Do you process, transmit or store more than 10,000 financial transactions per year?
YesNo, less than 10,000
Do you use and keep up to date firewalls and anti-virus protection for all systems?
YesNo
Do you use third parties to complete audits of your system and security on a regular basis?
YesNO
Are all portable devices password protected? (mobile phones, laptops, tablets, etc)
YesNo
Do you have encryption requirements for all data including portable media?
YesNo
Do you have back-up and recovery procedures for business critical systems, data and info assets?
YesNo
Do you outsource any part of your network, including storage?
Yes, we use third party providers.No, all managed in house
Do you store sensitive information on web servers?
YesNo
Do you know of any loss payments, fines or penalties being made on your behalf?
YesNo
Are you aware of any matter which might give rise to a claim or loss under such insurance?
YesNo
Have you suffered any loss or claim but not limited to a regulatory, governmental or administrative action brought against you, or any investigation or information request concerning any handling of personal info?
YesNo
The applicant or any subsidiaries have any knowledge of any loss payments, fines or penalties being made on behalf of any applicant or any person proposed for coverage any cyber policy or similar insurance?
YesNo
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
Business Insurance Quote
Contact details:
Sections
Property & Contents
Yes, please quoteNo, thank you
Public & Products Liability
Yes, please quoteNo, thank you
Cyber Liability
Yes, please quoteNo, thank you
Theft & Money
Yes, please quoteNo, thank you
Computers & electronic equipment
Yes, please quoteNo, thank you
Business Interruption
Yes, please quoteNo, thank you
Machinery Breakdown
Yes, please quoteNo, thank you
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
We will take a look at some of the most recent email scams targeting Australian businesses from May 2017. Share this list with your colleagues to spread awareness of recent scams which may come across your email inbox. Follow us on Linkedin & Facebook for regular updates.
The month of May saw the global “WannaCry” ransomware scam become first page news and infect many notable organisations in particular the National Health Service (NHS) in the U.K.
Despite the media attention many other scam emails with similar malicious intent went across the nation unreported by the mainstream media.
The Australian Securities & Investments Commission is a regularly impersonated target for scam emails, we’ve written in the past here and here about a few different types of malicious emails which have been sent from criminals posing as ASIC.
The emails which are being sent from the domain australiangovernments.com, are advising recipients to review their company renewal letter using the link provided. The link itself is pointed to malicious file named”renewal.zip” which could do numerous things including encrypting data and make a log of all keys pressed to gather important information.
Similar to previous scam emails, the communication is well worded, branded with ASIC logos and signed off by a “Senior Executive Leader” who does not actually exist. ASIC urges recipients not to let curiosity get the best of them and delete these emails immediately.
Scammers pretending to be from ASIC have been contacting Registry customers asking them to pay fees and give personal information to renew their business or company name.
These emails often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link.
Cyber Insurance Australia can help reduce the costs of cyber crime for your business.
Origin Energy
A very convincing fake email has been sent in the tens of thousands this month containing near perfect Origin Energy branding. Most Australians now receive their energy bills via email instead of post which is great for the environment but has potential vulnerabilities. Scammers have replicated a common Origin email complete with logos and links to the real Origin Energy Privacy Policy to help lend further credibility to the email. Victims who clicked to download and view their bill are directed to a compromised Microsoft SharePoint account which is designed to install malicious software onto their system. The amount due will differ from email to email in an attempt to evade anti-virus software.
According to Mailguard, a fake domain called Originenergysolar.net was recently registered in China and the emails were sent from France.
NAB
National Australia Bank has always had a pretty consistent run with cyber criminals using their likeness for many different phishing campaigns. This scam email informs the recipient that their account has been disabled, simply click the included link to reactivate your account, sounds easy enough. The link points to a duplicate of the real NAB website which prompts users for their NAB ID and password. A standard phishing email approach but one which still gets results.
In this instance the emails are coming from discharge.authority@nab.com.au. Criminals trick unsuspecting bank customers into putting their actual bank information into the fake website which is then used for unauthorised transactions.
