SlideShare a Scribd company logo
How to protect your
conveyancing practice from
payment redirection fraud?
Practical tips to defend your business from cyber attacks
Who we are
Nicholas
Technology and legal expert with over 20 years of industry
experience
Gabor
Cybersecurity expert with over ten years experience, having
worked in both private and public sectors
Who we are
www.ironbastion.com.au
We defend small to midsize businesses
from cyber scams and hacking
What we are covering tonight…
1) Why cybercriminals target conveyancing
practices
2) The consequences of being scammed
3) How payment redirection fraud works
4) How to protect your practice
5) Questions
Would everyone please stand up…
Before we begin, a small exercise
Sit down if you….
❌ Have a business computer which does not have anti-
virus
❌ Have advanced phishing protection in place?
❌ Do not know what two factor authentication (2FA) is,
or have never used 2FA for your email
❌ Do you provide phishing awareness training to your
employees?
Anyone still standing?
❌ Have used 2FA but turned it off because it was too
inconvenient
1) Why cybercriminals target
conveyancers?
1) Why cybercriminals target conveyancers?
• Practitioners are low hanging
fruit for cybercriminals.
• underinvestment in security
• bad advice
• no advice
• High-value financial transactions
• Insecure communication
channels
• New e-conveyancing platforms
1) Why cybercriminals target conveyancers?
In-house research of conveyancers:*
• ISP provided email (e.g TPG) - 20%
• Webmail (e.g. Hotmail) - 10 %
• Office 365 - 70%
* Non-representative sample
1) Why cybercriminals target conveyancers?
Anti-phishing
protection:
• Yes - 0%
• No - 100%
Two-factor:
• Yes - 10%
• No - 90%
Password
reuse:
• Yes - 90%
• No - 10%
Paid antivirus:
• Yes - 90%
• No - 10%
You do not have to look far for Aussie examples
•“MasterChef finalist caught in conveyancing
hacker attack”
•Mid-May, a client lost about $700,000
•May 31 when a client lost more than $1 million
https://www.propertyobserver.com.au/forward-planning/advice-and-hot-topics/85862-pexa-warning-as-conveyancing-fraud-funds-
end-up-in-thailand.html
https://www.smh.com.au/business/companies/masterchef-finalist-caught-in-conveyancing-hacker-attack-20180622-p4zn4o.html
2) Consequences?
2) Consequences?
•Breach of confidential information
• copy of identity documents
• personal details
•Financial
•Lawsuits
•Reputation
Try Googling your brand..
once you
have suffer
a publicised
data breach
3) How payment
redirection scams work
3) How payment redirection scams work
As easy as 1-2-3
1. Steal mailbox passwords
• Phishing
• Data breaches
2. Intercept emails
3. Tamper with payment instructions
Phishing
• Social Engineering
• Exploits the weaknesses in people – ‘click whirr’ behavioural
responses
• Fake logins that capture credentials
Credentials from Data Breaches
• Websites get hacked.
• People reuse same
email and password
across multiple online
accounts.
Credentials from Data Breaches
Secret: “hackers” log into your webmail
4) How to protect
your practice
4) How to protect your practice
1.Two-factor
authentication (2FA)
2.Stop email spoofing
3.Better antivirus
4.Anti-phishing services
4) How to protect your practice
1.Two-factor
authentication (2FA)
2.Stop email spoofing
3.Better antivirus
4.Anti-phishing services
I. Two-factor authentication (2FA)
Powerful security
measure protecting
from:
•Bad passwords
•Stolen passwords
•Leaked passwords
I. Two-factor authentication (2FA)
I. Two-factor authentication (2FA)
How to turn on:
https://blog.ironbastio
n.com.au/how-to-
prevent-payment-
misdirection-fraud-at-
your-conveyancing-
practice-2fa/
4) How to protect your practice
1.Two-factor
authentication (2FA)
2.Stop email spoofing
3.Better antivirus
4.Anti-phishing services
II. Stop email spoofing
II. Stop email spoofing
How to impersonate
Saul Goodman <saul.goodman@sgassociates.com>
• Method #1 – Email Address Spoofing:
Saul’s email address and his name are spoofed on an incoming
email so that the sender appears to be:
Saul Goodman <saul.goodman@sgassociates.com>
• Method #2 – Display Name Spoofing:
Only Saul’s name is spoofed, but not the email address:
Saul Goodman <saul.goodman1337@gmail.com>
II. Stop email spoofing
Method #1 – Email Address Spoofing:
Saul’s email address and his name are spoofed on an incoming email
so that the sender appears to be:
Saul Goodman <saul.goodman@sgassociates.com>.
 SPF/DKIM/DMARC DNS records
More: https://blog.ironbastion.com.au/email-impersonation-scams-
phishing-what-your-staff-can-do/
II. Stop email spoofing
• Method #2 – Display Name Spoofing:
Only Saul’s name is spoofed, but not the email address:
Saul Goodman <saul.goodman1337@gmail.com>.
Add warning banners
Use anti-phishing services
More: https://blog.ironbastion.com.au/email-impersonation-
scams-phishing-what-your-staff-can-do/
4) How to protect your practice
1.Two-factor
authentication (2FA)
2.Stop email spoofing
3.Better antivirus
4.Anti-phishing services
III. Better antivirus
Keeps your computer safe from:
• Ransomware
• Phishing
• Keyloggers
• Miscellaneous wizardry
III. Better antivirus
Buy the business version
any of these:
•avast!
•Avira
•Bitdefender
•ESET
•Kaspersky
4) How to protect your practice
1.Two-factor
authentication (2FA)
2.Stop email spoofing
3.Better antivirus
4.Anti-phishing services
IV. Anti-phishing services (email)
Pre-screens your incoming emails
• Superior to your spam filter
• Machine learning & AI powered
• Text semantics
• Web link protection
• Deep analysis of file attachments
IV. Anti-phishing services (email)
• Typically available as separate services
for your email platform
• Works with every platform
(Office 365, G Suite, GoDaddy, etc.)
• We suggest you to research what
providers are available on the market
providing managed anti-phishing services
IV. Anti-phishing services (web browsing)
Web browsing protection protects
from phishing attempts arriving in:
• Private emails
• Instant messengers (WeChat, etc.)
• Text messages
IV. Anti-phishing services (web browsing)
Blocks access to phishing websites
on:
• Computers and smartphones
• In the office or on the road
• Protects your staff at home
IV. Anti-phishing service (II.)
III. Anti-phishing services (phishing awareness)
4% of people in any given phishing
campaign will click on a phishing email*
1.Phish your own staff
2.Identify vulnerable people
3.Target them with training materials
* https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf
5) Where to get help
5) Where to get help
• Report the scam to ACCC ScamWatch,
ACORN and ACSC
• Victims of identity theft: you should contact
IDCARE, NFP helping people
• Have a conversation with your IT Service
Provider, or staff. Use these slides as a talking
point!
6) Questions?
💌 nick@ironbastion.com.au
💌 gabor@ironbastion.com.au
🌏 www.ironbastion.com.au
Attribution
• https://blog.cryptoaustralia.org.au/2018/07/19/how-to-protect-your-legal-
practice-from-payment-redirection-fraud/
• Cruz/Kavadias/Szathmari – How to Protect Your Legal Practice from Payment
Redirection Fraud

