Posts

Internet Crime and Taxes are two of life’s certainties

AVG (AU/NZ) reminds consumers and small businesses to be alert to the latest online scams and phishing attacks targeting this tax return season.

MELBOURNE, 13 June 2012 — Ahead of this year’s tax return season, AVG (AU/NZ) Pty Ltd, distributor of AVG Technologies’ award-winning AVG Internet and mobile security software in Australia, New Zealand and South Pacific, alerts consumers and small businesses to the latest attempts by cyber criminals to gain access to lucrative identity and financial information. With upwards of 2.5 million individuals using the Australian Tax Office’s e-Tax electronic tax return service, cyber criminals have a huge, potentially receptive audience for their activities. Security Advisor at AVG (AU/NZ), Michael McKinnon, said: “Internet crime and taxes are now two of life’s certainties. Cyber criminals are starting to release this year’s crop of end of financial year scams to trick taxpayers into revealing highly valuable personal and financial information. As younger members of the community join the workforce and others shift from paper-based to online tax return processes, there is always a new audience for inventive tax season scams.” There’s a certain inevitability about June 30: it will bring new ways to scam the unwary and new phishing frauds asking for your credit card details including:

  • Offers of government grants needing to make payments prior to the end of the financial year.
  • Prompts for baby bonus applications.
  • Assistance to find lost superannuation funds.
  • Notification that your company tax rate has changed.

The Government’s SCAMWatch website is currently alerting Australians to be aware of Carbon Price scams seeking your personal banking details to pay carbon tax compensation into your bank account or offering to sell you fake carbon credits. Many of us now communicate directly with tax advisors via email so other tricks include sending phishing emails that ask you to open what appear to be legitimate attachments to fill out personal details. The simple act of clicking on that attachment could redirect you to a malicious website, or deliver to your computer an infection that could launch an attack on your accounts and extract financial details. McKinnon said: “When you consider all the information included in your return – your tax file number, details of investments, retirement accounts, employment, the property you own – in the hands of cyber criminals, your identity and more could be at risk. And if you see an offer that looks too good to be true – avoid it. Any offer of an online refund will absolutely be a scam because that’s not how the ATO or any other Australian government agency operates.”

Some top tips to help you safely file your tax return this year:

  • Use the end of financial year to review your personal or business online security systems to ensure your protection is fully and automatically up to date – on all computers, phones, other mobile technologies, plus USB and other memory devices from which you will gather, store and send your financial information.
  • Do your homework by reviewing the ATO and SCAMWatch online security pages.
  • In communicating with your tax advisor, consider creating a password protected Zip file of your financial data.
  • Always open your e-Tax filing directly from the ATO’s site (www.ato.gov.au); never click through to the site from an email invitation. The filing of tax returns directly via the ATO’s e-Tax service is secure.
  • Always use a trusted WiFi or Ethernet connection from your home or office to file your tax return – never use a public WiFi without a firewall in place and Internet security installed.
  • Be cautious of anything that you haven’t directly requested and only respond to those communications you’ve initiated.
  • Delete all related emails from your server once you’ve filed your return.
  • While the ATO uses emails and SMS for service alerts, it will never request the confirmation, update or disclosure of confidential personal details. If you receive suspect communication from ‘the ATO’ or any other ‘government department’, do not click on any links in an email or answer phone questions. Report it immediately to the ATO.

Tax Time Cyber Crime Assistance

  • Examples of current Tax Refund scams: http://www.ato.gov.au/onlinesecurity
  • The Australian Government’s cybersecurity website, Stay Smart Online, provides information for Australian Internet users on the simple steps they can take to protect their personal and financial information online.
  • Australian Competition and Consumer Commission (ACCC)’s SCAMWatch provides information to consumers and small businesses about how to recognise, avoid and report scams.

What Antivirus software do we recommend?

Norton Security Standard Up until about 2012, I was of the opinion that AVG Free was as good as any Antivirus software, on the proviso that you didn’t do stupid things online like visiting porn websites, clicking on links in emails that were obvious phishing scams and making sure you kept Windows up to date along with Java, Adobe Flash and Adobe Reader.

