Monday, 23 August 2021

Why You Need Encrypted Email

Encrypted email
Everyone knows there are scammers on and offline bending over backward to screw you out of your hard- earned money. But, despite the frequent warnings, publicity from various sources and personal experiences victims tell us about, scammers are still winning.

The following article confirms this:

"According to the Australian Federal Police, more than $79 million has been lost to cybercriminals in the past 12 months through business email compromise, also known as BEC scams or payment redirection scams.

In such scams, cybercriminals trick victims by getting them to redirect their legitimate fund transfers, which victims think they are making to a business, into the criminals' own accounts.

The cyberthieves usually do this by intercepting legitimate emails sent from a business to a client. They then send a new email to the client, with a notice to send money, but changing the business's bank account details to their own.

The unsuspecting victim transfers funds to the fraudster and is unaware they've been tricked until the business contacts them, asking what happened to the payment.

Police say that business email compromise scams occurred at least 3,300 times last year. Unfortunately, the police managed to retrieve only $8.45 million, a fraction of the total lost. "

- Tony Mitchell, Aviso EIA, Insurance Brokers

There are two things that concern me about this situation.

First, in Australia anyone opening a bank account has to provide 100 points of proof from official documents like passports, birth certificates, driver's licences, and Medicare Cards. Additionally, any transaction over 10 thousand dollars, especially those out of the country, is vetted by AUSTRAC.

Given the above, one would think that when someone is duped out of money, it would be easy for police to identify the accounts involved and the people who own the accounts. Apparently not which raises some serious questions.

Second, the people handling an organisation's payments, or individuals transferring money, aren't making sufficient effort to ensure their transfers are secure.

Encrypted Email

There are numerous email clients available that provide end-to-end encryption. This means that when an email leaves your device, the content is encrypted so that if it is intercepted, it cannot be read. It can only be read on the device of the recipient.

Find out if the email client you use is encrypted. If it isn't, perhaps think about getting a different one or using a different approach to transfer at-risk data eg, software that encrypts specific data (see below).

Encryption is a great safeguard, but with highly confidential or high-risk email transmissions, the message should not be left either on the senders or the recipient's hard disk drive/device because it could be hacked and is not encrypted. It's highly unlikely someone would benefit from this information given the types of scams we are speaking about, but it should be a precaution you take with all confidential data.

Encryption Software

If you used this approach, you would put confidential data in an encrypted, password-protected file and attach it to your email. Adobe Portable Document Format (PDF) files have this capability if you have Adobe software or some others that are available that convert files to PDF. You can assign a password for the document to be opened and much more. Data inside the document are encrypted.

There are other alternatives. I use a software program called Folder Lock that provides several useful functions including the ability to create a ZIP file with date encrypted and password locked.






Obviously, encryption of files won't stop someone intercepting your email if you use an unencrypted email client. However, it's good to think about documents that need to be protected during and after transmission and have a routine for doing so.

Talking of Routines

When I was a manager, I ensured my staff had access to Standard Operating Procedures that instructed them how to do tasks.

In an accounting department there should be an instruction to check all BSB and Bank Account numbers before sending money over a certain amount. This could be done by looking at clients' previous bank details if they are regularly paid eg, accounts payable, or telephoning them to confirm their details before making a large money transfer.

It's up to people responsible for money transfers to design a procedure that works for them. That will reduce considerably the risk involved in paying scammers instead of those for whom the payment was intended.

Good luck.

Robin


Saturday, 7 August 2021

Lending a Hand - Traffic Accident

For a little over four years, I worked with the Traffic Accident Investigation Squad that covered the larger Brisbane Metropolitan area. Our role was only to attend fatal traffic incidents and those where dangerous driving or criminal negligence was concerned.

It was a tough job spending our working days watching people kill each other or themselves on our roads. It was especially difficult when victims were young children and those whose deaths were preventable had an iota of common sense prevailed.

While working, we didn't have time to think about the deceased and broken. We had to do the work measuring the road, drawing a map, photographing the vehicles and interviewing witnesses. 

Afterwards, the reality that someone's life had ended and that their loved ones would be heartbroken and never see them again would come into our thoughts. It was a policing task wherein we were dealing with largely lovely people (the families) and not the usual misfits we'd deal with in other areas of policing. The criminals, wife bashers, sex offenders.

All of us in the section drank too much and sometimes we used humour to get us through the day as shown in this photograph of a very old Holden sedan in which a young person was killed. He let his expectations exceed his ability when cornering and rolled the vehicle. I took numerous photos of the scene, but this one attracted my attention. I thought there was a certain irony in it.

We worked in teams of two and one week we had a young police cadet assigned to us for training. I guess he would have been 16-17 years old and keen about getting experience in traffic accident investigation.

My colleague and I were on a 7 am to 3 pm shift and just after 8 am we received a call from Police Operations that a fatal had occurred. The boss asked us to take the cadet with us, which we did.

