you can type chrome://settings/passwords into the URL bar. This will display a page listing all of the passwords held by that browser—for all users of that computer.

    This is particularly concerning for shared computers. You should never save your passwords when using shared computers, such as public computers at a library or airport.

    Do not rely on your browser to safely store passwords for you if someone else has physical access to that machine.

    Only allow people you trust to access to your computer, especially if that computer contains confidential information.

    Online expert Daniel Smith says saving passwords on your browser is something you should never do.

    “It may be a convenient way to store the many passwords you might have for different accounts, but if it’s convenient for you, it can be convenient for anyone looking to steal them as well,” he says.

    Daniel recommends people wanting to remember difficult passwords should use a secure and trusted third-party tool to protect and manage their passwords rather than save them to their browser.

    “Sites such as Passpack.com or Lastpass could be good secure options for password management. One thing to note is that passpack has never been hacked. Another thing to note is that all browsers not just chrome do this,” Daniel says.

    Daniel’s Key Tips To Protect Your Password

    1. Use secure passwords. Come up with a unique password scheme – for example every 3rd vowel is a number or symbol. Or you could use two unrelated words which are memorable to you, and use tools like the Shift key to create a password that can’t be easily deciphered.

    2. Use a different password for each account. It may be harder to remember, but it may just take a little bit of work to make your passwords unique and also easy to remember.

    3. Use a unique username – not the default setting. Don’t use ‘admin’ as a username. You should use a username with at least 8 characters and include characters you have to press Shift for.

    4. Minimise password login attempts. For sites you have control over access to – restrict the number of attempts allowed to access the site, before the user is ‘locked out’, which prevents multiple attempts to crack the password.

    5. Include a 2-step verification plug-in. You can download a plug-in which requires 2-step authentification similar to bank requirements when logging in to the site. These are harder to infiltrate by hackers, but Daniel says many don’t use them because they are inconvenient.

    6. Never store passwords in your browser. Take time to make passwords unique yet easy to remember or use a secure third-party password manager if necessary.

    Personal Information Security and Your Credit File

    Stealing passwords or personal information through these channels can lead to identity theft and potentially fraud. Hackers can on-sell your personal information to fraudsters who have identity theft as part of their repertoire.

    Information like passwords, dates of birth, account numbers, full names etc can be warehoused and used to steal your identity and take credit out in your name. Fraudsters have been known to go so far as to take out personal loans, credit cards and even mortgage homes in their victim’s name.

    Fraudsters are never so kind as to pay this credit back – which leads to defaults on your credit rating. Most victims are unaware of this until they apply for credit in their own right and are flat out refused.

    For between 5 and 7 years you can be locked out of credit while your credit rating shows up someone else’s defaults.

    Unfortunately in the past it has not been easy for identity theft victims to prove they did not initiate the credit, particularly if they have no idea how they were duped in the first place. Often this sophisticated type of fraud is instigated by overseas crime syndicates who don’t leave much of a trail, or even if they do, can’t be prosecuted easily.

    Prevention really is key to protecting your credit file from this fraud – so spend some time and make sure your passwords are as secure as possible as a first line of defence against identity theft.

    Image: foto76/ www.FreeDigitalPhotos.net

  • Phishing email alert

    phishing emailStay Smart Online recently issued an alert about a number of new phishing emails carrying malware which have been identified in the recent days. The emails pretend to come from a number of Australian institutions including the Australian Tax Office (ATO), the Commonwealth Bank, National Australia Bank (NAB) and Telstra. Others have also been identified mimicking MMS messages. We look at the details of these phishing emails, and the dangers malware can pose for your identity and your credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    It seems these phishing emails are more prolific than ever, and can be an easy trap to fall for with the untrained eye. For example, last week MyCRA received some emails via our published email addresses, purporting to be from credit reporting agency Dun & Bradstreet. The email contained a zip file which if opened, I’m sure would have contained malware. The email looked very convincing at first glance, and was relevant to our profession both with the source and content of the email. It was only after reading thoroughly through the email we identified it was from an international DnB – and we understood it to be a scam. DnB UK had issued an official warning to its customers and clients about this scam. But how many people would fall for it?

    These fraudsters must have programs to troll through websites, identify frequently used words, and allocate appropriate phishing emails accordingly. How advanced – and how dangerous this process is.

    Stay Smart Online has provided examples of the current ATO phishing messages which appear to be sent from payroll provider ADP, and may include malware attached as a .zip file (currently ATO_TAX_16072013.zip). The banking examples have included malware attached as SecureMessage.zip. An example of the ATO phishing email is below:

     

    ———- Forwarded message ———- Date: Mon, 15 Jul 2013 15:35:42 -0800 From: payroll.invoices @adp com Subject: Australian Taxation Office – Refund Notification

    Australian Taxation Office 16/07/2013

    TAX REFUND NOTIFICATION

    After the last calculation of your fiscal activity we have determined that you are eligible to receive a refund of 6731.76 AUD.

    For more details please follow the steps bellow :

    – Right-click the link on the attachment name, and select Save Link As, Save Target As or a similar option provided. – Select the location into which you want to download the file and choose Save. – Open the file Microsoft Word file to view the details.

    Sonny Stout, Tax Refund Department Australian Taxation Office

    If you receive this email, simply delete it. Do not respond or open the attachment.

    SSO says many security products are not identifying the attachment correctly as malware, meaning that if you open the attachment, a Trojan will attempt to install on your computer.  But the say detection rates are improving quickly as more security vendors add this malware definition to their products; in the meantime, your computer may be vulnerable. Another reason to include automatic updates of your anti-virus product.

    Avoid phishing emails

    Always be suspicious of unsolicited emails.

    Do not click links or open attachments unless you are confident about the sender and information the email contains. The best advice is to simply delete the email.

