Personal tools

AusCERT Conference

The annual AusCERT conference is Australia's best cyber security event for anyone with an interest in cyber and information security.

AusCERT PKI certificate service

The AusCERT Certificate Service offers PKI certificates for people, servers and software for Australian and New Zealand education and research organisations.

AusCERT Vision & Mission Statement

AusCERT is the trusted cyber emergency response team for the Australian information economy, providing valued incident prevention and detection.

Spear Phishing

AusCERT has received recent reports of spear phishing attacks targeting Australian organisations.  

Spear phishing occurs when an attacker sends an email to specific, targeted recipients, with a customised message and link or attachment which contains malware.  Such attacks, more often, successfully trick and compromise recipients’ computers because the email refers to a subject the recipient is likely to routinely deal with in their work role. Organisations that publicly identify the name and position of their staff on their public web site are at particular risk of spear phishing attacks, but other avenues for information leakage include search engines and breach data.

A  recent example of a spear phishing campaign included email messages with the subjects:

Australia Post Delivery Error

Request for payment for the latest invoice

Emails had a malicious Microsoft Word document attached and may have been customised to suit the recipient. 

Other recent phishing emails that seek to capture banking credentials include the subject “register your credit card for SMS alerts”.

The following are just a few things your organisation and users can do to help prevent these attacks….

  • Keep staff informed about this type of attack and tell them what to watch out for
  • Don’t click on links or open attachments in unsolicited emails.
  • Implement Sender Policy Framework (SPF) in your email system to prevent forged ‘from’ addresses
  • Keep desktop anti-malware up to date
  • Don’t use your computer day-to-day with an administrator account

 

Australia Post has a page at http://auspost.com.au/about-us/scam-alerts.html that provides information about current scams.