Top 10 things nurses can do to remain cyber safe

March 30, 2023

2.2 million Woolworths MyDeal customers exposed in data breach” 

“Hi mum, I’ve changed provider/lost/broken my phone – I’m temporarily using this number for now.”

“Your package has been redirected to your local branch due to a pending delivery fee: for more info https://cutt.ly/auspos”

“Suspicious credit card activity is noted. Please confirm your personal data, otherwise, we will be forced to block it. https://activation-stgeorge.com/”

These are just a few examples of cyberattacks. Cybercrimes like Hi Mum scams, Linkt scams, Optus data breaches, Dating scams, and Gift card scams are becoming increasingly common. And there are thousands of ways hackers are finding out new ways to exploit people. Staying cyber-safe is crucial to prevent such attacks.

We have all been there… we opened an email that was actually fake. We clicked on a link that promised us a huge reward. Remember the Nigerian Prince scam? A wealthy prince needs to get an enormous sum of money out of the country and requires your assistance in return for a major chunk of their treasure. That seemed like winning an unexpected lottery ticket!

We have been all duped at some point in our lives. And we have lived and learned from our mistakes. So if you have been a victim of a cybercrime… you are not alone. Now, it is even more important to make sure your data is safe. 

So how do you protect yourself and remain cyber-safe? 

  • When in doubt, remember your childhood lesson of “stranger danger.” 
  • Ignore emails from untrusted sources
  • Ignore messages that say you need to pay a fine or you have received a gift

In this article, we discuss what is a cyberattack and the types of cyberattacks, and 10 things you can do to remain cyber safe. Plus a bonus tip from the newsletter of the Barefoot Investor.

Let’s dive in.

What is a Cyberattack or Cybercrime?

Simply put, cyberattacks are unauthorised access to an online account or resource.

The primary intention behind a cyberattack is to steal money or data. For individuals, it could lead to financial loss. While for organisations, it causes financial losses and hurts their reputation.

Think of Optus and how the incident has affected your trust. Your first instinct would be to stop using their services and go to another provider! 

5 common types of cyberattacks

Here are a few ways hackers crack passwords.

1. Phishing – The simplest way to steal someone’s password is by asking for it. You simply reveal your personal information (password, account number, etc.) on a website that looks legit. But it isn’t. Phishing is carried out using email or text messaging (known as smishing).

Here’s how it works – 

Phishing – You get an email from a company that looks legit and they tell you to take action immediately. They will encourage you to change your password, download a file or open a link. It’s a trick to get people to submit their sensitive information and infect their devices with malware or install malicious software in your device to carry out future attacks. 

Commonly copied brands include:

  • Postal services – Australia Post (pick up a parcel)
  • Telecommunication services – fake bills, internet issues, fines
  • Government departments – ATO, Medicare, myGov, Centrelink, etc
  • Law enforcement – state and territory police (fake fine scams)
  • Banks 
  • Utilities – power, gas, water bills (fake fines and overdue bills)
  • Online services like Netflix, Amazon, Paypal, eBay

For example, this email from Netflix looks legit but it is actually a phishing attack (The ‘Dear’ is a dead giveaway).

phishing cyberattack

Linkt Scam is also doing the rounds these days. If you have received an email or SMS from Linkt to pay your tolls. Unsuspecting users think this is real and end up losing thousands of dollars in this scam. If you have received any message like this, ignore it as this is a scam.

If you need help identifying if an email or text message is authentic, please check The Australian Government Scam Watch Service

2. Brute force attack – It is a technique of trying out a combination of different usernames and passwords. And eventually, figure out the right one.

Brute force cyberattack explained
Source : Norton

 

3. Man in the middle or Eavesdropping attack – Here the hacker alters the communication between two parties. The hacker would make independent communication with you and the second party and control the ongoing communication. So you would believe that you are communicating with the actual organisation, but no… you are actually communicating with the hacker.

This information is used to steal data – usernames, passwords, and credit card information.

Man in the middle cyberattack explainedSource: Imperva

 

4. Denial of service (DoS) – A Denial-of-Service (DoS) attack aims to bring down a machine or network so that its intended users are unable to access it. DoS attacks achieve this by providing the network or machine with an excessive amount of traffic or information that causes a crash. In both instances, the DoS attack denies the service or resource that legitimate users (such as employees, members, or account holders) expected.
5. Malware attack -Ever heard of viruses, trojans, spyware, or ransomware? They are all examples of malicious software that may get installed on your computer. You open a link and install a software program that looks legit but is actually not. You could also get malware from an infected USB or an email attachment. 

This list is not exhaustive, and there are many other types of cyberattacks that we have not mentioned here.  

Have you been hacked?

