As we approach the End of Financial Year (EOFY), cyber criminals are once again exploiting this high-activity period, only this year their tactics are more sophisticated than ever. AUSCERT has observed a consistent and sharp rise in phishing scams, particularly those impersonating trusted government and taxation agencies. The surge in payments, invoicing, and accounting workflows during EOFY creates a perfect storm of opportunity for threat actors to target organisations already under pressure. Phishing scams have risen significantly in recent years, with reported incidents rising from 1,100 in 2022 to 2,500 in 2023, and reaching 2,960 in 2024. These scams often feature official-looking branding, convincing language, and urgent calls to action. Common tactics include prompting users to click malicious links, scan QR codes, or download attachments—typically under the disguise of tax refunds, account issues, or penalty warnings. Among AUSCERT’s members, unsurprisingly the Financial and Insurance Services industry remains the most heavily impacted during this time. Given its access to high-value data and essential services, this sector is a prime target for fraud, identity theft, and business email compromise (BEC), making vigilance during EOFY more critical than ever. Alarmingly, phishing threats are becoming even more difficult to detect with the rise of AI-generated scams. Artificial intelligence is now being used to craft highly personalised and scalable phishing campaigns that mimic human language and behaviour. These AI-powered scams are more deceptive, harder to identify, and faster to deploy making them a serious challenge for both individuals and organisations. To stay safe from ATO and MyGov-related phishing scams this tax season, it’s important to take the following precautions: Verify the source: Don’t trust unsolicited emails, calls, or texts. The ATO and myGov will never ask for sensitive information via email or SMS. Contact them directly using official channels. Hang up on threats: If a caller pressures you to pay or threatens arrest, end the call immediately. Legitimate agencies don’t behave this way. Avoid unknown links and attachments: Never click on unexpected links or open attachments from unknown sources. Be wary of urgency: Scammers use urgency to rush decisions. Take your time to verify before taking the next step. Protect personal information: Don’t share financial or personal details without validating the request through different communications channels. Report suspicious activity: Report phishing attempts to the ATO, ACSC, or ScamWatch. Keep software updated: Ensure your devices have the latest security updates and antivirus protection to defend against malware and phishing. Get Help: If you have been scammed as an individual, contact IDCARE. If your organisation has been impacted and you are an AUSCERT member, contact us. If not, contact the ACSC. By staying alert and applying strong cyber hygiene practices, both individuals and businesses can reduce the risk of falling victim to sophisticated phishing scams this tax season.

AUSCERT2025 Conference recap On the 20th of May the AUSCERT2025 Cyber Security Conference launched with two days of tutorials followed by two days of conference sessions, all centred around this year’s powerful theme: Evolve and Thrive. This theme wasn’t chosen lightly. In a world where cyber threats evolve daily, our industry must continuously innovate, adapt, and stay ahead of the curve. Evolve and Thrive captures that spirit perfectly, resonating deeply with attendees. The venue theming, featuring hand-drawn artwork, a dark ominous backdrop, and cyberpunk dinosaurs, was a visual hit. Sparking conversations and compliments from everyone in attendance. Hands-on Workshops with Industry Leaders During the tutorial days (20th – 21st), delegates had the opportunity to attend hands-on workshops led by industry leaders such as Bruce Large, Paul McCarty, and Chris Gatford. Topics ranged from Generative AI Security to Detection Engineering and ISO270001 Compliance. These tutorial days, offered as a complimentary add-on to conference registration, continue to be a favourite way for attendees to upskill in a practical and engaging environment. A Grand Opening and Powerful Keynotes The main conference began with a moving Welcome to Country followed by opening remarks from AUSCERT’s Director David Stockdale and AUSCERT’s General Manager Ivano Bongiovanni. Our keynote lineup, Jess Modini, Lt. General Michelle McGuinness and Professor Marek Kowalkiewicz, deliver compelling presentations to a packed room of over 900 delegates. Post conference feedback confirmed what we already know, the keynotes were a standout success. Adapting and Thriving Even in the Face of a Cyclone If you attended AUSCERT2025, you might have noticed that the Sponsorship Exhibition was a little different this year. Due to damage from Cycle Alfred, our usual marquee at The Star was unavailable. The AUSCERT Events team quicky pivoted, adapting to a new space with a smaller footprint. The result? A bright, open exhibition area that made the most of the Gold Cost’s beautiful spring weather and natural light. This created a vibrant atmosphere that exhibitor and delegates alike appreciated. A Glimpse into the Future: ICCs and Team Oceania. If you passed though the foyer on Wednesday or Thursday, you may have seen a group of very focused women typing furiously. This was the awesome women of Team Oceania, absolutely killing it. They were participating in a miniature Capture the Flag (CTF) challenge against several other international teams of women. This activation was our exciting first step in promoting AUSCERT2026, where we’ll proudly host the International Cybersecurity Championships (ICCs)! Community, Connection, and Cuddles We brought back beloved initiatives like our beloved Puppy Cuddle area, while also rethinking and retiring elements that no longer served our community. This year we focused on what our delegate truly value, connection, learning, and fun. Looking ahead to AUSCERT2026, we are already planning something extraordinary with hosting the ICCs. There will be challenges no doubt, but as always, we’ll rise to the challenge and deliver an unforgettable conference for our member and delegates alike!

