Phishing Attacks Happen Every Day. Stop, Look, Think.

Phishing Attacks Happen Every Day. Stop, Look, Think.

Phishing attacks happen every day. Stop, look, think.

transport truck

Phishing attacks are not a new concept, but they remain one of the most effective tools in the cybercriminal arsenal. With the growth of digital communication, phishing schemes have evolved and adapted, making it even more critical for users to be cautious and discerning. Understanding the social engineering mechanisms behind these attacks is essential for everyone in today’s digital age.

What are Phishing Attacks?

At its core, phishing is a type of online deception. Cybercriminals use seemingly legitimate messages, usually via email, to trick individuals into revealing sensitive information like passwords, credit card numbers, or bank account details. These messages can mimic those from well-known organizations, such as banks, service providers, or even friends and family.

The Social Engineering Behind Phishing

Social engineering is the art of manipulating individuals to perform actions or divulge confidential information, often by exploiting human psychology. In the case of phishing:

1. Urgency: Many phishing emails create a sense of urgency, pushing the victim to act quickly without thinking. For instance, they might say, “Your account will be locked in 24 hours unless you verify your identity now!”

2. Familiarity: Phishers often use known company logos, familiar email formats, and even spoofed email addresses to make their messages appear genuine.

3. Fear: These scams can prey on fear, suggesting that there’s been suspicious activity on an account or that personal data is at risk.

4. Curiosity or Greed: Some phishing attempts offer too-good-to-be-true deals or claim that you’ve won a prize to lure victims into clicking malicious links.

Stop, Look, Think: A Simple Strategy

To avoid falling victim to phishing attacks, always:

1. Stop: Before you click on any link or provide personal information, pause. Do not let urgency or fear dictate your actions.

2. Look: Examine the message. Check for misspellings, unusual language, or other inconsistencies. Hover over links (without clicking) to see where they lead. Confirm the sender’s email address.

3. Think: Why are you receiving this message? Were you expecting it? If unsure, contact the purported sender directly through a trusted method (like their official website) to verify.

Here are some examples of phishing emails Plus 1 Group gets all the time:

transport truck
transport truck
transport truck
transport truck
transport truck
transport truck
transport truck

Need more help or information?

Click the link below to contact us at Plus 1.

Open Hours

Monday to Friday
8:00am to 5:00pm

Closed Public Holidays

plus-1-logo

If you need to get us documents quickly, access remote support, or the MYOB Portal click the button above.

Contact Us

27 Welsford Street
Shepparton, VIC 3630

T: (03) 5833 3000
F: (03) 5831 2988
Email Us

Australian Website Domains to Change

Australian Website Domains to Change

Australian Website Domain Changes:

What they mean for your business

 

Market Volatility

You may have heard the recent announcement about the new .au direct domain that has been released.  Today, existing holders of a domain name ending with .au (your website address) can register for their equivalent, shorter and more memorable .au direct domain name.

Put simply, plus1group.com.au is able to register for plus1group.au.

 

Why would I do this?

 

From the 20th of September, any eligible person can purchase a .au direct domain.

By registering for a direct domain, you are preventing others from registering a domain using your name.  Take McDonald’s for example, if they were to not choose to register, any individual could register the domain name McDonalds.au

This is particularly critical where your specific product or company brand is identifiable by your website name, such as westernstarbutter.com.au.

 

Benefits of registering your .au direct domain name.

 

Registering your matching .au direct domain name before 20 September is quick and low-cost.

Here is why it’s worth your while.

  • It prevents anyone else from buying it, whether they’re cyber criminals or others looking to flip domains.
  • It’s inexpensive.
  • You don’t have to use it or create a new website. You can keep using your main website address and redirect the new .au direct domain to that existing address.

 The new .au domain is better, as it

  • Is a new option for Australian domains
  • Is shorter & simpler
  • Is uniquely Australian

As well as being a great way to ensure you are in control of your brand on the internet, registering for a .au direct domain can help you when the time comes to launch new projects or events: you will already own a place online that can house a microsite for a new product, for example.  It can also offer you a short, memorable name for a new business idea.

 

Whether you apply to register your matching .au direct domain name is ultimately up to you. auDA advises that it’s optional and has no effect on your existing .au domain names. To find out more about .au direct domains, go to https://getyour.au/ or visit the https://www.auda.org.au/  website.

Need more help or information?

Click the link below to contact us at Plus 1.

Open Hours

Monday to Friday
8:00am to 5:00pm

Closed Public Holidays

plus-1-logo

If you need to get us documents quickly, access remote support, or the MYOB Portal click the button above.

Contact Us

27 Welsford Street
Shepparton, VIC 3630

T: (03) 5833 3000
F: (03) 5831 2988
Email Us

DocuSign

DocuSign

Office Workers

Plus 1 Group uses DocuSign for the electronic signature of documents. 

We have chosen to use DocuSign to facilitate this process as it offers a secure, fast & efficient method for clients to sign.

All clients need to do is click on the ‘Review Documents’ button and the system will move you through the required pages.

No special logins or access is required and this can be done simply on your phone, tablet or computer.