​The Australian Cyber Security Centre’s (ACSC) ‘Have you been Hacked?’ tool will help you assess if you’ve been hacked. It can guide you through a range of scenarios to advise you on how to best respond to the situation.

Scenarios include:

  • ransomware attacks
  • malware threats
  • email compromise and identity theft
  • phishing and fake website scams.

The tool is simple to use and includes typical warning signs, scenario explanations and easy-to-follow steps on how to remediate the situation.

Take this quiz to find outHave you been hacked

Top 10 things to do to remain cyber safe

Here are the top 10 things you could do to remain safe from phishing, social engineering, brute force cracking and other forms of cyber attacks.

Cybersafe Tips

1. Protect your privacy

  • Being on the AHPRA public register means some of your identifying data is accessible to the public. Personal information like Full Name, Gender, Suburb, State and Postcode and your qualification and the year you obtained it. While nothing can be done about the public register of this information, you can protect your online privacy by doing things such as anonymising your name on social media.
  • Wearing an ID can leave nurses vulnerable as your full name is often required on your work ID. We have heard of some nurses turning their IDs over (which may be in breach of hospital security protocols) and covering up their Last names or other personal information on their ID badges.
  • Secure your letterbox with a lock to prevent your mail from being stolen.
  • Let uPaged know straight away if your email, address or contact details change.
  • Never give out personal information to people you don’t know or trust.
  • Shred documents containing your personal information before throwing them away.

2. Don’t share your personal information on social media

Social media is a great tool. We get it.

But we need to draw a line on what we share on social networks. Here are a few things which are a strict no-no and shouldn’t be posted on social media.

  • Your date of birth
  • Travel plans
  • Personally identifying information – driver’s license, passport or credit card
  • Personal information like where you went to school, your pet’s name
  • Home address
  • Phone number
  • Your location data – your phone tracks your location based on your GPS coordinates and IP address. When you post on social media, you can delete your location. Some images retain location data, so platforms like Instagram and Facebook automatically remove this data from your images.

Hackers can use this kind of information for identity theft, or someone knows where you live and they know when you are likely to be away from home for extended periods, they have an open invitation to rob your home. 

The hard truth is that we can’t trust social media so be careful with what you post.  

3. Don’t open emails or SMS which look spammy or fake

Treat any unrequested emails, SMS or phone calls with caution. If it’s a work-related email, always check the sender’s email address and name. Hackers can sometimes send you an email that looks legit but is not.

A common scam right now is one where scammers send you an SMS from Australia Post saying you have received a parcel. Or tell you that you have not paid your taxes on time. Perhaps you have received a prize. Most of these messages have been reported as fake. The rule of thumb is that if the offer looks like it is too good to be true, it probably is.

4. Use strong passwords 

Do you use generic passwords like “password”, “your name” or “your pet’s name”?

For a seasoned pro, hacking into your account would be a breeze if you use weak passwords.

Using weak passwords can make our data vulnerable. 

How to create a strong password?

  • Create unique passwords with a mix of uppercase and lowercase letters, special characters and numbers
  • Create unique passwords for all your personal and banking accounts
  • Use a password manager to store passwords like LastPass 
  • Change your password every few months
  • Don’t store your passwords in a notebook or contact list

5. Use Multi-Factor Authentication

According to LastPass, weak passwords result in 80% of data breaches. Single-factor authentication – You need to enter only your username and password to log in to your account. It isn’t secure and can lead you vulnerable to cyber-attacks.

Two-Factor Authentication (2FA) – You need to enter two forms of identification to access an account. It is safe and ensures hackers cannot access your accounts without identity verification.

Typically, 2FA utilises push notifications, SMS verification, fingerprint authentication or a hardware token (like a key fob):

  1. Username and password
  2. A second authentication factor 
  3. A third authentication factor to verify the user credentials and grant access
Multi-Factor Authentication (MFA) – It requires two or more forms of identification before authorising access to online resources and accounts.

Typically, 2FA and MFA utilise:

  • push notification
  • SMS verification – PIN number 
  • biometric factors like fingerprint authentication or facial recognition
  • hardware token(like a key fob) 
  • email 
  • voice call
  • authenticator app

6. Ensure the websites are secure

When you open a website, in the URL you will be able to see this:

https://www.example.com/ – the HTTPS here represents a secure website 

While a website with http://www.example.com – the HTTP here represents a not secure website.

If you see the padlock sign on the top left of the browser with a warning sign or a red strike over it, that means the website is not secure – accessing this website can put your personal information at risk.

7. Use secure Wi-Fi 

Only use trusted devices and Wifi networks to do online banking. Never accept a request to download a program or certificate to your device in order to use a public Wifi network. Using the Wi-Fi at your home is secure. But when you connect your device to public Wi-Fi, it is not as safe as you think.