Well all that still stands, except that I now recommend Avast Antivirus as a free alternative. But I have found there is an increasing number of really nasty viruses out there that are just getting past the Free Products, and as such, I have now changed my thinking and moved to the Norton Security suite of products by Symantec, and now recommend this as my preferred Security solution.

I had an experience a number of years back that taught me a valuable lesson.  Being in the industry that I am in, I should have known better, but like all of us I got complacent.

I used a USB Flash Drive with some Virus Removal tools on an infected PC.  The PC had a nasty Rootkit Virus among other things, and it transferred the virus to my USB Drive.  When I got back to the office I wanted to retrieve a log report off the USB Drive and plugged it into my PC which was protected by AVG.  Well it turns out it wasn’t very well protected at all because the virus was instantly transferred to my PC without so much as a peep out of AVG or indeed any other sign.

The first I knew about it was when I started receiving 100’s of returned emails with the usual spam topics and a phone call from my web host telling me they had disabled my email accounts.  What followed was a time consuming effort to remove the virus and it was at this time I changed my recommendation from AVG to the Norton suite of products.

Traditionally I haven’t been a fan of Security Suites, and I’m still not, but Norton these days is minimal in it’s intrusiveness and uses fewer system resources than some of the others, and more importantly it detects those nasty viruses that AVG didn’t and still doesn’t.

FYI we sell Norton Standard for $29.  This will cover 1 PC’s for 12 mths.

Great Security Myth: I Don’t Need Anti-Virus Protection because I Bought an Apple Mac!

virus-detectedMelbourne, 28 May 2010 – AVG (AU/NZ) Pty Ltd warns that Apple Macs running the OS X operating system, or some flavour of Linux distribution, are not immune to viruses, malware and other forms of Internet-carried spambots, Trojans, hacking and phishing.

That’s right, Apple Macs running the OS X operating system, or some flavour of Linux distribution, are open to attack from cyber criminals.

Now of course hackers and spammers are not stupid and they know that Windows users represent the ‘low hanging fruit’ in terms of potential targets. The sheer weight of numbers that the Windows’ user base carries with it makes it the primary target for malware attacks – and it’s going to stay that way for the foreseeable future.

“But,” Lloyd Borrett, Marketing Manager, AVG (AU/NZ), says: “The web changes everything. More specifically, web services, social media and online applications change everything.

“Suddenly you are operating one step further away from your Mac’s desktop and you are at the mercy of live real-time contact from third parties and the World Wide Web in general. This levels the playing field in some senses, so that suddenly your Mac is not a Mac for a moment – instead it’s just a computer.”

With the growing popularity of web services from Twitter and Facebook and so on, the opportunity to spread malware hidden in a simple link has, arguably, never been greater.

So Mac’s do have vulnerabilities and people should be increasingly aware of browser security concerns. Without identifying specific security holes in Safari or Opera (or Firefox for that matter), the operating system is no longer the primary target for Internet-driven user attacks by cyber criminals. The target is the application itself and the user’s behaviour within it.

Apple’s popularity is growing all the time even if its market share is still somewhere around less than 10 percent globally. Just this year security researchers found eight fresh zero-day vulnerabilities in Apple’s Safari browser.

“What matters most is that viral attacks are constantly evolving and looking for fresh blood,” Borrett continued. “So, everyone needs to think about Internet security protection. It’s as simple as that.”

Technical Facts

Looking objectively at the Mac operating system and tools, there is arguably a larger total surface area of code open to potential attack.

Combining rich use of Flash and Java with support for multiple file formats does not exactly put up extra barriers. Digging deeper, Address Space Layout Randomisation (ASLR) has been around since Windows Vista as an anti-exploitation technology, yet it is only present in Mac OS X 10.5 in some library offsets and therefore does not offer complete protection in the way that the technology was designed.

Conclusion: Apple Mac, Windows or Linux, the fact is that regardless of the operating system each of us is using, we’re all in this together. Everyone needs to be aware of what they are clicking on and use their commonsense – if something doesn’t look quite right, it probably isn’t!

.