WannaCry
By this point many Australians are aware of the “wannaCry” ransomware attack which has dominated the media more than it has dominated Australian businesses. The Prime Minister’s cyber security advisor Alastair MacGibbon told AFR, “there had been one likely case of the WannaCry ransomware attack on a small business but the impact of the attack had been limited.” “We have not seen the wholesale impact we are seeing in the UK and Europe,” he said. “It has not affected our hospitals or other critical infrastructure.” Experts are attributing some of Australia’s luck avoiding the scam down to a time zone difference, many Australian businesses had stopped trading for the weekend when the emails were arriving. which in turn did not give enough time for staff to view the scam email.
An attack targeting devices running Microsoft Windows which have not been updated with a security patch were the ones at risk. The purpose of the scam is to gain access to a network, encrypt the data and demand a bitcoin ransom within a short time frame or risk total data loss as can be seen in the above screenshot.
According to reports, more than 230,000 computers in over 150 countries had fallen victim to the scam yet official Australian reports indicate less than 15 Australian organisations were exposed. This attack affected many major services across the globe such as the National Health Service(NHS) in the UK and FedEx.
These scams happen every single day despite the lack of media coverage or direction from the government to raise awareness for business owners. An even more devastating variant of ransomware is already being seen by security researchers which won’t be widely reported on until it is on your doorstep.
Cyber Insurance Australia can help reduce the costs of cyber crime for your business.
Feel free to comment with any malicious emails we missed. Each month we will be updating and reporting new malicious emails making the rounds for Australian businesses.
Subscribe and follow Cyber Insurance Australia on Linkedin & Facebook for regular updates and information. Thanks to MailGuard , subscribe to the security blog for regular updates here.
To ensure email security for your business, contact DDM Security Systems to learn more about email encryption & protection.
Share this list with your colleagues to help spread the word before one of these nefarious emails ends up at your business.
We will take a look at some of the most recent email scams targeting Australian businesses from April 2017. Share this list with your colleagues to spread awareness of recent scams which may come across your email inbox.
April was another strong month for email scams with new variations showing up and interesting methods of attack.
With more than 11 million accounts or roughly 50% of the population, the Australian government online portal is a prime target for scammers trying to imitate government departments holding sensitive information. A legitimate looking email sent from no-reply@mygov.net has caused many raised eyebrows after recipients were advised to verify their identity using the link contained in the email.
Victims who clicked the link were directed to the above fake website intended to dupe recipients into sharing their password and credit card information. The only indicator of the fraudulent nature of the site is the unusual URL which is not an Australian Government domain. According to Mailguard, upon further inspection the source code for the authentic government website has been directly copied for the above clone. After inputting their username and password the victim is prompted to confirm credit card information as can be seen below.
After providing credit card information the victim is redirected to the real My Gov website in order to confuse and attempt to validate the email request. According to MailGuard, the email originated from servers hosted in the Czech Republic, which are likely to have been compromised. The sending address used is noreply@mygov.net, which has no relationship with the legitimate portal
Cyber Insurance Can Help Reduce Costs Following Email Scams.
ASIC
The Australian Securities and Investments Commission is always popping up in these lists of scams due to the nature of their work. In this email scam business owners are sent a well branded, legitimate reading email regarding the renewal of their company. With complete ASIC logo, wording and legitimate links to the ASIC privacy policy the unsuspecting business owner can easily mistake this email for official communication. Especially if received around the correct date before their official ASIC renewal.
Victims are prompted to follow a link to find their renewal letter, instead the link contains java script code designed to install malicious software on their computer systems. The software is then likely to download additional ransomware or a trojan causing business interruptions and unforeseen costs for victims. The email was sent from a newly created austgov.com domain, instead of the legitimate ASIC site, asic.gov.au. The fake domain which was registered in China has experts speculating that due to Chinese registration laws, it is likely that a stolen ID was used to create the domain which raises further questions about the people behind these scams.
MYOB
Thousands of fake MYOB emails have begun making their way to inboxes across Australia. The well branded email appears to be a legitimate invoice from a company using the MYOB software package. As is common with these email scams, additional links to the real website are included in the fine print of the email to add validity. The link to the invoice however will direct victims to a compromised SharePoint website containing a malicious file.
Similar to the above ASIC scam and many in the past, the emails were sent from a fake, newly-registered domain myob-australia.com. Many variations of the email wording and company info have been observed from many recipients, which indicates the culprits are attempting to obscure their red flags from antivirus software.