    If you are uncertain about the origin of any email you can always cross check the information by going independently to the company or source’s website or by calling them directly.   More information   Read Stay Smart Online’s advice about avoiding phishing and advice about spam.

    Information provided by Telstra’s Chief Security Specialist, Scott McIntyre.

    The ins and outs of phishing scams

    Phishing scams are generally emails or text messages which impersonate genuine companies in the hope of tricking victims into giving out their personal and financial information.

    The aim of phishing is to steal information like bank and credit account numbers, passwords, and other crucial data. The ACCC’s Scamwatch website warns that phishing emails are not easily distinguishable from genuine corporate communication:

    “Phishing emails often look genuine and use what look to be genuine internet addresses—in fact, they often copy an institution’s logo and message format, which is very easy to do. It is also common for phishing messages to contain links to websites that are convincing fakes of real companies’ home pages.

    The website that the scammer’s email links to will have an address (URL) that is similar to but not the same as a real bank’s or financial institution’s site. For example, if the genuine site is at ‘www.realbank.com.au’, the scammer may use an address like ‘www.realbank.com.au.log107.biz’ or ‘www.phoneybank.com/realbank.com.au/login’.”

    The ramifications of falling for a phishing scam

    Clicking on links in phishing scams can mean just the simple act of clicking on the link can put you in danger. Many phishing emails are designed to infect computers through virus-containing links in the emails. This could mean that you could download a Trojan or similar virus designed to steal your financial information – and you may have no idea its happening.

    This could be dangerous for your credit file. Because while you are carrying out your normal online transactions, the Malware that you have installed could be tracking passwords, financial details and personal details about you. This could be used by a clever and determined cyber-crook in order to build a fake identity in your name.

    Suddenly credit could be accessed in your name, and you probably won’t know about it until you apply for credit yourself and are refused. This presents real problems for fixing your credit rating, because what we know about removing unfair or inaccurate listings from your credit file is that you must provide evidence and proof that you didn’t initiate the credit. This can be difficult to do when you have no idea how the theft of your information occurred. It can be a nightmare for victims.

    So don’t get hooked by a phishing scam. If you receive an email that looks legitimate – go independently to the Bank or other company’s website to verify it. Or use the official Bank phone number (not the phone number presented on the email) to call the bank directly to verify the email is legitimate.

    Image: David Castillo Dominici/ www.FreeDigitalPhotos.net

  • Gamers: cheating could cost you your credit rating

    If you or someone in your family is a gamer, then you would be familiar with gamershacks. Hacks and cheats are designed to give a gamer help with a game by allowing them to download useable software for assistance. But security company, AVG says downloading hacks could open up a can of worms not only for the gamer, but for anyone else that uses the computer, because you have probably also just downloaded Malware. We look at how this occurs, what Malware does and what the risks are for your personal information and  your credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au

    Antivirus vendor AVG has issued a warning to gamers following research which suggests that more than 90 per cent of ‘hacks’ available online contain some form of malware or malicious code.

    Hacks and cheats are commonly incorporated into games; however, the sheer popularity of online multiplayer games has made gamers prime targets for cybercriminals.

    “The research suggests more than 90 per cent of hacks, cracks, patches, cheats, key generators, trainers and other downloadable game tools contain malware or executable code.

    These hacks are commonly delivered via unregulated torrents and file sharing sites, an easy vector for malware.

    Malware inadvertently downloaded with hacks can give attackers easy access to your online gaming account as well as other sensitive information such as online banking details, personal data and passwords for other online services,” Stay Smart Online recently advised.

    They advise gamers to only download patches from the game’s official site, and to avoid any unofficial software. They also recommend:

    Always be suspicious of any files downloaded from torrents and file sharing websites.

    Ensure you always have up-to-date security software installed on your computer.

    Use unique account logon and password information for each of your online gaming accounts (and every other online service you use).

    What is ‘malware’?

    Malware— is short for ‘malicious software’. It is a type of malicious code or program that is used for monitoring and collecting your personal information (spyware) or disrupting or damaging your computer (viruses and worms). Stay Smart Online explains in more detail:

    Spyware

    The term spyware is typically used to refer to programs that collect various types of personal information or that interfere with control of your computer in other ways, such as installing additional software or redirecting web browser activity.

    Examples of spyware include:

    Keyloggers  

    A keylogger is a program that logs every keystroke you make and then sends that information, including things like passwords, bank account numbers, and credit card numbers, to whomever is spying on you.

    Trojans

    A Trojan may damage your system and it may also install a ‘backdoor’ through which to send your personal information to another computer.

    Viruses and worms

    Viruses and worms typically self-replicate and can hijack your system. These types of malware can then be used to send out spam or perform other malicious activities and you may not even know it.  Both can use up essential system resources, which may lead to your computer freezing or crashing.  Viruses and worms often use shared files and email address books to spread to other computers.

    malwareMalware and your credit file

    If fraudsters can get their hands on your personal information they can steal passwords to not only the gaming site, but also to the bank or credit accounts of anyone who uses that computer.

    They can also create a patchwork quilt of information that can allow them to eventually have enough on you to request duplicate identity documents (identity theft), and apply for credit in your name (identity fraud).

    Running up credit all over town, perhaps buying and selling goods in your name, or in some cases mortgaging properties –you may have a stack of credit defaults against your name by the end of their ordeal – and sometimes no proof it wasn’t you that didn’t initiate the credit in the first place.

    Recovery can be slow, and in some cases you may have no way to prove you weren’t responsible for the debt – with fraudsters leaving no trail and the actual identity theft happening long before the fraud took place.

    Who might be most at risk?

    Gamers often aren’t worried about risks to their personal information as they are often young people who consider they don’t have much to lose, when in fact they do. Firstly, if Malware is downloaded – it puts the entire family at risk. But secondly, a young person is just as vulnerable as anyone to exploitation. There have been reports of crooks harvesting the personal information of young people and storing it until the victim turn 18. Australian Police have issued warnings on the issue of data warehousing in relation to Facebook in the past, but fraudsters won’t be fussy about where they get it from. It all has a lucrative price on the ‘black market’ of personal information.