In 2024 AUSCERT has strengthened its position as a trusted ally in cyber security by launching transformative initiatives, refining existing services, and deepening engagement within the global cyber security community. These achievements reflect our unwavering commitment to empowering members with the tools, knowledge, and support they need to navigate the ever-evolving cyber security landscape with confidence. We’re excited to present the 2024 Year in Review—a comprehensive look at our efforts behind the scenes. This report offers valuable insights into our services, the opportunities available to members, and key industry trends shaping the future of cyber security. Click here to read the report : 2024 Year in Review

As Cyclone Alfred approaches the SE QLD region, AUSCERT wants to remind its members that, in the wake of natural disasters, scammers can often exploit the vulnerability of those affected. Fraudulent activities can range from door-to-door scams to phone, text, mail, and email schemes. These fraudsters take advantage of the chaos and desperation following such events, frequently targeting individuals seeking disaster relief, insurance claims, or opportunities to assist others. To mitigate the risk of fraud during Cyclone Alfred and any post-cyclone recovery efforts, residents and those intending to donate to charities can take several key actions. Be cautious of scams following a disaster. Government agencies, like Services Australia and MyGov, will never ask for any sensitive information over the phone, so hang up and call their official number if in doubt. Phone scams may use caller ID spoofing to appear legitimate, so always verify calls independently. For insurance scams, never provide personal information until you have verified the contact directly with your provider. If contractors claim to be insurance partners, ensure they are licensed and insured by checking with local authorities. When donating to charities, only support trusted charities and verify their legitimacy through official websites. Be cautious with charity phone numbers, emails, or crowdfunding platforms, as scammers may pose as fake charities or misrepresent campaigns. Please see [1] and [2] for further information. Stay safe! REFERENCES [1] Avoid scams and fraud – https://www.servicesaustralia.gov.au/avoid-scams-and-fraud-when-claiming-natural-disaster-support [2] Avoid fundraising scams after an emergency – https://www.vic.gov.au/avoid-fundraising-scams-after-emergency

Written by AUSCERT Principal Analyst, Mark Carey-Smith Tabletop exercises are referred to by different terms, including “drills”, “simulations”, just “exercises” or “discussion exercises”, though these terms don’t always mean the same thing. NIST’s definition in SP 800-84 is: “Tabletop exercises are discussion-based exercises where personnel meet in a classroom setting or in breakout groups to discuss their roles during an emergency and their responses to a particular emergency situation. A facilitator presents a scenario and asks the exercise participants questions related to the scenario, which initiates a discussion among the participants of roles, responsibilities, coordination, and decision-making. A tabletop exercise is discussion-based only and does not involve deploying equipment or other resources.” In our context, the emergency situation usually involves a cyber incident. Tabletop exercises, or TTXs, can be oriented towards cyber incident response, business continuity, crisis management or elements of all three, depending on what the organisation running the TTX wants to achieve. Participants can be from any role; operational, cyber security, communications, executives or a combination. Why perform tabletop exercises? Having accurate and easy to understand incident response plans and playbooks is obviously important, but we just don’t know how effective they are until they are tested through use. It’s far safer to do that testing via a simulated incident in a TTX rather than a real one. Running TTXs can help provide an understanding for how people will respond to an incident. Even when we know it’s a simulation, it still gets some of the same juices flowing, which should also help people respond with lower levels of stress during an actual incident. TTXs can engage stakeholders, particularly executive ones, in a way that risk heat maps and logically structured arguments simply don’t, because if they are done well, TTXs can engage stakeholders emotionally. Emotional engagement can be a strong lever for change. By planning and executing TTXs in a progressive and supportive way that values opportunities for improvement, a culture of learning can be created that does not penalise mistakes but instead sees them as teachable moments. Some organisations have contractual obligations, for example from clients, to perform regular TTXs. Some insurance policies may require, or apply pressure via pricing mechanisms, for their clients to perform TTXs. Regulatory requirements, such as for some of the specific entities that fall under the SoCI ACT, require exercises to be performed, while others have implied obligations. The Australian Prudential Regulation Authority has requirements in CPS234 for regulated entities to: “…annually review