Once the victim’s curiosity gets the best of them and they follow the link, the malicious software will install itself to automatically run when the machine is switched on in an attempt to capture private information from internet browsers.
eWAY
Online payment company eWAY has had their corporate identity imitated in a bulk run of scam emails which targeted Australians with macros capable of downloading malicious software. The fake emails were sent from a recently registered domain, estoreway.info, instead of the legitimate Australia-based site, eway.com.au. The emails not only came from an incorrect domain which is quickly verified using google, unusual grammar is also a clear sign throughout the text.
A screenshot of the email scam courtesy of Mailguard seen below advises recipients their recent purchase has been approved and will be shipped to the address in the attached invoice.
The attached invoice contains a Word document with a malware downloader within. The attachment is capable of downloading and executing malicious software to record and gather sensitive information. In an additional attempt for the scammers to establish legitimacy the attachment requires a password to unlock and view the ‘invoice’. Once victims click on the attachment they will receive instructions to “Enable Editing” which essentially opens the door for criminals to begin automatically installing malicious files.
Cyber Insurance Can Help Reduce Costs Following Email Scams.
That is our April list of malicious emails to keep a look out for, feel free to comment with any malicious emails we missed. Each month we will be updating and reporting new malicious emails making the rounds for Australian businesses.
Subscribe and follow Cyber Insurance Australia on Linkedin & Facebook for regular updates and information. Thanks to MailGuard , subscribe to the security blog for regular updates here.
To ensure email security for your business, contact DDM Security Systems to learn more about email encryption & protection.
Share this list with your colleagues to help spread the word before one of these nefarious emails ends up at your business.
The ASIC website offers the following advice for avoiding email scams:
Keep your antivirus software up to date
Be wary of emails that don’t address you by name or misspell your details and have unknown attachments
Don’t click any links on a suspicious email.
Above all we recommend educating employees to recognise suspicious emails and unusual behavior without curiosity getting the best of them.
It’s time for the malicious emails that came up in March 2017, we will take a look at some of the most recent email scams targeting Australian businesses. Share this list with your colleagues to spread awareness of recent scams which may come across your email inbox.
NAB customers were made aware of 2 different scams during March to look out for, one using SMS phishing and the other using email phishing. NAB updates their internal security page with fraud warnings for their customers as they discover them, we recommend monitoring these warnings if you bank with NAB.
The SMS phishing incident involved an NAB branded SMS stating that the customers card is now locked and to simply follow the included link to update security details. Of course, the link included is a malicious clone of the NAB website designed to confirm banking credentials and “unlock” the card as seen below.
NAB’s email phishing warning is very similar to the above text message trick, instead of a locked card the email indicates unusual activity on the customer’s account which needs to be confirmed urgently. The included link leads to a fake clone of the NAB website asking for banking and credit card credentials. As is commonly seen, the sending address was spoofed to be shown as alert@nab.com.au but the real sending address was upuxbsafde@rivals.com as can be seen below.
NAB has urged customers to contact their local branch or call 13 22 65 if they received either of the above phishing attempts.
Help protect your business from malicious emails with cyber insurance.
ASIC Renewal Notices
ASIC is a common target due to the information and regularity with which they interact with business owners. This month MailGuard reported an ASIC email which was distributed tens of thousands of times from a new email domain registered in China. The malicious emails which claim to be from the Australian Securities and Investment Commission contain a link to a malware downloader which begins an intrusion usually ending in ransomware and extortion.
We report on ASIC scams each month with no end in site, previous malicious emails can be found here and here. Similar to previous malicious emails, the government branding and ASIC logo head the page to start legitimate. Recipients are then instructed to follow the link and renew their company information or email a legitimate ASIC email address to cancel their registration.
Instead of the legitimate ASIC domain of @asic.gov.au the email came from ASIC-Transaction.No-reply@@asic-gov-au.co and the employee sending the request “Max Morgan” does not exist either.
“These emails often have a link that provides an invoice with fake payment details or infects your computer with malware if you click the link,” the ASIC website says.
Australian Taxation Office
Another government agency which seems to have a constant stream of malicious impersonators is the Australian Taxation Office. This month has 2 malicious emails from ATO. The first claims that the recipient’s 2016 tax return has revealed “several inconsistencies” which can be fixed by following the link to download a report and visit their nearest ATO in person to clarify the discrepancies.