    For more help with teaching kids and young people about online risks, go to the Stay Smart Online website http://www.staysmartonline.gov.au/kids_and_teens.

    Visit our main website www.mycra.com.au for more information on identity theft and your credit file.

    Image 1: Arvind Balaraman/ www.FreeDigitalPhotos.net

    Image 2: Salvatore Vuono/ www.FreeDigitalPhotos.net

  • Westpac customers warned: don’t be fooled by scam emails

    phishing emailBE CAUTIOUS WITH EMAILS FROM BANKS –EVEN YOURS. You may have received a “Security Upgrade” email from Westpac recently. If you are a Westpac customer, you may have read this email. You may have even taken it seriously… We want to warn you, this email is a scam! We describe what this email looks like, what it’s designed to do, and what you need to do if you come across it. If you are not a Westpac customer, this may still be extremely important for you, as these types of emails are targeting you in different forms every day and can impact not only your bank accounts, but also your personal and financial identity.

     

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    On Tuesday the Government’s ‘Stay Smart Online’ website sent out an alert about a very fishy phishing email targeting Westpac Bank customers. The SSO alert is below:

     

    Westpac customers targeted again by phishing emails

    28 May 2013

    Email warns of security upgrade, but links to fake banking site

    On 23 May 2013, antivirus vendor AVG issued a warning about the circulation of fake security notification emails pretending to originate from Westpac.

    Like similar fake emails that have targeted Westpac, this example claims to be addressing security concerns over a “recent spate of fraud and identity theft”. It advises that a security upgrade is being undertaken and will be effective once customers login to their account.

    The email includes a number of tell-tale errors that suggest it is a fake. In the image below, AVG has provided an overview of the errors which can help to identify it as a scam.

    AVG Westpac phishing email

    Image credit: AVG

    The fake banking website linked from this email looks similar to Westpac’s current online banking logon page.

    Don’t be fooled. This page is set up explicitly to capture your banking details.

    Westpac phishing email

     [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][Image: SSO]

    Avoid phishing emails

    Always be suspicious of unsolicited emails.

    Do not click links or open attachments. The best advice is to simply delete the email.

    If you are uncertain about an email you can always cross check the information by going independently to the company’s website or by calling the company directly.

    Westpac hosts a list of examples of ghost sites/fake sites that mimic its online banking page.

    Many reputable websites will specify how they will communicate with you on their website. Anything outside of this is suspicious. Westpac provides useful information about security on its website.

     

    The ins and outs of phishing scams

    Phishing scams are generally emails or text messages like the Westpac email, which impersonate genuine companies in the hope of tricking victims into giving out their personal and financial information.

    The aim of phishing is to steal information like bank and credit account numbers, passwords, and other crucial data.

    The ACCC’s Scamwatch website warns about phishing emails also. It warns they are not easily distinguishable from genuine corporate communication:

    “Phishing emails often look genuine and use what look to be genuine internet addresses—in fact, they often copy an institution’s logo and message format, which is very easy to do. It is also common for phishing messages to contain links to websites that are convincing fakes of real companies’ home pages.

    The website that the scammer’s email links to will have an address (URL) that is similar to but not the same as a real bank’s or financial institution’s site. For example, if the genuine site is at ‘www.realbank.com.au’, the scammer may use an address like ‘www.realbank.com.au.log107.biz’ or ‘www.phoneybank.com/realbank.com.au/login’.”

    The ramifications of falling for a phishing scam

    Clicking on links in phishing scams can mean your banking details are captured by fraudsters and can be accessed in order to drain your bank accounts. But in addition to this, just the simple act of clicking on the link can put you in danger. Many phishing emails are also designed to infect computers through virus-containing links in the emails.

    This could mean that you could download a Trojan or similar virus designed to steal your financial information – and you may have no idea its happening.

    This could be dangerous for your credit file. Because while you are carrying out your normal online transactions, the Malware that you have installed could be tracking passwords, financial details and personal details about you. This could be used by a clever and determined cyber-crook in order to build a fake identity in your name.

    Suddenly credit could be accessed in your name, and you probably won’t know about it until you apply for credit yourself and are refused. This presents real problems for fixing your credit rating, because what we know about removing unfair or inaccurate listings from your credit file is that you must provide evidence and proof that you didn’t initiate the credit. This can be difficult to do when you have no idea how the theft of your information occurred. It can be a nightmare for victims.

    So don’t get hooked by a phishing scam. If you receive an email that looks legitimate – go independently to the Bank or other company’s website to verify it. Or use the official Bank phone number (not the phone number presented on the email) to call the bank directly to verify the email is legitimate.

    Top image: David Castillo Dominici/ www.FreeDigitalPhotos.net

     [/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • Fraudsters cashing in on public fear over password security

    fake password checking siteAustralians are warned to be aware of a scam which is targeting public uncertainty following publicised hacking events or data breaches. People are being sent links to fake sites which ‘test’ your logon details for popular sites such as Twitter, LinkedIn, Facebook, Hotmail and Gmail. But be warned, many of these are fake password checking sites, or similar and are phishing for your user name, password and other personal information. We look at this scam in more detail, and how it could impact you and your credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

    Giving away your details to these sites could put you at risk of identity theft and credit fraud– so the message from Australia’s ‘Stay Smart Online’ is – always be suspicious of sites asking for your user name, password or personal information. If you’re not sure – don’t take the chance.

    “Links to password checking sites often circulate on social media and email after publicised hacking events or breaches – such as the hacking of the Associated Press’s Twitter account – a time when checking the strength or security of your own account might seem appealing,” Stay Smart Online warned in an alert yesterday.

