When your phone stops working, change your internet banking password

Yesterday (12 Jul) I attended a presentation by Detective Inspector
Bruce van der Graaf, head of the NSW Police Fraud & Cybercrime Squad,
about the current criminal threat landscape.

The most important part:

  If your phone stops working (cannot connect to the network, not if
  you drop it or forget to charge it), first change all your internet
  banking passwords (savings bank, re-draw mortgage provider and your
  superannuation fund), and then contact your phone company.

Most banks now provide two-factor authentication: to authorize a netbank
transfer, they send you an SMS code. To get around that, criminals
(impersonating the victim) get the phone company to transfer the mobile
number to their own phones.

Obviously, for this attack they need the internet banking password in
the first place. To protect it:
 - do not fall victim to "phishing" attacks: emails apparently from
   your bank, about new security message or similar, tricking you into
   "logging in" to a fake website
 - do not allow malware (viruses, keystroke loggers, malicious browser
   plugins) to install on your computer.


---


The police cybercrime unit is over-stretched under-staffed, they do not
want to know about every spam or scam. There is one scam that they would
like to be reported: when you receive an email from a friend saying they
are overseas, been robbed or similar, and need you to send them money
urgently to pay hotel bills or airfares. Then, if you are willing to
"turn over" your email account to police, please report it urgently: so
the police can engage the criminal and maybe catch him in the act.


---


Cheers, Paul