Beware of spam emails pulling nasty tricks to get at your money or take control of your computer.
Security firm ESET is warning of scam emails currently being sent to Australians under the guise of messages from banks.
An email purportedly from Bendigo Bank has the subject line "Bendigo Bank Morning Update" along with a Trojan-laden attachment that downloads additional malware including a password stealer.
Another poses - not very convincingly - as a message from ANZ Bank. It uses the subject line "New message" with the text "New private message from 'A N Z' received. Click here. Thank you."
The words "Click here" are hyperlinked to a fake version of ANZ's login page.
Meanwhile, NAB has been warning its customers about the latest in a series of phishing emails seeking confirmation of a supposed transfer to an overseas account. You can see a sample at the bank's (real) web site.
And since this is the time of year when most of us lodge tax returns, the ACCC's ScamWatch operation has renewed its warning about ATO-related scams.
If you receive a phone call from someone claiming to be from the ATO and who says you owe them money or are entitled to a refund, just hang up. This applies whether it's a live person or a robocall. And the ATO never asks for personal or financial details by email, so you can delete any messages along those lines. If you are at all concerned that the ATO really might have been trying to reach you, give them a ring instead - don't trust the internet, get the enquiry number from the printed White Pages directory or a letter or other document that you're sure came from the ATO, such as last year's assessment notice.
ESET malware researcher Sieng Chye Oh offered this advice:
"Firstly, make sure the web page you are using is secure, as unsecure banking sites can have fake pages created with malware that can steal your information.
"If you think your computer is affected with malware, stay away from banking sites until it's clean and don't use public Wi-Fi.
"Also, be aware of being contacted by phone calls, SMS or emails, always be suspicious of out of the blue contact and if you are unsure, check with your bank through a communication channel you initiated."
Other tips for staying safe include being very cautious about opening attachments or clicking links in unexpected emails. Scammers have used the names and trademarks of banks, government departments and entities, courier companies, travel agencies, money-transfer services and insurance companies to mask their activities.
Using an email provider with good anti-spam measures will reduce the number of these scam messages that actually reach you, and running one of the more comprehensive security suites on your computer will in many cases prevent you from opening a booby-trapped attachment or following a link to a phishing or otherwise unsafe site. But don't let either of those measures lull you or your staff into a false sense of security.
It's also a good idea to promptly apply patches for your computer's operating system and for popular software such as Microsoft Office and Adobe's Reader and Flash Player. You might be surprised to learn how much malware relies on vulnerabilities that have already been fixed.
