Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

Don't get scammed

AusCERT was recently targeted by telephone scammers, purporting to
be from a reputable employment recruitment company seeking to update
its database, inquiring about several staff members. It is therefore
worthwhile to remind companies that, while not new, these types of scams
are continuing to operate. This type of contact is suspicious, as it is
often a precursor to a targeted email or telephone communication to a
staff member from the scammer who, posing as the CEO (or other senior
staffer, like the CFO) of the business, requests a wire transfer to a
'vendor' controlled by the scammer. This is most often executed when
the CEO is away, making it appear more legitimate that a request would
be made remotely. The attack often succeeds because the intelligence
gathered earlier enables the attacker to effectively masquerade as a
senior staff member of the business.

This attack is a variant of what is known as the Business Email
Compromise. It is known by this name because an attacker may compromise
the email account of the CEO prior to requesting the wire transfer. This
enables both a stronger base for business recconaisance and results in
a much more credible email source for the attack.

Combating this threat relies heavily on staff education and vigilance. You
should always be suspicious of an unexpected change to payment
arrangements and verify their source before proceeding. Staff should
be advised what is appropriate to reveal on the telephone to unknown
callers. Staff should clarify with the caller, their name and organisation
on whose behalf they are calling; and it is useful to contact the company
directly after the call to verify if they made the call. Always maintain
an anti-malware solution on your computers to avoid email compromise,
but staff should also be aware not to open unsolicited attachments that
may contain malware or click on links in suspicious emails.

An unrelated scam, but similar in impact sees scammers calling individuals
and businesses demanding payment for overdue accounts. The scammers claim
to be from telcos, energy providers and even the government, threatening
fines or other penalty if the victim doesn't pay immediately. You should
never pay money in response to this type of demand; confirm independently
with your provider and only by contacting them via reliable details such
as from a previous bill.

For more information about the BEC threat, the following resources will
be helpful:

For more information about the fake debt collection scam, visit the
Scamwatch site at: