Monday, 23 August 2021

Why You Need Encrypted Email

Encrypted email
Everyone knows there are scammers on and offline bending over backward to screw you out of your hard- earned money. But, despite the frequent warnings, publicity from various sources and personal experiences victims tell us about, scammers are still winning.

The following article confirms this:

"According to the Australian Federal Police, more than $79 million has been lost to cybercriminals in the past 12 months through business email compromise, also known as BEC scams or payment redirection scams.

In such scams, cybercriminals trick victims by getting them to redirect their legitimate fund transfers, which victims think they are making to a business, into the criminals' own accounts.

The cyberthieves usually do this by intercepting legitimate emails sent from a business to a client. They then send a new email to the client, with a notice to send money, but changing the business's bank account details to their own.

The unsuspecting victim transfers funds to the fraudster and is unaware they've been tricked until the business contacts them, asking what happened to the payment.

Police say that business email compromise scams occurred at least 3,300 times last year. Unfortunately, the police managed to retrieve only $8.45 million, a fraction of the total lost. "

- Tony Mitchell, Aviso EIA, Insurance Brokers

There are two things that concern me about this situation.

First, in Australia anyone opening a bank account has to provide 100 points of proof from official documents like passports, birth certificates, driver's licences, and Medicare Cards. Additionally, any transaction over 10 thousand dollars, especially those out of the country, is vetted by AUSTRAC.

Given the above, one would think that when someone is duped out of money, it would be easy for police to identify the accounts involved and the people who own the accounts. Apparently not which raises some serious questions.

Second, the people handling an organisation's payments, or individuals transferring money, aren't making sufficient effort to ensure their transfers are secure.

Encrypted Email

There are numerous email clients available that provide end-to-end encryption. This means that when an email leaves your device, the content is encrypted so that if it is intercepted, it cannot be read. It can only be read on the device of the recipient.

Find out if the email client you use is encrypted. If it isn't, perhaps think about getting a different one or using a different approach to transfer at-risk data eg, software that encrypts specific data (see below).

Encryption is a great safeguard, but with highly confidential or high-risk email transmissions, the message should not be left either on the senders or the recipient's hard disk drive/device because it could be hacked and is not encrypted. It's highly unlikely someone would benefit from this information given the types of scams we are speaking about, but it should be a precaution you take with all confidential data.

Encryption Software

If you used this approach, you would put confidential data in an encrypted, password-protected file and attach it to your email. Adobe Portable Document Format (PDF) files have this capability if you have Adobe software or some others that are available that convert files to PDF. You can assign a password for the document to be opened and much more. Data inside the document are encrypted.

There are other alternatives. I use a software program called Folder Lock that provides several useful functions including the ability to create a ZIP file with date encrypted and password locked.






Obviously, encryption of files won't stop someone intercepting your email if you use an unencrypted email client. However, it's good to think about documents that need to be protected during and after transmission and have a routine for doing so.

Talking of Routines

When I was a manager, I ensured my staff had access to Standard Operating Procedures that instructed them how to do tasks.

In an accounting department there should be an instruction to check all BSB and Bank Account numbers before sending money over a certain amount. This could be done by looking at clients' previous bank details if they are regularly paid eg, accounts payable, or telephoning them to confirm their details before making a large money transfer.

It's up to people responsible for money transfers to design a procedure that works for them. That will reduce considerably the risk involved in paying scammers instead of those for whom the payment was intended.

Good luck.

Robin


Saturday, 7 August 2021

Lending a Hand - Traffic Accident

For a little over four years, I worked with the Traffic Accident Investigation Squad that covered the larger Brisbane Metropolitan area. Our role was only to attend fatal traffic incidents and those where dangerous driving or criminal negligence was concerned.

It was a tough job spending our working days watching people kill each other or themselves on our roads. It was especially difficult when victims were young children and those whose deaths were preventable had an iota of common sense prevailed.

While working, we didn't have time to think about the deceased and broken. We had to do the work measuring the road, drawing a map, photographing the vehicles and interviewing witnesses. 

Afterwards, the reality that someone's life had ended and that their loved ones would be heartbroken and never see them again would come into our thoughts. It was a policing task wherein we were dealing with largely lovely people (the families) and not the usual misfits we'd deal with in other areas of policing. The criminals, wife bashers, sex offenders.

All of us in the section drank too much and sometimes we used humour to get us through the day as shown in this photograph of a very old Holden sedan in which a young person was killed. He let his expectations exceed his ability when cornering and rolled the vehicle. I took numerous photos of the scene, but this one attracted my attention. I thought there was a certain irony in it.

We worked in teams of two and one week we had a young police cadet assigned to us for training. I guess he would have been 16-17 years old and keen about getting experience in traffic accident investigation.

My colleague and I were on a 7 am to 3 pm shift and just after 8 am we received a call from Police Operations that a fatal had occurred. The boss asked us to take the cadet with us, which we did.

We hopped into our F100 Ford truck commonly known as the "Death Mobile" and headed to the scene. A couple of local police was in attendance directing traffic around the scene and it appeared that a guy on a motorcycle had overtaken and hadn't seen (or perhaps thought he could beat) a cement truck coming the opposite way.

Unfortunately for him, he had hit the side of the truck and the scoop had taken off his right arm and some part of the truck had smacked into the right side of his helmet.

The body was lying on the roadway with what was left of his helmet intact and he obviously had a missing arm. 

While I asked the cadet to hold the end of a tape measure, my colleague walked up and down the road looking for the arm. After he found it, he covered it with a piece of rag and came over to us and said to the cadet, "Can I give you a hand?" and passed the limb to the cadet.

He almost passed out. After telling us it wasn't funny and calling my colleague a ghoul, he did what we asked and placed the arm with the body which by now had been covered. He was visibly shaken for a while as he hadn't seen a dead body before, let alone one with bloodied injuries and an arm savagely pulled from its socket. My colleague and I thought it was a great joked but after a short laugh, got back to work.

After we had finished up at the scene, on the trip back to the office, we talked to him about how it was necessary to have some diversion strategies, including humour to survive.

We made sure he helped follow up with several witness interviews, and attended the autopsy of the deceased.

When he left our office and returned to the Police Academy, he assured us he had gained a lot from us and appreciated the experience.

Another day of policing.

Robin