Not all clients will be sent documents using this method. We will continue to process documents as they have been actioned in the past with DocuSign predominantly replacing emailed documents.

For more help signing documents, follow this link to DocuSign’s support page, for a step by step guide.

Should you have any queries or wish to update your contact email please contact your accountant or our Client Admin team on 03 5833 3000.

Need more help or information?

Click the link below to contact us at Plus 1.

Open Hours

Monday to Friday
8:00am to 5:00pm

Closed Public Holidays

plus-1-logo

If you need to get us documents quickly, access remote support, or the MYOB Portal click the button above.

Contact Us

27 Welsford Street
Shepparton, VIC 3630

T: (03) 5833 3000
F: (03) 5831 2988
Email Us

Importance of Backups

Importance of Backups

The Importance of Backups

Does your business have an effective solution in place?

boardroom-meeting

Why should you have backups?

Security of data has become an integral part of modern businesses with the threat of data breaches increasing greatly in the past five years. Ransomware itself has exponentially grown in the past two years and with COVID-19 and many staff working from home this can expose flaws in businesses security processes if they haven’t adapted to the changing landscape.

A study last year from Cyber Security Ventures showed that ransomware costs will reach 20 billion USD worldwide in 2021 after being only 325 million USD in 2015. And it’s not just ransomware that can negatively affect businesses with DDos attacks, supply chain attacks and zero-day exploits to software that are constant threats.

boardroom-meeting

These facts highlight the importance of data security and integrity in the current landscape, below we’ll go through the main reasons why you need to backup your data.

  • Preventative measures to stop data loss from hackers and other causes don’t always work and you can have the strongest firewall with the strictest security measures but there will always be an increased risk if you don’t employ a backup strategy.
  • Saving time and getting back online quickly. Restoring data to the original form as quickly as possible is the highest priority for business owners and without backups this can almost be impossible. Ensuring you have at least a 3-2-1 method for backups is key. This refers to have three separate backups over two different mediums such as tape and hard disk with one offsite backup. This strategy is a bare minimum and it is often preferred by businesses to have more offsite backups.
  • Data loss can occur at any time for many reasons and such as theft, failure, basic user error, crashes and natural disaster. A recent statistic showed that 60% of small and medium businesses that lose their data will shutdown within 6 months.
  • Loss of customer trust. If customers know that you’ve lost their data through whatever means the reputation of your business will suffer, you will likely lose customers, struggle to gain new ones and employees may hesitate to join your business. Adversely, being vigilant with backups and being able to demonstrate proper security measures increases customer confidence.

What Strategies Should You Introduce Going Forward?

Going on from this it’s important to put steps in place to ensure you backup and recovery go as smoothly as possible. If you haven’t already you should be implementing these methods;

  • Write up a Disaster Recovery Plan, if you already have one ensure its up-to-date. A Disaster Recovery Plan outlining the backup procedure amongst other things is essential for all types of businesses whether small or large. The plan generally covers risk reduction methods, testing schedule, who is involved and procedures for getting back to normal working conditions as quickly and efficiently as possible.
  • Employ at least the 3-2-1 rule for backups, ensuring that by having multiple backups they provide good failsafe measures from each other.
  • If you plan on using cloud-based backups ensure that you use a true cloud backup service as using services like Dropbox and Google Drive are limited in version history and lack automatic backup functionality.

The most important step is to start thinking about these methods and questioning what your business does to ensure its data integrity and security.

If you need any assistance setting up a backup solution contact our office and IT consultant can point you in the right direction.

Need more help or information?

Click the link below to contact us at Plus 1.

Open Hours

Monday to Friday
8:00am to 5:00pm

Closed Public Holidays

plus-1-logo

If you need to get us documents quickly, access remote support, or the MYOB Portal click the button above.

Contact Us

27 Welsford Street
Shepparton, VIC 3630

T: (03) 5833 3000
F: (03) 5831 2988
Email Us

Cyber Security Tips Over The Holidays

Cyber Security Tips Over The Holidays

Cyber Security Tips Over The Holidays

cyber-security-laptop

What should you be doing over the holiday period to keep yourself safe in cyber security? We outline a few simple tips to follow.

Shop smart with online purchases

  • Avoid purchasing from sites you don’t know; can you really trust that they aren’t selling your data elsewhere?
  • Avoid using links in emails to shopping sites advertising specials, instead navigate to main site yourself. These links could be redirects to dodgy versions which will harvest your passwords and other data.
  • Always relevant but particularly during the spending season; monitor your bank card statements for any suspicious activity (They might be easier to miss with all the spending for holidays).

Shared Wi-Fi networks

When travelling avoid using public Wi-Fi unless necessary. Free Public Wi-Fi is a particular problem for travellers as attackers know they are likely to connect to anything that is available (as often there is no other option).

Downloading Unknown Apps

During the holidays you have plenty of free time, right? Well careful what apps you download and ensure you only download from official sites like Google Play Store and App Store. Avoid free hotel apps as these often just subscribe you to more spam emails or maybe worse.