The malicious link downloads a piece of malware and begins the infection.
The second fake ATO email making the rounds this month is very similar except in this instance the recipient can receive a tax refund they weren’t aware of, free money. Simply complete the online form located in the included link and the ATO will return whichever amount was listed in the email.
Unlike the first email, this is a little more complex. The enclosed link directs the user to an ATO branded online form designed to gather sensitive information for identity theft and credit card fraud.
The tax office will never send a request for additional funds or discrepancies. If you receive similar emails and would like to verify legitimacy, contact the ATO.
Help protect your business from malicious emails with cyber insurance.
That is our March list of malicious emails to keep a look out for, feel free to comment with any malicious emails we missed. Each month we will be updating and reporting new malicious emails making the rounds for Australian businesses.
Subscribe and follow Cyber Insurance Australia on Linkedin & Facebook for regular updates and information. Thanks to MailGuard & Hoaxslayer, subscribe to the security blog for regular updates here.
To ensure email security for your business, contact DDM Security Systems to learn more about email encryption & protection.
Share this list with your colleagues to help spread the word before one of these nefarious emails ends up at your business.
Here is our February 2017 wrap-up of malicious emails making the rounds for Australian businesses.
Cyber risk awareness is slowly growing but still has a long way to go before email phishing scams start to lose the incredible financial incentive. Share this list with your colleagues to spread awareness of recent scams which may come across your email inbox.
Australian Citibank customers have been the victims of the most elaborate scam email of the past few months involving replica websites and fake SMS security codes. The inclusion of SMS is extremely unusual and indicates the elaborate lengths criminals are taking. The scam itself notifies Citibank customers their account has been ‘temporarily limited’ as a result of invalid online log-in attempts. Customers are directed to follow a link to sign in and restore their online access.
Customers are then redirected to a very realistic replica of the authentic Citibank website which prompts the user input their User ID and password.
Unfortunate victims who put their details into the replica website are then prompted to verify extra personal information such as their mobile phone number and date of birth.
The next officially branded Citibank page will advise that a “one-time PIN Authentication” has been sent via SMS and advises to wait at least 5 minutes for the code to arrive. This ingenious method replicates the real two-factor authentication security procedure used by Citibank legitimately. In this time, the scammers have a short window to log in to the real Citibank website disguised as the customer. At this stage the scammer has obtained the User ID and password, allowing them to make any transaction they want which triggers the correct security code to be sent to their victim’s phone. The victim then inputs their security code which goes straight to the scammer and in turn allows them to finalise and transaction they like.
These emails can be exceedingly hard to spot as scammers are putting unseen levels of effort into duping the average recipient. This sophisticated scam tricks visitors into thinking they are dealing with the legitimate Citibank site but in reality the domain begins with rctproduction.cz which is a Children’s party business in Czech Republic.
Citibank has requested all suspicious emails be sent to spoof@citicorp.com.
Strange Parking Fines
A recent wave of peculiar emails has been reported which has raised a few eyebrows regarding the unpaid bill the recipient apparently failed to settle earlier. Fake parking infringement notices have been circulating for years but this surprisingly low dollar amount is causing curiosity to get the best of some recipients. Sums as low as $1.04 and upward of $100 are showing up with a 50% discount if paid within 14 days. Simply view the attached “ticket” for details and quickly settle the previously unknown fine.
At the time of detection by MailGuard, zero of 64 well-known antivirus vendors had flagged the link as suspicious. as can be seen at virustotal.com
The unbranded email link triggers a malicious software downloader hidden in a seemingly innocuous .zip file. Once enabled, the people behind the email are capable of downloading further malware like ransomware or key-logging software. This scam is very similar to the previous driver infringement notice email we discussed last month.
Australian Taxation Office
Perhaps the most commonly used government department for malicious email scams would have to be the Australian Taxation Office or the ATO. The email in this attempt was sent from ‘basnotification@ato.gov.au’ which appears legitimate but was traced to a compromised SendGrid account which provides bulk email delivery services. Recipients are greeted with legitimate looking email addresses, formatting, wording and the official government coat of arms.