and test its information security response plans to ensure they remain effective and fit-for-purpose”. In the associated CPG234, tabletop exercises are a recommended way to test incident preparedness. Audit findings may recommend the use of tabletops to improve or validate incident response practices. Such audits might be organisation-specific or sector-wide. To help non-technical stakeholders, like managers or execs, understand the difficulties and complexities of incident response better, such as the considerable amount of time that an incident can take to resolve, including recovery. Some useful information for designing and running TTXs: CISA’s tabletop exercise resources. Use google search “CISA CTEP filetype:docx” to find editable versions of some of their documents. ANSSI has some good resources for what they call ‘cyber crisis management’ exercises The ACSC has re-badged the original Exercise in a Box platform created by the UK’s NCSC and adapted the language and context for Australian audiences. It can be an easier and more structured way to deliver TTXs for first time facilitators. AUSCERT now delivers TTXs as part of our GRC services. We can design and deliver custom-created TTXs for organisations to suit their specific objectives. We can also assist organisations to deliver their own TTXs through assistance with planning, execution and evaluation. Please contact us for more information.

Introduction Medibank experienced a significant data breach in 2022, impacting the sensitive information of 9.7 million customers. The Office of the Australian Information Commissioner (OAIC) alleges that a contributing factor to this breach may have been the absence of Multi-Factor Authentication (MFA), which could have potentially hindered the attackers. AUSCERT compiled this information for its members and the broader community, urging organisations to consider implementing MFA as an additional verification layer before accessing accounts or sensitive information. It is important to note, however, that while MFA enhances security and reduces unauthorised access risks, it does not provide absolute protection for accounts – instances of MFA bypass by attackers have been observed for some time now.   What is Multi-Factor Authentication (MFA)? MFA goes beyond the traditional username-password combination by requiring two or more forms of identity verification to authorise access. These typically include: – Something you know (e.g., password) – Something you have (e.g., mobile device for receiving verification code) – Something you are (e.g., biometric data like fingerprints or facial recognition)   Why MFA is Essential for Security? Enhanced Security Against Password Theft: MFA adds an extra layer of protection by requiring a second form of authentication, like a mobile code or biometric scan, reducing the risk of unauthorised access even if passwords are stolen. Mitigation of Credential Stuffing: MFA disrupts credential stuffing attempts by requiring an additional factor beyond usernames and passwords. User-Friendly Security: Modern MFA solutions balance security with user-friendly options like biometric authentication and push notifications, ensuring a seamless experience while maintaining robust security. Protection of Remote Workforce: With the rise of remote work, MFA secures access to corporate networks from any location, potentially preventing unauthorised entry even on unsecured networks. Long-Term Cost-Effectiveness: Despite initial setup costs, MFA significantly reduces potential costs from data breaches and cyberattacks, safeguarding financial assets and reputation. Enhanced Consumer Trust: Implementing MFA assures customers that the organisation is implementing robust cyber security practices; this in turn can foster lasting client relationships.   Best Practices for Implementing MFA in Organisations While specific practices may vary, common best practices include: Clearly defining which systems and data assets require MFA based on risk assessments and compliance needs. Choosing authentication factors based on security requirements and user convenience. Ensuring compatibility with existing IT systems and applications using standard protocols. Implementing user-friendly MFA methods such as push notifications or biometrics to encourage adoption. Conducting regular training sessions to educate users on MFA usage and security best practices. Maintaining robust monitoring, incident response, and regular updates to keep MFA systems secure and effective. Monitoring performance metrics, gathering feedback, and adjusting MFA policies as needed to address evolving threats.   Challenges in Adopting MFA Despite its benefits, organisations may face challenges such as user resistance, integration with legacy systems, and initial investment costs during MFA implementation.   Conclusion It is crucial for organisations to adopt MFA to protect their data and maintain trust with customers and partners. By effectively implementing MFA, organisations can better defend against cyber threats and ensure the security of sensitive information. While MFA does not offer complete protection against all threats, it remains an essential component in reducing cybersecurity risks and safeguarding sensitive data.