    SSO advises never to enter your username and password anywhere except on the site it is intended for:

    Don’t use links in emails or social media messages that take you to a log in page. Navigate there yourself independently to make sure you are on the legitimate site’s logon page.

    Make sure the addresses of the websites you use are correct.

    When logging on to a website, check for HTTPS (or a padlock) in the address bar. This is the secure form of HTTP. Websites that don’t offer HTTPS at logon are unsecured.

    Always be suspicious of unsolicited emails, especially those seeking personal or financial information.

    SSO says there are some legitimate password-checking sites out there, and some of the legitimate sites have been copied.

    Legitimate sites can use minimal information supplied by you, such as your email address (not your password!) to check your address against lists of stolen information found in data dumps on hacker sites. Other legitimate sites may offer to simply test the strength of your password. But trying to distinguish the real from the fake may not be worth the risk.

    SSO warns fake sites may be very difficult to distinguish from legitimate ones, and will simply collect your details.

    “…someone then has everything they need to access to your account,” SSO states.

    The danger in clicking on any link from an unknown source is not only that the personal information that you give out could be directly warehoused for future purposes of identity theft for fraud, but you could also end up downloading malware or a virus which takes that information from your computer.

    Recently MSN Money commented on this latest scam in its story Avoid Password-Checking Sites:

    Given that most people still use simplistic passwords and use them across multiple sites — as has been shown in a variety of data breaches and surveys — there’s a lot at stake when you give yours away. Imagine losing control of not only your social networks, but also access to your email, online banking and other personal and financial information.

    Even if you catch the breach quickly, it will still be a colossal pain to get everything back to normal.

    What can fraudsters do if they can get their hands on your personal information?

    They can steal passwords to your bank or credit accounts and they can also create a patchwork quilt of information that can allow them to eventually have enough on you to request duplicate identity documents, and apply for credit in your name.

    Running up credit all over town, perhaps buying and selling goods in your name, or in some cases mortgaging properties – the victim can have a stack of credit defaults against their name by the end of their ordeal – and sometimes no proof it wasn’t them that didn’t initiate the credit in the first place.

    Recovery can be slow, and in some cases victims have had no way to prove they weren’t responsible for the debt – with fraudsters leaving no trail and the actual identity crime happening long before the fraud took place.

    New laws coming through in March 2014 are aimed at protecting your credit file following an incidence of identity theft. If you know you have been scammed, you will be able to put a ‘ban’ on your credit file – so no one will be able to access your credit information – therefore protecting your credit information from misuse.

    But if you don’t know you have been scammed until it’s too late, or if you can’t pinpoint what’s happened to you, it may be still be difficult to protect your credit rating. So you have to be sure you protect all of that, by staying ahead of scams such as this, and by keeping strong passwords.

    MSN Money provides some tips from Microsoft about password security to consider when creating — or changing — a password:

    • Make your password at least eight characters long

    • Mix up the characters with capitals, lower case, numbers, symbols and punctuation marks

    • Change your passwords regularly

    • Use different passwords on different sites

    If you think you might have entered details into a fake site…

    * Change your password immediately. If you use the same logon information elsewhere you should also change these passwords, ensuring you create a unique password for each service.

    * Contact the Police – as well as your bank – especially if you have given over personal information to fraudsters. Don’t be embarrassed – it is only through identity theft being reported that data gets collected and appropriate preventative measures eventually get put in place. You should also contact the credit reporting agencies that hold your credit file and inform them that you may be at risk of identity theft.

    * Order a copy of your credit report. If there are any inconsistencies on your credit report – change of address, strange credit enquiries and credit you don’t believe you’ve accessed, then you may already be a victim – and should do all that’s possible to follow up on each account so as not to accrue defaults on your credit file that should not be there.

    Credit file defaults are difficult for the individual to remove and generally people are told by creditors they remain on our file for 5 years, regardless of how they got there.

    Although it seemed so easy for the fraudster to use your good name in the first place, you are now faced with proving the case of identity theft with copious amounts of documentary evidence.

    If you have neither the time nor the knowledge of our credit reporting system that you may need to fight your case yourself, you can seek the help of a credit repairer. A credit repairer can help you to clear your credit file and restore the financial freedom you rightly deserve.

    The reason a credit repairer is usually so successful in removing your credit file defaults, is their relationships with creditors, and their knowledge of current legislation.

    Visit www.mycra.com.au  for more information on identity theft or how to repair bad credit.

    image: foto76/ www.FreeDigitalPhotos.net

     

  • Fraudsters pinch Australian Crime Commission logo to scam consumers

    Don’t be fooled with unsolicited emails, no matter how ‘official’ they look. The Australian Crime Commission (ACC) announced last week it has been made aware of a number of scams using the ACC name and logo to lure consumers into paying thousands of dollars into fraudulent bank accounts. We describe the details of this scam, and look at what you could be giving away that could lead to bad credit history.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    The ACC was last week alerted to a fraudulent email pretending to be from ACC Chief Executive Officer John Lawler, which asks the consumer to pay $900 into a Nigerian bank account in order to receive US$5 million.

    The email is sent from a non ACC email address. The ACC says all legitimate ACC emails contain @crimecommission.gov.au.

    They say the ACC will never request money from individuals in this way.

    Identifying characteristics of these emails may include:

    • Reference to the Department of Homeland Security
    • Reference to the Chief Executive Office of the Australian Crime Commission
    • Reference to Nigerian based banks
    • Requests for recipients to send amounts of money,” the ACC media release explains.

    This comes hot on the heels of another scam using the ACC name to rip off Australians.

    In late September the ACC became aware of a scam that falsely used the ACC, Australian Federal Police (AFP) and Australian Security Intelligence Organisation (ASIO) logo in an attempt to lure consumers into paying large sums of money for fake criminal background checks.

    The fraudulent criminal background checks were being initiated by criminals using dating websites.

    The ACC says the scams highlight the prevalence and scope of frauds being initiated by criminals operating in the cyber environment.