More Related Content

More from Gabor Szathmari

Privacy for journalists introduction
Privacy for journalists introductionPrivacy for journalists introduction
Privacy for journalists introduction
Gabor Szathmari
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for Journalists
Gabor Szathmari
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists Introduction
Gabor Szathmari
 
Safe Browsing in 2016
Safe Browsing in 2016Safe Browsing in 2016
Safe Browsing in 2016
Gabor Szathmari
 
When the CDN goes bananas
When the CDN goes bananasWhen the CDN goes bananas
When the CDN goes bananas
Gabor Szathmari
 
PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)
Gabor Szathmari
 

More from Gabor Szathmari (6)

Privacy for journalists introduction
Privacy for journalists introductionPrivacy for journalists introduction
Privacy for journalists introduction
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for Journalists
 
Privacy for Journalists Introduction
Privacy for Journalists IntroductionPrivacy for Journalists Introduction
Privacy for Journalists Introduction
 
Safe Browsing in 2016
Safe Browsing in 2016Safe Browsing in 2016
Safe Browsing in 2016
 
When the CDN goes bananas
When the CDN goes bananasWhen the CDN goes bananas
When the CDN goes bananas
 
PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)PGP and Keybase (CryptoParty Belfast)
PGP and Keybase (CryptoParty Belfast)
 

Recently uploaded

Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
kumardaparthi1024
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 

Recently uploaded (20)

Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
GenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizationsGenAI Pilot Implementation in the organizations
GenAI Pilot Implementation in the organizations
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 

Iron Bastion - How to protect your conveyancing practice from payment redirection fraud