We are continuously striving to help our members minimise their exposure to cyber threats and understand that managing effective prioritisation in vulnerability management is a growing concern. To assist with these efforts, AUSCERT is pleased to introduce the Exploitation Prediction Scoring System (EPSS) within our bulletins and Critical MSINs, starting August 12 2024. Important: AUSCERT advises members to research EPSS thoroughly before considering its application in vulnerability management. What is EPSS? EPSS, developed by FIRST (Forum of Incident Response and Security Teams), employs advanced algorithms to forecast the likelihood of vulnerabilities being exploited in real-world scenarios. Higher EPSS scores indicate a heightened risk of exploitation, enabling our members to prioritise their remediation efforts on the most critical vulnerabilities. This initiative is designed to bolster proactive cybersecurity measures and enhance overall resilience against potential threats. EPSS vs CVSS: CVSS serves as a reliable framework for assessing vulnerability severity, whereas EPSS offers an additional layer of insight by predicting the likelihood of exploitation. CVSS evaluates vulnerabilities based on their characteristics and potential impacts but lacks real-world threat data. In contrast, EPSS predictions draw from the latest risk intelligence sourced from the CVE repository and empirical data on actual system attacks. Where does the EPSS score appear in the AUSCERT bulletin? The EPSS (Max) score appears for each bulletin in the comments section, below the CVSS (Max) Score. Where does the EPSS score appear in the Critical MSIN? The EPSS (Max) score appears in the overview section of the AUSCERT’s Critical MSIN. Syntax: EPSS (Max): (*Probability) (**Percentile) (CVE Number) (Date EPSS calculated) For Example: EPSS (Max): 0.2% (51st) CVE-2024-XXXXX 2024-07-02 *The likelihood of exploitation of the given CVE within the next 30 days ** The vulnerability’s relative severity compared to others, ranking it within a distribution of similar security issues based on their assessed risks and potential impacts. (Important: Note that EPSS scores can change over time, so if making decisions based on EPSS it is recommended to ensure you are using a recently updated value available from FIRST) (See articles below for further details on use and interpretation) References: Understanding EPSS can require effort, and its suitability can vary depending on the environment. For those interested in exploring EPSS further and understanding its functionality, informative articles are available: [1] https://www.first.org/epss/ [2] https://www.first.org/epss/user-guide [3] https://www.first.org/epss/faq [4] https://vulners.com/blog/epss-exploit-prediction-scoring-system/ [5] https://blog.stackaware.com/p/deep-dive-into-the-epss [6] https://asimily.com/blog/epss-and-its-role-in-vulnerability-management/ [7] https://security.cms.gov/posts/assessing-vulnerability-risks-exploit-prediction-scoring-system-epss [8] https://insights.sei.cmu.edu/blog/probably-dont-rely-on-epss-yet/

Gathering Intel from the Certificate Transparency Initiative for the recent Crowdstrike incident and other tailored cases. The indicators of compromise listed in the Crowdstrike article of the 19th July [1] has a list of hostnames and domains that could impersonate Crowdstrike brands. The Crowdstrike article provides a disclaimer that “Some domains in this list are not currently serving malicious content or could be intended to amplify negative sentiment. However, these sites may support future social-engineering operations”. They also provide a pointer to their LogScale query to collect this information. There is another way to get similar information straight from the TLS certificates being issued through the Certificate Transparency Initiative[2]. A general overview of the Certificate Transparency scheme is also outlined on Wikipedia [3]. The following article describes steps that can be taken to collect hostnames and domains that have recently been issued a TLS certificate and check if they hold the word “crowdstrike”. In case you are looking for permutations of words from “crowdstrike” (or any other search term), you will be able to re-run your new queries on the locally collected data. The technique uses the stream of certificates being issued and published through the Certificate Transparency Initiative with a python module created by CaliDog [4]. The python module is duly named “certstream” [5][6] and running it will start to collect current certificates being issued through CaliDog’s collection and distribution server through a secure web socket [7]. This is a “live” feed and there are potentially hundreds of items every minute. Once the certstream python module[5] has been installed locally and you also have jq [8] utility installed, you are now ready to start collecting all the certificates being issued. Recording all the details of the certificate takes up significant disk space so it is recommended to