    Criminals are prepared to go to great lengths to pilfer the money or personal details of their victims. To target Australian victims, the average cyber-criminal or scammer needs to be pretty savvy. Most Australians are aware of the obvious scams (although they still do catch out some), but elaborate ones such as the recent investment super scam has meant many well-educated and intelligent people become victims.

    It’s do with the logos, the proof, the fake websites, and the fake statistics. You just don’t assume that people would go to those lengths to steal your money –right? Wrong! The more elaborate the scam, the more likely it will catch out those with serious money. If the prototype works – fraudsters can use it again and again to catch out thousands before they are shut down.

    The other danger with receiving unsolicited emails, is that you can unknowingly download a virus by clicking on a link or attachment. This virus can cause your computer to be part of a botnet, or it can use keyloggers to record your keystrokes and take your passwords and usernames for important sites you use online. So even if you don’t fall for the scam, you can still fall victim to scammers.

    Scams can bring profits in a myriad of ways. Fraudsters can swipe small amounts over a widespread group – or they can concentrate on draining the bank accounts of a few. What they can also do, is misuse or even on-sell the personal details of the victim for purposes of constructing a fake identity to steal credit.

    If successful, crooks can access credit cards, goods or even larger items like houses and cars. This leaves the victim in debt, and it will also leave the victim with a series of credit defaults attached to their name. It is just debilitating for the victim, who then has to go and try to prove to creditors they didn’t initiate the credit in order to clear the bad credit history.

    To prevent this from happening to you, we have compiled a quick list of some ways you can prevent becoming a scam or identity theft victim:

    1. Keep virus software up to date on your computers. Install automatic updates and perform regular virus scans.
    2. Be careful with unsolicited emails. Check the email address before you click on links and attachments.
    3. Keep your privacy settings secure on all social networking sites.
    4. Keep your passwords and PIN numbers secure. Don’t carry PIN numbers with your credit/debit cards, change passwords regularly and use a variety of passwords for different purposes.
    5. Check all your credit card and bank statements each time they come in.
    6. Cross-shred all personally identifiable information which you no longer need, rather than throwing it straight in the bin.
    7. Buy a safe for your personal information at home.
    8. Do not give any personal information or credit card details to anyone via phone, online or email unless you are sure the site is secure, and or you can verify the company details.
    9. Be aware of who gets your personal information and for what purposes. What can these people do with the information they are gathering? For instance, is it really necessary for the site you are registering on to have your date of birth?
    10. Keep up to date with the latest scams by subscribing to the government’s ‘SCAM watch’ website.
    11. Check your credit file for free every 12 months. By requesting a copy of your credit file from one or more of the major credit reporting agencies, Veda Advantage, Dun & Bradstreet and Tasmanian Collection Service (TASCOL) you can be aware of any discrepancies which may need to investigated. Often it is only through a credit check which comes back with defaults on your credit file that  you may realise you have been a victim of identity theft.
    12. Report any incident of identity theft, no matter how small, or even if you have been reimbursed for the damage – to the Police. The more of us that report identity theft, the more effective will be our Government and Police response to it.

    For further information, visit these helpful links:

    ACCC’S SCAMwatch www.scamwatch.com.au for help with how to spot a scam and how to keep personal details safe.

    To report a scam, telephone them on 1300 795 995

    Stay Smart Online www.staysmartonline.gov.au for help with how to secure your computer, and how to keep abreast of cyber-related crime.

    MyCRA Credit Rating Repairs www.mycra.com.au for help with recovering your credit file following credit defaults from identity theft. Call 1300 667 218 to speak with a Credit Repair Advisor.

    Image: fotographic1980/ www.FreeDigitalPhotos.net

  • They’re ba-ack again! Fraudsters change tactics on Microsoft virus scam

    If you own a computer – or a telephone for that matter – you may be vulnerable to computer-related scam attempts. The old Microsoft virus scam may have been shut down, but a new one has popped up in its place. We look at the current computer cold call scam warning, what you should do if you are called by these scammers, and what the ramifications of falling for this scam could be for your financial identity and credit file.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    Remember the scam going around where fraudsters were claiming to be from Microsoft and were cold calling in Australia to offer “technical support” to remotely assist in clearing viruses off home computers?

    First detected in 2010, the ‘Microsoft Phone Scam’ was clever, and caught out thousands. Callers knew the victim’s name and address. These fake security engineers were claiming to see problems with the victim’s computer and asking whether the victim had noticed their computer becoming slower recently.

    They went on to offer to take over the machine and fix the problems. The scammers were using legitimate remote access software, such as LogMeIn, TeamView and Ammyy.

    Scammers then requested money for this ‘service.’ On top of that, it put the victim’s personal and banking details at risk. It also gave the scammers remote access to their computer, which can potentially lead to infected computers and pilfering of personal information via keyloggers.

    Gizmodo’s recent article ‘Global Operation Sees Infamous ‘Microsoft’ Scammers Finally Taken Down [fusion_builder_container hundred_percent=”yes” overflow=”visible”][fusion_builder_row][fusion_builder_column type=”1_1″ background_position=”left top” background_color=”” border_size=”” border_color=”” border_style=”solid” spacing=”yes” background_image=”” background_repeat=”no-repeat” padding=”” margin_top=”0px” margin_bottom=”0px” class=”” id=”” animation_type=”” animation_speed=”0.3″ animation_direction=”left” hide_on_mobile=”no” center_content=”no” min_height=”none”][Updated]’ explained the extent of the success of the scam prior to its takedown:

    Three years on from the first report into the ACMA about the Microsoft scammers, over 10,000 complaints have been recorded. The ACMA says that the worst point came two years ago, when every second complaint to the agency was about the Microsoft scammers. This was in 2011 — a year when scam activity had doubled on the previous period. 52 per cent of the 83,000 scam complaints the ACMA received in 2011 presented as phone scams. All in all, in that 12 months, Australians lost a total of $85.6 million to various scammers.

