Warnings about evolving cyber threats after hackers steal $1.2 million from Grafton family business – ABC News

Warnings about evolving cyber threats after hackers steal $1.2 million from Grafton family business
Paul Fuller says his account manager had good reason to trust the voice on the other end of the phone asking for bank details, but handing them over was a mistake that has cost his business almost $1.2 million.
The man on the phone introduced himself as Mike from the National Australia Bank (NAB).
Mr Fuller's Grafton-based earthworks business had previously dealt with a Mike from NAB in Coffs Harbour, so no-one was suspicious.
"He knew who had been paid the day before in our normal weekly pay run, he knew everyone we paid and the amounts," Mr Fuller said.
"Mike" tricked the accounts manager into giving him access to the business bank accounts.
"He said there'd been fraudulent activities and he needed to check things out and, bang, the money is gone."
Mr Fuller said, within minutes, the hacker had drained $1.2 million out of the company's bank account, nearly ruining the business.
"They (NAB) did get some money back but not nearly as much as went missing," Mr Fuller said.
NAB has since recovered $84,000, but has told Mr Fuller there is no chance of recovering any more.
The financial pressure has taken a toll.
Mr Fuller said he was struggling to keep the doors open.
"Twenty-five families rely on us; I lie awake at night wondering how I'm going to keep going," he said.
Mr Fuller reported the incident to police and the banking ombudsman but held little hope of having any more money returned.
"We now have lots more checks in place, including not talking to anyone from the bank except our bank manager," he said.
Mr Fuller warned other businesses to be cautious.
"The banks never ring you and ask you those questions, so don't give out any information to anyone," he said.
As a 14-year-old, with a late 90s-era PC and a dial modem, Bastian Treptel hacked into one of the big four banks in Australia and stole the details of 40,000 credit cards.
By 17, the police came knocking and he was offered a choice: juvenile detention or community work assisting the police to detect cybercriminals.
"I think it was more a bit of an embarrassment for the banks, so they didn't really want to press charges. It was more the police that went after me," he said.
For the next 14 years, Mr Treptel ran his own company helping other businesses protect themselves.
He said hacking was "similar to cancer" in that people did not think it would happen to them.
"One in three people are part of a cyber attack," he said.
"People think they're going to be provided support by the banking system and the government and they're just not.
"Only 4 per cent of Australians are getting their money back."
Mr Treptel warned it was easier for hackers to attack small businesses.
"They generally have less security, they generally have easy funds to access, they might only have one person to sign at the bank, they use things like mobile phones, identities," he said.
Mr Treptel said hacking had become more sophisticated than most business owners realised.
"It used to be that a hacker might target one or two businesses, but now I can use an artificial intelligence-based tool and I can do that to 50 businesses overnight," he said.
He said you did not even need to click on a malicious email or file now.
"If you use Outlook as a browser, or even Gmail, it's got the option to automatically download pictures, if you turn that on, you're at risk," he said.
"So just by downloading a picture onto your computer, we can get it to run code and that code can infiltrate your computer."
He said AI could then open up every PDF that was thought to be an invoice and simply change the bank account details.
Even smart TVs and other devices could be a threat.
"Printers, TVs, if you've got smart air conditioners — all these things have an IP address and all of them are an entry into your life and business," he said.
Mr Treptel said two-factor authentication should be used for everything.
ID Support NSW, the state government agency that supports victims of identity theft and hacking, said it was important for businesses to improve their cyber security.
"[This includes] mandating strong and complex passwords for all accounts, assessing the security of any third-party systems in use, limiting access to sensitive information as well as ensuring only collecting necessary personal information," a spokesperson said.
We acknowledge Aboriginal and Torres Strait Islander peoples as the First Australians and Traditional Custodians of the lands where we live, learn, and work.
This service may include material from Agence France-Presse (AFP), APTN, Reuters, AAP, CNN and the BBC World Service which is copyright and cannot be reproduced.
AEST = Australian Eastern Standard Time which is 10 hours ahead of GMT (Greenwich Mean Time)

source

Leave a Reply

Your email address will not be published. Required fields are marked *