just save the fields that will be useful for future queries. It is recommended to save the following information: 1) Certificate-ID, 2) Issuer Organisation Name, and 3) All listed domains in the certificate This can be achieved by using the following commands: certstream –json | jq -r ‘.data | [[(.cert_index|tostring)], [.leaf_cert.issuer.O], .leaf_cert.all_domains | join(“,”)] | join(“\t”)’ This will collect the certificate ID, the Issuer Organisation and the domains listed in that certificate as a tab separated row, and is output to the current terminal session in a scrolling fashion. A way to save the output in convenient TSV files (in batches) is as follows: certstream –json | jq -r ‘.data | [[(.cert_index|tostring)], [.leaf_cert.issuer.O], .leaf_cert.all_domains | join(“,”)] | join(“\t”)’ >> certificate-data.tsv After an amount of time (and of your choosing), you may stop the query and relaunch the query to write to a different file, to ensure continuity of collection. On the file, you may then use a utility such as “grep” [9], to find matches in the following manner : cat certificate-data.tsv | grep crowdstrike This will yield matches containing the text “crowdstrike”. If there are other key words to be searched, this can be done by substituting the word “crowdstrike” from the above example with your search term. You may also crosscheck and get further details of the certificate by searching online repositories such as in crt.sh [10] The disclaimer used in the Crowdstrike article applies to the data found through this technique. Domains and hostnames discovered may be online, not yet online, or they may be legitimate domains. Further interpretation is required but at least you now have visibility on the hostnames being registered with a TLS certificates, which is an action of intent of bringing the hostname online. AUSCERT has a number of MISP events available to members that utilise certificate transparency logs as one of the threat intelligence sources. Happy hunting! References: [1] https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/ [2] https://certificate.transparency.dev/ [3] https://en.wikipedia.org/wiki/Certificate_Transparency [4] https://calidog.io/ [5] https://certstream.calidog.io/ [6] https://github.com/CaliDog/certstream-python [7] wss://certstream.calidog.io/ [8] https://jqlang.github.io/jq/tutorial/ [9] https://www.digitalocean.com/community/tutorials/grep-command-in-linux-unix [10] https://crt.sh/ Written by AUSCERT

CrowdStrike Technical Outage Exploited by Cyber Criminals – Stay Vigilant! On Friday 19 July, CrowdStrike released a sensor configuration update that triggered errors and system crashes in millions of Windows systems causing major business outages worldwide [2][3].  CrowdStrike has assured users that the outage was not due to a cyberattack [2]. Reports have since surfaced indicating that malicious actors are swiftly capitalising on the disruption created by this technical issue [1][4]. Reports from cybersecurity experts and industry analysts suggest that cyber criminals are leveraging the outage window to launch phishing campaigns and other malicious activities. These efforts aim to exploit emotions such as fear or urgency to manipulate users into making quick, uninformed decisions. This tactic aims to bypass users’ critical thinking and make fraudulent schemes more successful. Phishing attacks, in particular, have been observed mimicking CrowdStrike support communications. There also have been incidents where cyber criminals impersonated CrowdStrike staff in phone calls [1]. CrowdStrike has additionally noted instances where cyber criminals posed as independent researchers, falsely asserting evidence linking the technical issue to a cyberattack. They have offered supposed remediation insights and marketed scripts claiming to automate recovery from the content update problem [1]. In response to these developments, cybersecurity organisations and authorities have issued advisories urging heightened vigilance. Users are encouraged to verify the authenticity of communications, especially during service disruptions, and to adhere strictly to official channels for updates and support. CrowdStrike has shared a list of domains impersonating CrowdStrike’s brand during the outage. While some domains in this list are not currently hosting malicious content and may be intended to amplify negative sentiment, they could potentially support future social-engineering operations [1]. As CrowdStrike continues to restore full service functionality, the incident serves as a stark reminder of the evolving tactics used by cyber criminals. Organizations and individuals alike must remain vigilant, maintain updated security measures, and exercise caution in response to such incidents to mitigate potential risks effectively. The swift and coordinated response from cybersecurity communities highlights the importance of proactive measures in safeguarding against opportunistic cyber threats, ensuring resilience in the face of technical disruptions and potential exploitation by malicious actors. [1] “Falcon Sensor Content Issue from July 19, 2024, Likely Used to Target CrowdStrike Customers” – https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/ [2] “Technical Details: Falcon Content Update for Windows Hosts” – https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ [3] “CrowdStrike Falcon flaw sends Windows computers into chaos worldwide” – https://cyberscoop.com/crowdstrike-falcon-flaw-microsoft-outage-flights-grounded-windows/ [4] “Widespread outages relating to CrowdStrike software update” – https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/widespread-outages-relating-crowdstrike-software-update Written by Vishaka Wijekoon for AUSCERT