    Gizmodo reported international efforts from Australia, Canada and the United States brought down U.S. based scammers only a couple of weeks ago. The scammers became the first individuals to be caught in connection with the scam. They’ve had their assets frozen and they are presumably now awaiting a hearing over fraud charges.

    Not to be dismayed, scammers have obviously thought the gig was too lucrative to dismantle yet – and they have changed tactics – hitting those original victims with yet another scam. As if they hadn’t suffered enough!

    On Friday Stay Smart Online issued a warning that computer-related scams were doing the rounds again. It may be important for those who may have been targeted last time.

    “Following international efforts by agencies to close down the infamous ‘Microsoft imposter scam’, reported earlier this month, examples of scammers responding with new approaches have been noted.

    This includes scammers making follow up calls to previous targets of the original scam, offering apologies and refunds in response to the closing down of (fake) support they provided previously.

    Scammers may also claim to be from a foreign government, foreign law enforcement agency or bank, and offer to recover the money you initially lost, in return for a fee,” SSO notes in its warning.

    Your personal information in the wrong hands can lead to identity theft which threatens the health of your credit rating. Fraudsters can duplicate your identity and take out credit in your name – leaving you with debts you didn’t initiate and bad credit from outstanding accounts in your name.

    Think recovery would be easy? Think again!

    Clearing bad credit history is always difficult for individuals to undertake. Most enquiries will result in Creditors telling you that bad credit is there to stay for the term of the listing (usually 5 years). The only thing you can do to change that is to prove there is an inconsistency by demonstrating that the listing was put there unlawfully. An identity theft victim’s task is then to prove that they did not initiate the credit in the first place, but proof is not always easy to obtain – especially when you have no idea of exactly how the fraud occurred. Many people don’t know they are victims until they go to obtain credit and are refused because their credit file is riddled with defaults.

    So what should you do if you get a phone call from one of these guys? SSO gives this advice:

    Suspect: Don’t accept anything at face value. Don’t make a payment over the phone or online without first checking the details.

    Think: Recognise the signs. If you’re being pressured to act, disclose personal details or send money to a stranger, it’s almost certainly a scam. (Microsoft never makes unsolicited phone calls about its products.)

    Report: Act to report the scam. Tell SCAMwatch and help stop scammers in their tracks.

    Ignore: Never respond. Hang up or delete the SMS or email after reporting.

    If you have had your credit file destroyed by identity theft, and need help recovering your good name – contact a professional Credit Repair Advisor on 1300 667 218 or visit the MyCRA Credit Rating Repairs website www.mycra.com.au. Professional credit repair can offer you the best chance of being able to clear bad history from identity theft for good.[/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

  • Skype users in Australia warned of identity theft threat

    The Stay Smart Online (SSO) Advisory service has issued a warning to Skype users this week about messages circulating the internet voice and video service which contain malware. Known as  ‘Dorkbots’, the malicious software can overtake your computer if you click the link in the message, infecting your computer and opening you up to identity theft. We show you what to look out for, and how you can be at risk of identity theft and other nasties which can impact your life and your credit rating.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    SSO Advisory is warning users to be careful about clicking on a link coming from a Skype instant message.

    Skype issued a warning on October 9 via the security section of their website about the ‘Dorkbot’ malware that is currently spreading via Skype.

    Users may receive a message asking ‘lol is this your new profile pic?, along with a link. You are warned not to click this link. This message may come from friends in your Skype contacts lists.

    If the link is clicked, the malware infects your computer. It may also cause your computer to become part of what is known as a ‘botnet’. A botnet is a group of compromised (infected by malware) computers that are used by criminals to carry out attacks on other computer systems.

    Dorkbot variants may also attempt to steal user name and password details for other services you use. Botnets are controlled remotely and can be instructed to perform further malicious acts via the internet.

    Whilst back on October 9 Skype had said a “small number” of Skype users have been targeted, this number may have escalated to greater levels, for SSO to launch an advisory. Security company Trend-Micro’s blog post ‘Skype worm spreading fast’ revealed on October 8 the company had blocked 2500 infected files in the 24 hours since discovery.

    If you are tech savvy, Trend-Micro explains further:

    “These Dorkbot variants will also steal user name and password credentials for a vast array of websites including Facebook, Twitter, Google, PayPal, NetFlix and many others. They can interfere in DNS resolution, insert iFrames into web pages, perform three different kinds of DDoS attack, act as a Proxy server and download and install further malware at the botmaster’s initiation. These are only some of the functionality of this pernicious worm.

    Some infections will subsequently install a ransomware variant locking the user out of their machine, informing them that their files have been encrypted and that they will be subsequently deleted unless the unfortunate victim surrenders a $200 fine within 48 hours.”

    Skype says, as a general word of caution, here are the steps to follow to avoid being scammed:

    1. Keep your Skype up-to date to ensure latest security features.

    2. Keep your PC or device security up to date with the latest anti-virus software

    3. It’s never adviseable to click on suspicious or unusual files and links, even if it’s coming from people you know.

    4. Check heartbeat or community for the latest news if unsure.

    As always, we regularly encourage our users to only download the latest version of Skype from skype.com. This is done to not only to ensure our users are able to take advantage of new features and functionality, but also to make sure you are getting a genuine version of Skype, as we remain committed to providing the best quality and security to our users.

    Back in July we featured a post explaining Malware which you might want to read if you want to know the ins and outs of Malware, titled ‘How Malware can infect your life and put you and your credit file at risk of fraud.’

    Here is an excerpt from that post:

    What can fraudsters do if they can get their hands on your personal information?

    They can steal passwords to your bank or credit accounts and they can also create a patchwork quilt of information that can allow them to eventually have enough on you to request duplicate identity documents, and apply for credit in your name.