Using public Wi-FI can leave your personal information exposed to hackers. Since the network isn’t secure, anyone can hijack your session. They will be able to see your username, passwords, photos, documents and contacts. 

How to use the internet on public Wi-Fi?

If you absolutely need to use public Wi-Fi, use the following tips to stay safe:

  • Avoid using your social media and banking apps on public networks
  • Check if the websites you are using are secure
  • If you are using a public network, use a VPN. A VPN encrypts your traffic and keeps your data away from prying eyes
  • Change your settings to prevent your phone from getting connected automatically to Wi-Fi networks
  • Don’t ignore the warnings

8. Use antivirus software

An antivirus program is used to detect and remove malicious software from your devices. Malicious software or malware could be cyberattacks such as spam ads, viruses, trojans, or bots. Antivirus software detects malware and removes it from your device. McAfee, Norton, Kaspersky, Avast and Bitdefender are some of the best antivirus software.

If you don’t have antivirus software on your computer, we recommend that you purchase one. 

But if you already have one, make sure you check the settings so:

  • The software runs a full scan automatically in the background to provide real-time protection
  • It receives updates automatically
  • Automatically scans all new files from your emails, USB stick, SD card or hard drive

9. Backup your data and update your OS regularly 

Backup data – A backup is a regular copy of all the files on your computer. Daily or weekly backups can save your important files from getting lost or corrupted.

Apart from malware infection and cyberattack, events like system crash, hard drive corruption, and disk failure can lead to data loss. 

Backup is the easiest way to restore lost files. Plus, setting a regular backup schedule offers peace of mind. You know your important documents, photos and videos are safe. And you can access them whenever you want.

10. Spot the scams

If you feel like a call might not be genuine, hang up, and call back on an official phone number to verify the call was legitimate. You may have heard of the Gift Card Scam – the hackers might ask you to pay for something by putting money on a gift card. But that’s not the only scam.

There are a few other scams doing the rounds. A hacker can:
  • Impersonating government or utility company officials and threatening to fine or cancel your services if you don’t pay immediately.
  • Pretending to be tech support from popular companies and convincing you to pay to fix a fake problem with your device.
  • Using dating apps to gain your trust and trick you into sending money or investing in cryptocurrency.
  • Impersonating friends or family members in an emergency and asking for money transfers. Don’t transfer money straight away, especially if it is not a trusted bank account or phone number.
  • Offering fake prizes that require payment before receiving them.
  • Scam investment offers – Hackers may offer high returns with no risk and share fake data to entice you to invest directly on a platform or send money to a business.
  • Mobile phone porting – If your phone stops working, contact your service provider to check for porting scams where scammers transfer your number to intercept passcodes.

The information you access will be false and falsely depict your gains (or losses as a way to get you to invest more money). You will ultimately be unable to make any withdrawals.

Scammers will invent reasons why withdrawals take longer than expected, why they’ve blacklisted you from the platform, or why the trading platform is shut down. Your money is gone when you try to contact them to find out what happened. Scamwatch is urging people to stay aware of investment scams.

There are several types of investment scams:
  • Romance baiting scams
  • Cryptocurrency scams
  • Unsolicited contacts about investing
  • Celebrity endorsement scams
  • Ponzi scams
  • Superannuation

How you can stay protected from investment scamsCredits: St George 

 

Bonus TipLock your credit file 

(With thanks from The Barefoot Investor)

Creditsavvy, a division of the Commonwealth Bank helps you lock your credit file.

If anyone tries to access your credit file, the Credit Savvy app will alert you. This feature will allow you to:

  • Protect your credit score from taking a plunge due to fraudulent activities
  • Credit reporting bodies won’t be able to disclose your Credit Report to lenders to prevent credit from being acquired in your name
  • Protects you from identity theft.

So how do you lock your credit file?

Simple – just follow the steps below.

  1. Download the Credit Savvy app (either in the Apple or Google app stores)
  2. Verify your details ( you can use your Driver’s licence, Medicare card, or Passport)
  3. Press “protect” from the bottom navigation
  4.  Press “Request a ban”. Credit Savvy will then let the other credit agencies know you’ve got a ban on your file within 2 business days.
  5. On the 16th day, the Credit Savvy app will remind you that your pause is ending. When you get that alert  – and this is important –  click “ban my credit report for 12 months”.

Note: Your ability to take credit won’t be affected. If you need to apply for credit, remove the ban on your credit file for a short period of time. Once your work is sorted, apply the lock again.

Need more info on how to protect yourself from cybercrime? Refer to https://www.cyber.gov.au/

Other important resources:

 

uPaged Icon