With the tax season just around the corner, AUSCERT is urging individuals to remain vigilant. This period is a prime time for cybercriminals to target unsuspecting individuals through phishing scams. These are typically circulated via various channels, including phishing emails, phone calls, text messages, and even fake websites. Malicious threat actors tend to increase their fraudulent activities utilising various phishing techniques to take advantage of the heightened financial activity during this period. AUSCERT has observed a significant increase in phishing scams impersonating MyGov and the Australian Taxation Office (ATO) during previous tax seasons. From July to October in 2022, AUSCERT received reports of around 1100 tax-related phishing emails and scams, a number that surged to approximately 2500 in 2023. These phishing emails typically impersonate official entities and may contain convincing logos and language to deceive recipients and urge users to click on a link, scan a QR code or download an attachment. The emails also claim that urgent action is required to avoid account suspension, try to trick users about a pending tax refund, highlight issues with a tax return or demand immediate action to avoid penalties. However, clicking on these links can potentially lead to malicious websites that steal Personally Identifiable Information (PII) or sensitive data like user credentials or credit card details. Additionally, clicking on the links may install malware on the user’s device, creating a backdoor for cybercriminals to monitor activities, track user behaviour, and steal login information. To protect yourself from ATO and MyGov related phishing scams during the upcoming tax season, it is crucial to take precautions like: Verify the source: Do not respond to unsolicited emails, text messages, or phone calls claiming to be from the ATO or MyGov. If it is an email, double-check the email address and sender information to confirm authenticity. Remember, the ATO or MyGov will never ask for sensitive information via email or SMS. Before providing any personal information, verify the legitimacy of the request by contacting the ATO or tax professionals through their official channels. Be wary of suspicious calls: If you receive a suspicious call from someone claiming to be from the ATO and demanding payment to receive a tax refund, it is advisable to end the call immediately. Keep in mind that the ATO will not threaten you with immediate arrest or use abusive language. Exercise caution with links and attachments: Avoid clicking on links or downloading attachments from unsolicited emails or text messages. Be cautious of urgent requests: Be wary of emails, text messages and phone calls pressuring you to act quickly or provide personal information. Take the time to verify the legitimacy of the communication. Protect personal information: Avoid sharing personal or financial details in response to emails, phone calls or text messages. Always be careful when providing information online. Report suspicious activity: If you receive a suspicious email claiming to be from the ATO or MyGov, report it to the appropriate authorities, such as the ATO’s scam reporting email address, the ACSC, or IDCARE. Keep software up to date: Ensure that your devices have the latest security updates and antivirus software to protect against malware and phishing attempts. By staying informed and vigilant, and following best practices for online security, individuals can reduce the risk of falling victim to ATO and MyGov related phishing scams during tax season. If you believe that your identity has been compromised or you have fallen a victim to a tax related scam, contact IDCARE on 1800 595 160.   Written by  Senior Information Security Analyst Vishaka 

The year 2023 has been a period of remarkable achievements and developments. This comprehensive report highlights the key successes, accomplishments, and projects undertaken by AUSCERT over the past year. From strategic initiatives and performance to market expansion and operational improvements, this review provides an in-depth analysis of our progress and sets the stage for our future endeavours. Contents  Foreword by Dr. David Stockdale Membership Overview Incident Support Vulnerability Management Threat Intelligence Training AUSCERT Conference Community Outreach Share Today Save Tomorrow Conclusion Click here to read the report : Year in Review 2023