If clicked, the suspicious link triggers an automatic download of malicious files hosted on another compromised SharePoint site. Once on your machine, the malicious .zip file executes a JavaScript file which is used to download further malicious software such as ransomware, key-logging software and spyware. The extra layers of legitimacy don’t just fool recipients but are also used to trick antivirus software. Again, at the time of discovery none of the 64 well-known antivirus providers were detecting the link as a potential danger, only MailGuard had reported the suspicious email.
The ATO featured last month with another email, this is yet another perfect example of employee education being key to identifying these emails.
Help protect your business from malicious emails with cyber insurance.
Fake Apple Account Email
An Apple email phishing scam has been discovered which is attempting to trick users into giving away their log-in information with a simple tactic. The malicious email has gone undetected by switching a lot of common letters with Greek alphabet characters ρ, υ and ω in place of p, u and w as can be seen in the screenshot below. Altering characters in this manner can help obfuscate common phrases which would normally be picked up from content filters in your antivirus.
The differing letters can clearly be seen in the above screenshot after someone points out the difference but would pass by many recipients unless paying attention. The email states that Apple is updating their user accounts but was not able to update your account and requests the user to do so by clicking the embedded link.
Users are presented with a mirror replica of the apple sign-in page and prompted to enter their account information. The fake sign-in page will also resize and adapt to different device screen sizes such as mobile phones and tablets. This tactic has been around for many years but clearly the method has not died out yet as it still nets results and warrants effort for cyber criminals.
Help protect your business from malicious emails with cyber insurance.
That is our February list of malicious emails to keep a look out for. Each month we will be updating and reporting new malicious emails making the rounds for Australia Businesses.
Thanks to MailGuard, subscribe to the security blog for regular updates here.
Share this list with your colleagues to help spread the word before one of these nefarious emails ends up at your business.
Why use a specialist broker to buy cyber insurance?
Many insurance professionals target an industry or area of specialisation which correlates with their personal interests or hobbies as they have a greater knowledge of the challenges facing businesses within that area.
Hundreds of dedicated insurance brokerages have popped up over the years for everything from marine related risks, mining, financial services, healthcare and medical industry, personal home insurance and the list goes on for each area of insurance.
The reason these brokerages separate themselves with dedicated products and agreements is to leverage their greater knowledge outside the immediate insurance industry. Utilizing insurance brokers who have a passion for your industry, were previously business owners themselves or employees within the industry they are insuring is a great way to guarantee the broker has a better understanding of the niche risks faced by your business
Protect your business with cyber insurance.
Craig McDonald, Founder of Australian cyber security firm MailGaurd, recently stated in an interview with Insurance Business Mag “Cyber insurance policies will need to constantly evolve and the broker will need to be cyber savvy in order to address the many variables within the online realm.”
” he expects cyber insurance to become a must-buy for many businesses, a proactive in-depth strategy will be key for businesses as they plan for every eventuality. Cyber insurance is great as an added layer of protection, but it’s no replacement for a strong cybersecurity strategy,”
“Brokers have an important role to play in helping organisations plan for the requirements for businesses to return to their normal operating status after a cyber attack or a data breach. Cyber insurance policies will need to constantly evolve and the broker will need to be cyber savvy in order to address the many variables within the online realm.”
How a broker works
Buying insurance online is commonplace in today’s connected world, however it can leave gaps in your insurance cover which if not accurately reviewed could be disastrous for business. Customers may choose to use the insurance company directly for their insurance needs because they believe they are cutting out the middle man to get a cheaper product. However many industries have confusing contractual obligations and regulations which in turn allows many customers to get stuck with a more expensive option which isn’t the best for their business
Your insurance broker has years of in-depth knowledge of the insurance market and can locate and negotiate the best available options assisting you to make informed decisions. Essentially doing the shopping around for you. Brokers will work with you to identify your business needs, then recommend insurance policies that ensure you are properly protected.
Dealing with an insurance broker as opposed to the insurance company directly has many benefits, for example;
An insurance broker works for you, not the insurance company so you can feel confident they have your businesses best interest at heart
A broker can explain the pros and cons of different policies to help you compare
Brokers will save you time in researching and negotiating the best insurance fit for your business needs
A broker will act as your advocate in the event of a claim and mediate the outcome, allowing you to continue trading
Brokers are able to offer premium funding options, allowing for better business cash flow
Insurance brokers can negotiate insider deals and policies which aren’t available to regular consumers.