    Running up credit all over town, perhaps buying and selling goods in your name, or in some cases mortgaging properties – the victim can have a stack of credit defaults against their name by the end of their ordeal – and sometimes no proof it wasn’t them that didn’t initiate the credit in the first place.

    Recovery can be slow, and in some cases victims have had no way to prove they weren’t responsible for the debt – with fraudsters leaving no trail and the actual identity crime happening long before the fraud took place.

    So to prevent devastating identity crime, which leaves you in debt and can leave you without any way of obtaining new credit for years to come, make it your business to educate yourself on internet and or computer risks. And think before you click….it could save your financial future.

    For help in recovering your good name following identity theft that has infected your credit file and your life, contact a Credit Repair Advisor on 1300 667 218 or visit the MyCRA Credit Rating Repairs website www.mycra.com.au.

    Image: Salvatore Vuono/ www.FreeDigitalPhotos.net

  • How Malware can infect your life and put you and your credit file at risk of fraud

    Think malware is a term used to describe clothes you go shopping in? Then you might have a big problem. Malware is what’s known as a syntactic form of identity crime – where fraudsters attempt to exploit technical vulnerabilities in order to commit fraud. Today the total malware count is just shy of 80 million. That’s scary stuff. We tell you exactly what it is, and what you can do to prevent your personal information from being exploited by fraudsters and prevent debt and bad credit history from credit fraud.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    Last week I received a warning from the Stay Smart Online alert service about a new spam email containing a Trojan horse virus as an attachment. This must have caught out enough people for SSO to put out a warning about it. In fact, new forms of malware catch out millions of people every day. It is reported there are 55,000 new unique malware samples per day sent out there. So how can we stay on top of it?

    Stay Smart Online defines malware, and explains how it can infect your life through your computer:

    What is ‘malware’ and how does it affect your computer

    Malware—short for ‘malicious software’—is the term often used to refer to any type of malicious code or program that is used for monitoring and collecting your personal information (spyware) or disrupting or damaging your computer (viruses and worms).

    Spyware

    The term spyware is typically used to refer to programs that collect various types of personal information or that interfere with control of your computer in other ways, such as installing additional software or redirecting web browser activity.

    Examples of spyware include:

    Keyloggers

    A keylogger is a program that logs every keystroke you make and then sends that information, including things like passwords, bank account numbers, and credit card numbers, to whomever is spying on you.

    Trojans

    A Trojan may damage your system and it may also install a ‘backdoor’ through which to send your personal information to another computer.

    Viruses and worms

    Viruses and worms typically self-replicate and can hijack your system. These types of malware can then be used to send out spam or perform other malicious activities and you may not even know it.  Both can use up essential system resources, which may lead to your computer freezing or crashing.  Viruses and worms often use shared files and email address books to spread to other computers.

    How does your computer become infected with malware

    Most spyware is installed without your knowledge. It often gets onto your computer through deception or through exploitation of browser vulnerabilities.

    •Spyware can come bundled with other software. When you download a program, the spyware can be downloaded and installed at the same time.
    •Some spyware infect a system through security holes in the Web browser or in other software. When the user navigates to a Web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and installation of spyware.
    •Be wary of USB sticks from unfamiliar or untrustworthy sources, for example those given away at conferences, trade shows, or in promotional packs. These devices may contain malicious software, which could cause severe damage to your computer or compromise your personal information.
    •Some “rogue” spyware programs masquerade as security software.
    •Worms can also be used to install spyware on your computer.

    A recent article published in the Sydney Morning Herald Tech Section has some alarming concerns from some pretty hefty security people about the internet’s battle with malware. Many wonder if we could possibly be losing the fight against it – with updates unable to keep up with new developments, and anti-virus letting some slip through the cracks. If you’re game, you can read this article here: Anti-virus can’t keep up with threat onslaught.

    Concerns aside, far and away the best way we can have any hope of fighting it – is with installing updates on our computers. Here are Stay Smart Online’s best tips for preventing malware:

    How to prevent spyware from getting onto your computer

    •Install anti-spyware and anti-virus software and set it to automatically check the product website for updates. This will ensure that your computer is protected against the latest viruses and spyware.

    •Install a firewall. It will prevent unauthorised access to your computer and the installation of spyware on it. Some firewalls can also prevent information being taken from your computer and sent to someone else.

    •If you must use a USB stick from an unfamiliar source, you should always scan the USB stick for viruses or other malware before accessing any of its content. You should also disable the autorun function, which is commonly enabled on the Microsoft Windows operating system. This will lessen the risk that any malicious software that may be on the USB stick, will automatically start when you connect it to your computer.

    •Keep yourself informed about the latest security threats and solutions. You can sign up for the free Cyber Security Alert Service from this website. Alternatively, your anti-virus software vendor may have an email alert system. Look for a ‘keep informed’ tab or section on the software’s main screen.

    •Be cautious about opening emails from unknown or suspicious sources. Look at the sender of the email as well as the body and the subject of the email. Do not open email attachments or click on hyperlinks in these emails. You should install spam filters to minimise the amount of spam you receive.

    •Set your anti-virus software and anti-spyware software to automatically scan incoming email.

    •Only download files and software from reputable web sites. Read the licence agreement and terms of use before you download software and don’t download it if you don’t understand or trust the terms and conditions.

    •Be wary when exchanging files even with colleagues or friends. Scan the files before you install them or run them on your computer.

    •Never click on an ‘Agree’, ‘Ok’ or ‘No’ button to close a window on a suspicious website or pop-up. This can launch spyware onto your computer. Instead, click the red ‘X’ in the corner of the window to close the window.

    Your credit file at risk

    In SMH’s article, Charles Wale, security and risk consultant at Lee Douglas and Associates, who has consulted for over 50 ASX-listed companies says consumers need to realise their machines are targets.