Introduction: Valentine’s Day, often associated with expressions of love and affection, unfortunately also provides an opportune time for scammers to prey on unsuspecting individuals seeking romance. As we approach this annual celebration, it is crucial to remain vigilant and aware of the various scams and frauds that can lead to financial losses and emotional distress. The Australian government and major financial institutions have issued warnings about the rise in Valentine’s Day scams, highlighting the need for caution in online interactions and financial transactions [1][2]. The Scams and Frauds to Watch Out For: 1. Fraudulent Investment Opportunities Scammers use various methods to lure unsuspecting victims into their trap. They might promise high returns with little risk, exclusive insider information, or guaranteed profits within a short period. These scams may involve investments in stocks, cryptocurrencies, or even fictitious businesses. Victims are convinced to invest their hard-earned money, believing they have found a secure and profitable venture. 2. Gift Card Scams Scammers can pose as sellers offering discounted or limited-edition gift cards. They lure victims into purchasing these seemingly irresistible deals, but the gift cards turn out to be fake or previously used. Victims are left empty-handed, and their hard-earned money is gone. – Only purchase gift cards from trusted retailers or directly from their websites – Be cautious of deals that appear too good to be true – Verify the card’s balance before making any transactions. 3. Flower Delivery Scams Scammers set up fake florist websites or pose as legitimate flower delivery services. Victims place orders, pay in advance, but never receive the promised bouquets. This not only results in financial loss but also leaves disappointment and emotional distress. – Research the legitimacy of the florist before placing an order – Look for customer reviews and check their contact information – Consider using well-established flower delivery services with trusted reputations. 4. Online Shopping Fraud With the rise of online shopping, individuals often turn to the internet to purchase gifts for their loved ones. However, scammers take advantage of the increased online traffic by creating fake websites, social media pages, or advertisements offering attractive deals and discounts. Victims unknowingly share their payment information, only to receive counterfeit or never receive anything at all. – Stick to reputable online retailers with secure payment systems – Double-check website URLs for any misspellings or suspicious elements – Use secure payment methods which offer fraud protection. Protecting Yourself from Valentine’s Day Scams: 1. Stay Informed Stay updated on the latest scams and frauds by following alerts issued by government agencies, law enforcement, and trusted news sources. The more informed you are, the better prepared you will be to identify and avoid potential scams. 2. Trust Your Gut If something feels too good to be true or raises suspicions, trust your instincts. Scammers often exploit emotions and vulnerability, so be cautious before sharing personal information or engaging in financial transactions. 3. Watch out for phishing attempts Phishing is a common tactic used by scammers to trick individuals into revealing personal information or login credentials. Be wary of messages that ask for sensitive data, such as your credit card details. Legitimate organizations will never ask for such information via unsolicited messages. 4. Avoid clicking on suspicious links One of the most crucial steps in protecting yourself from scams is to refrain from clicking on links in messages, especially those that appear suspicious or unfamiliar. Scammers often use these links to redirect you to fraudulent websites or to install malware on your device. 5. Research Before Engaging Before interacting with someone online, take the time to research their profile, photos, and background information. Conducting a simple online search can sometimes reveal if the person is using fake pictures or has been involved in previously reported scams. 6. Report Suspicious Activity If you encounter suspicious profiles, emails, or messages, report them to the relevant dating platform or local authorities. Reporting such activities helps to protect others from falling victim to scams. 7. Educate Yourself and Others Share information about common scams and frauds with your friends, family, and social networks. By spreading awareness, you can collectively combat the efforts of scammers and protect those around you. Reference: [1] https://www.theaustralian.com.au/breaking-news/australians-warned-of-romance-scams-ahead-of-valentines-day/news-story/9a21c7a2ad7697980f291ffa87a439d5 [2] https://www.nationaltribune.com.au/government-warns-against-ruthless-romance-scammers-this-valentines-day/