We hopped into our F100 Ford truck commonly known as the "Death Mobile" and headed to the scene. A couple of local police was in attendance directing traffic around the scene and it appeared that a guy on a motorcycle had overtaken and hadn't seen (or perhaps thought he could beat) a cement truck coming the opposite way.

Unfortunately for him, he had hit the side of the truck and the scoop had taken off his right arm and some part of the truck had smacked into the right side of his helmet.

The body was lying on the roadway with what was left of his helmet intact and he obviously had a missing arm. 

While I asked the cadet to hold the end of a tape measure, my colleague walked up and down the road looking for the arm. After he found it, he covered it with a piece of rag and came over to us and said to the cadet, "Can I give you a hand?" and passed the limb to the cadet.

He almost passed out. After telling us it wasn't funny and calling my colleague a ghoul, he did what we asked and placed the arm with the body which by now had been covered. He was visibly shaken for a while as he hadn't seen a dead body before, let alone one with bloodied injuries and an arm savagely pulled from its socket. My colleague and I thought it was a great joked but after a short laugh, got back to work.

After we had finished up at the scene, on the trip back to the office, we talked to him about how it was necessary to have some diversion strategies, including humour to survive.

We made sure he helped follow up with several witness interviews, and attended the autopsy of the deceased.

When he left our office and returned to the Police Academy, he assured us he had gained a lot from us and appreciated the experience.

Another day of policing.

Robin

Tuesday, 27 July 2021

Police Life - Working Radar

Marconi Radar
Marconi Radar System
When I worked radar detecting speeding vehicles in the mid-70s, we used Marconi static radar equipment.

At left is a more modern version than we used. Ours was a grey box with four legs that sat on the side of the road and cast a radar beam at 45 degrees forward across the road. It had a round dial with speeds from zero to about 140 km/hr.

When we began our shift, we'd pick up a police vehicle, a 12 v battery (same as a car battery), the Marconi set, a spool with several hundred metres of dual-core cable, an office chair, and an audio box. It was fairly primitive.

When we chose a scene, we'd set everything up and then drive our police car through the radar beam at 60 and 80 km/hr to check that the radar was working correctly.

We'd roll out the dual-core cable to the place where we would stop offenders, and hook it up to the audio speaker.

Then we'd get to work. We'd hide the vehicle and a sergeant would operate the Marconi.

When a vehicle exceeded the speed limit by over 10 km, the sergeant would say something like, "74 on the green Mazda". We'd walk out onto the road and signal the driver to stop.

We'd then advise the driver we had detected a breach of the speed limit and issue a Traffic Offence Notice (TON).

It was a pretty ordinary job, but occasionally we'd get to chat with lovely young women, arrest drink drivers and people who abused us, and occasionally have a laugh at someone else's expense.

We worked with one sergeant who, on evening shifts, always brought a briefcase with him. He said it was his paperwork, but it weighed a tonne on the rare occasions we could actually pick it up - he was very defensive of his briefcase. Inside were three or four bottles of beer - 750 ml bottles.

While we wrote out TONs, he'd be sitting in the dark drinking beer.

Every few shifts, we'd see a vehicle approaching that was obviously doing well over the speed limit and we'd hear nothing on our audio. We'd press our audio button and ask, "Are you there serge?" No answer.

We'd leave it for a few minutes thinking our colleague may have taken a walk to urinate. We'd call again. Still no answer.

One of us would walk the 300 m back to the sergeant only to find him asleep with no evidence of the empty beer bottles which he would have thrown into the scrub. We'd wake him up and get back to work until he told us to pack up.

One day we tied a log to the audio cable after we'd told the sergeant on audio to wind in the cable. He wasn't impressed at having dragged a large log 300 m, but eventually saw the funny side.

Another day one of our teams tied a stray dog to the cable. It was pretty unhappy by the time it had been pulled 300 m by a force it didn't quite understand and then had to confront a pissed-off sergeant. 

When we worked one Christmas Day the serge told us he didn't want to write too many tickets just concentrate on really fast speeding. "After all, it was Christmas", he said.

There was very little traffic about, but one driver we had to pull up - 25 km over the speed limit. The sergeant told us to ask him hadn't he seen the radar set and give him a ticket for 10 km over which was less expensive. So we did that.

When we reported to the sergeant that he'd not seen the Marconi, the sergeant pulled it closer to the edge of the road. As expected, we never got to write another ticket for the day.

His strategy of kindness at Christmas worked well.

Next edition - lending a hand.

Robin

Friday, 23 July 2021

Even King Arthur had bad hair days

If you're suffering from lockdown syndrome, about to kick the cat or tell your partner to stop whining, and a bit down in the dumps, think of King Arthur to whom Merlin gave this advice:

I studied Timothy White while doing year 12 English what now seems a thousand years ago. This was one of my all-time favourite quotations.

Stay well and be happy.

Robin