  • 1. How to protect your conveyancing practice from payment redirection fraud? Practical tips to defend your business from cyber attacks
  • 2. Who we are Nicholas Technology and legal expert with over 20 years of industry experience Gabor Cybersecurity expert with over ten years experience, having worked in both private and public sectors
  • 3. Who we are www.ironbastion.com.au We defend small to midsize businesses from cyber scams and hacking
  • 4. What we are covering tonight… 1) Why cybercriminals target conveyancing practices 2) The consequences of being scammed 3) How payment redirection fraud works 4) How to protect your practice 5) Questions
  • 5. Would everyone please stand up… Before we begin, a small exercise
  • 6. Sit down if you…. ❌ Have a business computer which does not have anti- virus ❌ Have advanced phishing protection in place? ❌ Do not know what two factor authentication (2FA) is, or have never used 2FA for your email ❌ Do you provide phishing awareness training to your employees? Anyone still standing? ❌ Have used 2FA but turned it off because it was too inconvenient
  • 7. 1) Why cybercriminals target conveyancers?
  • 8. 1) Why cybercriminals target conveyancers? • Practitioners are low hanging fruit for cybercriminals. • underinvestment in security • bad advice • no advice • High-value financial transactions • Insecure communication channels • New e-conveyancing platforms
  • 9. 1) Why cybercriminals target conveyancers? In-house research of conveyancers:* • ISP provided email (e.g TPG) - 20% • Webmail (e.g. Hotmail) - 10 % • Office 365 - 70% * Non-representative sample
  • 10. 1) Why cybercriminals target conveyancers? Anti-phishing protection: • Yes - 0% • No - 100% Two-factor: • Yes - 10% • No - 90% Password reuse: • Yes - 90% • No - 10% Paid antivirus: • Yes - 90% • No - 10%
  • 11. You do not have to look far for Aussie examples •“MasterChef finalist caught in conveyancing hacker attack” •Mid-May, a client lost about $700,000 •May 31 when a client lost more than $1 million https://www.propertyobserver.com.au/forward-planning/advice-and-hot-topics/85862-pexa-warning-as-conveyancing-fraud-funds- end-up-in-thailand.html https://www.smh.com.au/business/companies/masterchef-finalist-caught-in-conveyancing-hacker-attack-20180622-p4zn4o.html
  • 13. 2) Consequences? •Breach of confidential information • copy of identity documents • personal details •Financial •Lawsuits •Reputation
  • 14. Try Googling your brand.. once you have suffer a publicised data breach
  • 16. 3) How payment redirection scams work As easy as 1-2-3 1. Steal mailbox passwords • Phishing • Data breaches 2. Intercept emails 3. Tamper with payment instructions
  • 17. Phishing • Social Engineering • Exploits the weaknesses in people – ‘click whirr’ behavioural responses • Fake logins that capture credentials
  • 18. Credentials from Data Breaches • Websites get hacked. • People reuse same email and password across multiple online accounts.
  • 20. Secret: “hackers” log into your webmail
  • 21. 4) How to protect your practice
  • 22. 4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
  • 23. 4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
  • 24. I. Two-factor authentication (2FA) Powerful security measure protecting from: •Bad passwords •Stolen passwords •Leaked passwords
  • 26. I. Two-factor authentication (2FA) How to turn on: https://blog.ironbastio n.com.au/how-to- prevent-payment- misdirection-fraud-at- your-conveyancing- practice-2fa/
  • 27. 4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
  • 28. II. Stop email spoofing
  • 29. II. Stop email spoofing How to impersonate Saul Goodman <saul.goodman@sgassociates.com> • Method #1 – Email Address Spoofing: Saul’s email address and his name are spoofed on an incoming email so that the sender appears to be: Saul Goodman <saul.goodman@sgassociates.com> • Method #2 – Display Name Spoofing: Only Saul’s name is spoofed, but not the email address: Saul Goodman <saul.goodman1337@gmail.com>
  • 30. II. Stop email spoofing Method #1 – Email Address Spoofing: Saul’s email address and his name are spoofed on an incoming email so that the sender appears to be: Saul Goodman <saul.goodman@sgassociates.com>.  SPF/DKIM/DMARC DNS records More: https://blog.ironbastion.com.au/email-impersonation-scams- phishing-what-your-staff-can-do/
  • 31. II. Stop email spoofing • Method #2 – Display Name Spoofing: Only Saul’s name is spoofed, but not the email address: Saul Goodman <saul.goodman1337@gmail.com>. Add warning banners Use anti-phishing services More: https://blog.ironbastion.com.au/email-impersonation- scams-phishing-what-your-staff-can-do/
  • 32. 4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
  • 33. III. Better antivirus Keeps your computer safe from: • Ransomware • Phishing • Keyloggers • Miscellaneous wizardry
  • 34. III. Better antivirus Buy the business version any of these: •avast! •Avira •Bitdefender •ESET •Kaspersky
  • 35. 4) How to protect your practice 1.Two-factor authentication (2FA) 2.Stop email spoofing 3.Better antivirus 4.Anti-phishing services
  • 36. IV. Anti-phishing services (email) Pre-screens your incoming emails • Superior to your spam filter • Machine learning & AI powered • Text semantics • Web link protection • Deep analysis of file attachments
  • 37. IV. Anti-phishing services (email) • Typically available as separate services for your email platform • Works with every platform (Office 365, G Suite, GoDaddy, etc.) • We suggest you to research what providers are available on the market providing managed anti-phishing services
  • 38. IV. Anti-phishing services (web browsing) Web browsing protection protects from phishing attempts arriving in: • Private emails • Instant messengers (WeChat, etc.) • Text messages
  • 39.
  • 40. IV. Anti-phishing services (web browsing) Blocks access to phishing websites on: • Computers and smartphones • In the office or on the road • Protects your staff at home
  • 42. III. Anti-phishing services (phishing awareness) 4% of people in any given phishing campaign will click on a phishing email* 1.Phish your own staff 2.Identify vulnerable people 3.Target them with training materials * https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf
  • 43. 5) Where to get help
  • 44. 5) Where to get help • Report the scam to ACCC ScamWatch, ACORN and ACSC • Victims of identity theft: you should contact IDCARE, NFP helping people • Have a conversation with your IT Service Provider, or staff. Use these slides as a talking point!
  • 45. 6) Questions? 💌 nick@ironbastion.com.au 💌 gabor@ironbastion.com.au 🌏 www.ironbastion.com.au