    “They are after your personal information for identity theft and login details, especially for banking sites so they can remove funds in their favour,” he tells SMH.

    What can fraudsters do if they can get their hands on your personal information?

    They can steal passwords to your bank or credit accounts and they can also create a patchwork quilt of information that can allow them to eventually have enough on you to request duplicate identity documents, and apply for credit in your name.

    Running up credit all over town, perhaps buying and selling goods in your name, or in some cases mortgaging properties – the victim can have a stack of credit defaults against their name by the end of their ordeal – and sometimes no proof it wasn’t them that didn’t initiate the credit in the first place.

    Recovery can be slow, and in some cases victims have had no way to prove they weren’t responsible for the debt – with fraudsters leaving no trail and the actual identity crime happening long before the fraud took place.

    So to prevent devastating identity crime, which leaves you in debt and can leave you without any way of obtaining new credit for years to come, make it your business to educate yourself on internet and or computer risks. And think before you click….it could save your financial future.

    If you need help in recovering your good name following identity theft, you may find a professional credit repairer can give you the best chance at having the defaults removed from your credit file. Contact MyCRA Credit Rating Repairs on 1300 667 218 for more information.

    Image: Idea go/ www.FreeDigitalPhotos.net

     

  • Cyber security is about protecting your credit rating.

    MyCRA is proud to be a partner for Cyber Security Awareness Week 2012, running this week from 12 to 15 June.  Awareness Week helps Australians understand cyber security risks as well as educating home and small business users on the simple steps they can take to protect their personal and financial information online. Today, we address the importance of cyber security for preventing bad credit history.

    By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repairs and www.fixmybadcredit.com.au.

    Cyber Security Awareness Week 2012 is an Australian Government initiative, held annually in partnership with industry, community and consumer groups and state and territory governments. According to the Stay Smart Online website, cybersecurity awareness is more important than ever.

    “Australians are increasingly relying on the internet in their everyday lives for banking, shopping, education and communication. It is, therefore, important that they are able to use the internet in a secure and confident manner. The government has established a range of initiatives to raise the awareness of Australian internet users about the importance of cybersecurity and the simple steps they can take to protect their personal and financial information online.”

    One of the big risks for Australians is that their internet use will lead to fraudsters stealing their personal information for purposes of identity theft (now the fastest growing crime in Australia) and potentially fraud. The good credit rating of the victim could then be damaged.

    If cyber-crooks are able to get their hands on enough personal information they may be able to construct a fake identity, which can lead to some serious credit fraud. Fraudsters have been known to go so far as to take out personal loans, credit cards and even mortgage homes in their victim’s name.

    When the identity theft goes so far as to affect the credit file of the victim, the issues can be huge. Unfortunately fraudsters are never so kind as to pay this credit back, so the victim is often unaware of a stream of defaults run up against their name, until the apply for credit in their own right and are flat out refused.

    For between 5 and 7 years identity theft victims can be locked out of credit while their credit rating shows up someone else’s defaults.

    Unfortunately in the past it has not been easy for identity theft victims to prove they did not initiate the credit, particularly if they have no idea how they were duped in the first place.  Often this sophisticated type of fraud is instigated by overseas crime syndicates who don’t leave much of a trail, or even if they do, can’t be prosecuted easily.

    But the ability to obtain credit is so crucial to functioning well in today’s society, that if the identity theft victim has also been a victim of credit fraud, they should make their clear credit rating a point worth fighting for.

    Firstly, the victim should contact Police as soon as they are made aware of possible identity theft, they may even be able to prevent the credit fraud occurring. If it has already happened, a Police investigation and report will be a good starting point for proving the person did not initiate the credit in the first place.

    Credit file repair can be difficult for the individual, but if there is an error on a person’s credit file it is worth pursuing. It can be made easier with the help of a credit repairer. A credit repairer has extensive knowledge of credit reporting legislation and how to apply the letter of the law to the credit file holder’s circumstances to ensure the best chance of having the listing or listings completely removed from the credit file if it has been placed unlawfully, for instance if the listing contains an error, is unjust or just shouldn’t be there.

    The best thing people can do for themselves is to prevent that crime from happening in the first place. People can provide a safety buffer for themselves and their family around one of the main channels for fraudsters to enter our lives – the internet.

    To start, people can follow these top tips provided by Cyber Security Awareness Week 2012 on how to stay safe online:

    • Install and update your security software; set it to scan regularly.
    • Turn on automatic updates on all your software, particularly your operating system and applications.
    • Use strong passwords and different passwords for different uses.
    • Stop and think before you click on links and attachments.
    • Take care when transacting online – research the supplier and use a safe payment method.
    • Only download “apps” from reputable publishers and read all permission requests.
    • Regularly check your privacy settings on social networking sites.
    • Stop and think before you post any photos or financial information online.
    • Talk with your child about staying safe online, including on their smartphone or mobile device.
    • Report or talk to someone if you feel uncomfortable or threatened online – download the Government’s Cybersafety  Help Button.

    In addition, people can and should subscribe to the email notifications from Stay Smart Online Alert Service. The Stay Smart Online Alert Service is a free subscription based service that provides home users and small to medium enterprises with information on the latest computer network threats and vulnerabilities in simple, non-technical, easy to understand language. It also provides solutions to help manage these risks.

    Also, people can look at securing different sections of their internet use in more depth with the help of Stay Smart Online’s key factsheets for online security.

    They can also help raise awareness of the issue amongst their own group of family and friends and insist that anyone who has their personal information has a responsibility to keep it safe.

    People should also check their credit file regularly, and act quickly on any discrepancies there – which can often be the first sign of identity theft. Copies of consumer and business credit files can be ordered from one or more of Australia’s credit reporting agencies, and are free for the credit file holder once per year.

    Stay tuned for more information updates as Cyber Security Awareness Week unfolds.

    Image above: Victor Habbick: www.FreeDigitalPhotos.net.