Publication 7 October 2019

Cyber Security: what you need to know

Like most organisations, employees receiving attempted phishing emails is part of the daily work cycle at The Victorian Chamber of Commerce and Industry. The Office of the Australian Information Commissioner (OAIC) has recently released its quarterly report, stating that out of the 245 reported data breaches between July and September of this year, 20 per cent were a result of social engineering attacks conducted by cyber criminals through phishing techniques.
Phishing is a type of attack where hackers impersonate real companies to obtain an employee’s login credentials. Employees may receive an email asking to verify account details with a link that takes them to a log in screen, that may look identical to the legitimate log in screen. Once the credentials have been entered, the information is then delivered directly to the attackers.

With the increase of technology innovation comes the increase of innovation and sophistication of technology enabled crime. Phishing has become such a widespread attack vector that there are now many sub-types of phishing, including;

Nick Edwards - Cyber Security - Half Width

  • Spear Phishing: Spear phishing is a customised attack where the attacker seems like a legitimate source. They may use your name and phone number and refer to your organisation in the email to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
  • Whaling: Whaling is a ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. The attackers send what looks like normal emails from a high-level official of the company, typically the CEO or CFO, which ask you for sensitive information.
With the increase of technology innovation comes the increase of innovation and sophistication of technology enabled crime. 
  • Shared Document Phishing: You may receive an email that appears to come from file-sharing sites like Dropbox or Google Drive alerting you that a document has been shared with you. The link
    provided in these emails will take you to a fake login page that mimics the real login page and will steal your account credentials.

Phishing has evolved from poorly worded emails from a Nigerian Prince into an innovative and lucrative industry, with an estimated 156 million phishing emails sent across the globe each day. Australian businesses have lost an estimated $22.1 million dollars due to phishing attacks in 2017. Since then, the Notifiable Data Breach scheme (NDB scheme) has been introduced encompassing all organisations, encouraging businesses to collaborate and share potential security issues and vulnerabilities. This scheme has also been developed to hold businesses to account should a data breach occur, with failure to comply to the scheme incurring up to $2.1 million in fines. The introduction of this scheme makes it crucial for cyber security to be on the forefront of any sized Australian business’ mind.

The Victorian Chamber of Commerce is aware of how imperative it is for businesses to be aware of how susceptible your employees are to phishing and social engineering, with the responsibility of cyber security expanding beyond IT and into the entire organisation. If you’d like to discuss further the services we offer to help you achieve this and raise more awareness in your workplace, please contact us today on (03) 8662 5222. 

How to identify a phishing email:

  • Poor spelling and grammar
  • Emails with deceptive subject lines meant to create a sense of urgency, such as those alerting you of an urgent update
  • Messages that feature generic salutations, such as ‘Dear Sir’ or ‘Dear customer’
  • Any request for personal, payment, or login information is almost certain to be a scam, since no legitimate company will ever ask for such information by email
  • Phishing websites, which may be linked to spam emails that look genuine at first glance, but may have a minor spelling error in the address