Two Factor Authentication

Although this is a trend that should definitely be implemented all year round (it involves setting up your phone as a confirmation when logging into an online service) it’s particularly important if you are travelling on the holidays as you will be notified immediately by the two-factor app or any unexpected login. This allows you to quickly login to the account and change the password, if it’s been compromised.

Don’t post about holiday times or locations on social media

Attackers knowing where you are at any particular time is definitely not good thing, and although it might be very tempting to notify friends on where you are, this makes you an easy target for which the data can be used in many unexpected ways.

Phishing Email Scams

Again, this occurs all-year-round but during the holiday season crafty email phishers may be able to use your Out of Office reply message to their advantage. For instance, knowing when you’ll be out of the office until is valuable information that can be used in a phishing attack. For example – you’re not contactable so the attacker sends a ‘sense of urgency’ email asking a staff member to change payment details.

Need more help or information?

Click the link below to contact us at Plus 1.

Open Hours

Monday to Friday
8:00am to 5:00pm

Closed Public Holidays

plus-1-logo

If you need to get us documents quickly, access remote support, or the MYOB Portal click the button above.

Contact Us

27 Welsford Street
Shepparton, VIC 3630

T: (03) 5833 3000
F: (03) 5831 2988
Email Us

Email Scams – 8 Ways to Avoid Them!

Email Scams – 8 Ways to Avoid Them!

Email Scams – 8 Ways To Avoid Them!

Spam emails make up approximately 45% of all emails every day, that’s 14.5 billion messages (spamlaws). This means it’s a large issue for almost all internet users, business and personal.
Below we will go over the best tips for picking out those pesky emails so you can best protect yourself and your business. The biggest key to defeating spam emails are education of users, you can have the best spam filter in the world but it’s not guaranteed to block all scam emails without blocking legitimate emails.

1. Don’t Trust The Display Name

Email addresses can be ‘spoofed’ and what I mean by that is they can be altered to make it appear like they have come from a legitimate source even though it has come from the scammer. The email address might even appear to be exactly the same!

For example, look at the below from address in a scam email we received;

The email appears at first to be a legitimate email from a Xero email address but they have actually spoofed Xero’s domain and the actual email is from stephen@aetherworkbooks.com.

2. Hover Over Links Within The Email

A key part of scammers emails are malicious links within emails. Often, they will make it appear like a legitimate link, maybe it has the correct logo or the wording is exactly the same as NAB’s for instance but the link will very often redirect to site where the criminals can capture your data. Sometimes there is only very small differences in the URL address of the fake links compared to the real link.

 Have a look at the below example taken from the same scam email as shown above;

When I hovered over the INV-7309009 link it shows clearly that it doesn’t go to a Xero address but this unknown aetherworkbooks address. A standard rule to follow is if you don’t recognise the link’s address don’t click it.

3. Email Is Not Personalised

The salutation of the email can often be a giveaway, scam emails a majority of the time will not address the recipient personally (as the are sent in bulk by nature) and will say something similar to “Dear Client” or “Dear Valued Customer”.

4. Grammar Mistakes

Email scammers are getting better at these mistakes but its an easy way for us to pick out a good chunk of illegitimate emails. Often these scammers don’t have a native English language so their vetting process of emails isn’t great. Remember these scam emails can come from organised groups too, so they can also be quite close to the real thing.

5. Sense Of Urgency

Scammer like to use a fear tactics where they make you think you are in immediate danger, for example a particular software has expired or your Microsoft account has been hacked. This aims to make you act irrationally without thinking through the situation and follow the scammer’s requests to resolve the issue quickly.

6. Time The Email Was Sent

Ever notice how you receive a lot of junk mail at night? Well this is a key sign the email isn’t legitimate, how many contacts do you know that would email you at 4am in the morning? 2 out of the 3 biggest country spam sources are the United States and Russia (Spamhaus), obviously being in completely different time zones to Australia.

7. Asking For Personal Information

This might seem like an obvious point but many people continue to get tricked into giving their details to strangers claiming to ‘help’. Remember legitimate companies will never ask for your personal data over email and even if it looks like a trusted organisation like the NAB or Government you should never give personal information out. If the scammer doesn’t use your personal details you give them, they will often sell your details on the black market for other illegitimate organisations to pickup and abuse.

8. The Sender Doesn’t Know The Addressee

One of the key things to think about with any suspicious email whether it be yourself or someone you know; is whether the recipient is expecting and email from this person and/ or do they know the sender’s address? So many scam emails can be eliminated by simply asking yourself that question. Although this doesn’t cover all bases and as mentioned above email addresses can be spoofed to make it look like an address you know, it still gives you a good starting point and gets you in the frame of mind to question these scam emails.

All of these tips can be followed quite easily by anyone, and honestly the biggest hurdle to continually beating scammers is awareness and education which I hope this article has provided!

Open Hours

Monday to Friday
8:00am to 5:00pm

Closed Public Holidays

plus-1-logo

If you need to get us documents quickly, access remote support, or the MYOB Portal click the button above.

Contact Us

27 Welsford Street
Shepparton, VIC 3630

T: (03) 5833 3000
F: (03) 5831 2988
Email Us