Why use Cyber Insurance Australia?
Cyber Insurance Australia are the dedicated specialists when it comes to cyber liability and business insurance solutions for commercial and corporate organisations. Our goal is to create a more educated and protected online business community enabling Australian businesses to take all reasonable precautions to protect themselves.
Our advisers have more than 5 years corporate and commercial business insurance experience and over 15 years Information Technology industry experience
We work with a range of leading Australian and international insurers including;
Today we take a look at how some small to medium Australian businesses responded and recovered from various cyber events and how their insurance was able to assist. In the past 12 months the majority of all cyber attacks against Australian businesses were targeted at small to medium size businesses. Many owners have heard the buzzwords and have seen the major international incidents on the news but haven’t seen relatable cyber claims from Australian businesses.
Eye Surgery Clinic
2 Locations
15 Employees
$8 million turnover
Incident
An employee opened an email attachment which contained ransomware, causing the Insured to lose access to their network of digital patient records. The cyber criminals demanded ransom payment in Bitcoin of approximately $6,000 at the time of writing. Both practice’s were able to continue trading however at greatly reduced efficiency as they had not used paper records for accepting and treating patients in years. Despite having access to some paper filing, the business was not able to raise invoices as this is part of a paperless system. Forensic Investigators were able to recover the vast majority of data and restore the paperless system.
Outcome
$126,000 in forensic IT expenses, First Party damage and lost work hours.
Law Firm
1 Location
55 Employees
$20 million turnover
Incident
An unknown organisation gained access to a law firm’s network and may have gained access to sensitive client information, including a public company’s acquisition target, another public company’s prospective patent technology, the draft prospectus of a venture capital client, and a significant number of class-action lists containing plaintiff s’ personally identifiable information (PII). A forensic technician hired by the law firm determined that malware had been planted in its network. Soon after, the firm received a call from the intruder seeking $10 million to not place the stolen information online.
Outcome
The law firm incurred $2 million in expenses associated with a forensic investigation, extortion-related negotiations, a ransom payment, notification, credit and identity monitoring, restoration services and independent counsel fees. It also sustained more than $600,000 in lost business income and extra expenses associated with the system shutdown.
$2.6 million total costs
Help protect your business with cyber insurance.
Raw Materials Manufacturer
1 Location
28 Employees
$7.5 million turnover
Incident
The Insureds system was hacked via an email they received carrying a Ransomware virus. The virus prevented them from having any access to emails and their network. The criminals held the clients system to ransom and would only release files if the client paid $12,500. The fact that the client had numerous file shares and common storage areas made their system particularly vulnerable to attack and made it easy for the ransomware to encrypt nearly every file in their system.
Outcome
$12,500 in ransom costs plus an additional $25,000 in IT expenses related to diagnosing the problem, decommissioning the old servers and installing a new network.
Hardware Store
1 Location
20 Employees
$5 million turnover
Incident
An employee at a hardware store ignored internal policies and procedures and opened a seemingly innocuous file attached to an email. The next day the hardware store’s stock order and cash registers started to malfunction and business trade was impaired as a result of the network failing.
Outcome
The hardware store incurred over $100,000 in forensic investigation and restoration services. They also had additional increased working costs of $20,000 and business income loss estimated at $50,000 from the impaired operations.
$170,000 total costs
Health Clinic
1 Location
7 Employees
Turnover: unknown
Incident
A small health clinic discovered that an unauthorised third party had gained remote access to a server that contained electronic medical records. The third party posted a message on the network stating that the information on the server had been encrypted and could only be accessed with a password that would be supplied if the insured made a “ransom” payment. The insured contacted law enforcement and working with law enforcement, determined that the payment ($2,500) should be made. The payment constituted cyber extortion monies under the policy. Furthermore loss of business income amounted to $65,000 and IT forensic costs of $5,000 were paid in accordance with the coverage provided by other sections of the policy.
Outcome
$72,500 in ransom, forensic IT and lost business income costs
Help protect your business with cyber insurance.
Conclusion
Regardless of staff size, turnover or industry, all businesses have a possible exposure from the ever increasing reliance on information technology. From most reports it is only a matter of time rather than a matter of being secure or not.