Certified PC Solutions

10/10/2024

To the Security Team at Westpac

I am writing to express serious concerns about the inadequacies in your security protocols, particularly in light of your claims of being a highly secure institution.

How is it possible that your online banking system allowed the same user to log in concurrently from two different cities without raising any red flags? This should have been an obvious and immediate cause for alarm.

A review of Westpac’s logs shows that for the past year, all logins were consistently from a single IP address tied to one business location. However, despite this clear pattern, your system allowed an unusual IP address to initiate multiple transactions totaling over $1 million within an hour. These logins, from two different geographic locations, occurred within just one minute of each other, and yet no alerts or warnings were triggered.

While I acknowledge that social engineering was involved and that a token code was eventually provided to the fraudster, this was a rudimentary attack that should have been easily detected and blocked by even the most basic security measures.

Westpac has so far shifted the blame entirely onto the customer, denying any responsibility. This response is completely unacceptable given the clear security failures on your part.

As an IT provider, I can offer guidance on educating users about scams and online threats, but this attack highlights deficiencies in your systems, not just user error. You claim to have advanced systems for detecting unusual activity—surely in this day and age, you are utilizing AI for threat detection and pattern analysis? If not, it is time to allocate some of your profits toward improving your threat detection capabilities and protecting your customers.

Where is the protection for your clients?

13/09/2024

Officeworks Seems you have some weird DNS problems - website down - need some help? ;-)

26/07/2024

https://mypolice.qld.gov.au/news/2024/07/25/caller-id-spoofing/

Detectives from the Financial and Cyber Crime Group have issued a warning about a scam using Queensland Police Service (QPS) phone numbers to impersonate

20/07/2024

You may have heard or even experienced the disruption from the worldwide tech outage on Friday.

While the outage was not a hack, you must be alert to phishing emails from scammers as the world reboots after the Microsoft-CrowdStrike outage.

Here’s what you need to know:
Small business owners and employers should treat with total suspicion any unexpected emails, screen pop-ups or phone calls purporting to come from Microsoft, CrowdStrike or large organisations such as banks and telcos.

Go to Scamwatch.gov.au if you suspect you have been targeted by a scammer trying to access your computer.

Scamwatch is a website run by the Australian Competition and Consumer Commission (ACCC), and provides information to consumers and small businesses about how to recognise, avoid and report scams.

02/07/2024

Scams, more Scams!
NASC impersonation scammers

Criminals are calling people and pretending to be from the National Anti-Scam Centre.
They tell you that your phone number is being used in a scam in China and offer to help you ‘clear your record’.
These scammers work hard to get your trust, then try to steal your money and personal information.
Hang up on unexpected callers who say they’re investigating a scam.

It's probably a scam: the National Anti-Scam Centre will never ask for money or personal or financial information.
How to spot the scam
This scam can be hard to spot because scammers can make a call look like it’s from a legitimate number.

However, the National Anti-Scam Centre will never ask you for money, financial or personal information, or threaten you.

Anyone calling and behaving like this is probably a criminal. Hang up immediately and report the scam.
How the scam works
• Someone calls you saying they’re from the National Anti-Scam Centre.
• The phone call looks like it comes from a legitimate phone number belonging to a trusted organisation, like the government or police.
• They say they’re investigating a phone number registered in your name that’s being used in a scam in China.
• These criminals may tell you they work with the Chinese Anti-Scam Centre or Chinese police, and say they will help you ‘clear your record’.
• They ask you questions to 'confirm you're not involved' in the scam.
• They may spend a lot of time with you, building your trust.
• These criminals will try to threaten you to steal your money, financial and personal information.

Stay protected

STOP
Don't give money or personal or financial information. Don't click on any links if you’re unsure. Say no, hang up, delete.

CHECK
Scammers pretend to be from organisations you know and trust – like myGov, your bank, the police or government. You can check the call, message, or email is real by calling the official phone number of the organisation using contact details you find yourself.

REPORT
The more we talk, the less power they have. Report scams to Scamwatch. By speaking up, you protect others and stop scams before they happen. Better safe than scammed.
If you've been affected
• If you have lost money, contact your bank or financial institution immediately.
• If you've had personal information stolen or need support to recover from a scam, contact IDCARE on 1800 595 160.
• Help others by reporting scams to Scamwatch.
• Tell your friends and family: you can share your experience, get support and help to protect others from scams.
Who is the National Anti-Scam Centre?
The National Anti-Scam Centre is where government and industry work together to protect Australians.

We're harnessing shared resources and smarter analytics to cover blind spots, strengthen weak links and use data to react faster, stopping scams before they happen.
Our aim is to make Australia a harder target for scammers.
For more information about how to avoid or report a scam, visit the Scamwatch website.

18/01/2022

FBI: Beware of a New Google Voice Authentication Scam – Even if You Don’t Use Google Voice!

A new advisory warns of a scam that can affect literally anyone designed as a precursor to additional vishing scams and/or to perform Gmail account takeovers.

If you’re unfamiliar with Google Voice, it is a service where Google provides you with a virtual phone number so you can make and receive calls and texts. Assuming you are unfamiliar with it, you may be wondering what’s all the excitement about?

According to a new FBI advisory entitled “Building a Digital Defense Against Google Voice Authentication Scams,” the FBI outlines a scam that involves a threat actor responding to a personal ad – they use the example of selling a couch on craigslist or some other site – and says they want to make sure you are legitimate so they don’t get scammed by sending you an authentication code from Google.

What’s really happening is the scammer is setting up Google Voice using your phone number as the primary number and using you to assist them with Google’s authentication process during setup.

Blog post with more details and links:

A new advisory warns of a scam that can affect literally anyone designed as a precursor to additional vishing scams...

02/11/2021

And you thought Ransomware was bad ....

If you think ransomware is bad, it is about to get much, much worse. What will ransomware gangs do? Just everything.

22/02/2021

Scammers registering dodgy domains, brace yourself!

https://thenewdaily.com.au/news/coronavirus/2021/02/22/coronavirus-vaccine-scam/

There are thousands of fraudsters preparing to exploit the COVID-19 vaccine program, experts say, warning the scams will look legitimate.

17/11/2020

Very Very interesting.
Foreign powers gathering data on who we are, who we work with and our close important contacts, and then exploiting that data by making connections, extorting people in positions that have access to data that is our national interest not to be shared!
Watch what you post, what you expose that may be a small piece of a bigger picture and watch the "Professional" platforms.
International Espionage is getting very clever.

On this page[[{"fid":"369","view_mode":"full","fields":{"format":"full","field_file_image_alt_text[und][0][value]":"Director-General of Security","field_file_image_title_text[und][0][value]":false},"type":"media","field_deltas":{"10":{"format":"full","field_file_image_alt_text[und][0][value]":"Direc...