At the SDC, safeguarding our funds against theft and fraud isn't just a priority—it's a commitment.

So today, we’ll share a story highlighting the unpredictable ways in which theft and fraud can arise and offer insights from a former hacker who is now dedicated to strengthening business cyber defences.

Recently, Paul Fuller's Grafton-based earthworks company almost lost close to $1.2 million when hackers tricked their accounts manager into sharing the business's bank details over a call.

The man on the other line said he was Mike from National Australia Bank (NAB).

Having previously interacted with a Mike from NAB in Coffs Harbour, no one in Mr Fuller's company was suspicious.

The Australian Cyber Security Center (ACSC) receives an average of 164 cybercrime reports daily, amounting to one report every 10 minutes. Image source: Pixabay

‘He knew who had been paid the day before in our normal weekly pay run, he knew everyone we paid and the amounts,’ Mr Fuller said.

‘Mike’ tricked the accounts manager into giving him access to the business bank accounts.

‘He said there'd been fraudulent activities, and he needed to check things out and, bang, the money is gone.’

Mr Fuller recalled that in just a few minutes, the hacker had taken $1.2 million from the company's bank account, almost causing the business to collapse.

‘They (NAB) did get some money back but not nearly as much as went missing,’ Mr Fuller said.

NAB managed to retrieve $84,000 but informed Mr Fuller that further recovery was unlikely.

The financial strain has been immense.

Mr Fuller mentioned he's finding it hard to keep the business running.

‘Twenty-five families rely on us; I lie awake at night wondering how I'm going to keep going,’ he shared.

Mr Fuller notified both the police and the banking ombudsman about the incident, but he isn't optimistic about recovering any more of the money.

‘We now have lots more checks in place, including not talking to anyone from the bank except our bank manager,’ he said.

Mr Fuller advised other businesses to stay alert.

‘The banks never ring you and ask you those questions, so don't give out any information to anyone,’ he stressed.

Ex-hacker turns over a new leaf

At 14, using a late 90s PC and dial-up modem, Bastien Treptel broke into one of Australia's major banks and stole the details of 40,000 credit cards.

By the age of 17, the police approached him with an ultimatum: serve time in juvenile detention or help the police in identifying cybercriminals.

‘I think it was more a bit of an embarrassment for the banks, so they didn't really want to press charges. It was more the police that went after me,’ he said.

Over the following 14 years, Mr Treptel ran his own company helping other businesses protect themselves.

Bastien Treptel is now collaborating with brands to raise awareness about cyber and digital crime. Image source: LinkedIn (@bastien-treptel-80a38747)

He said that hacking, much like ‘cancer,’ is something people believe won't happen to them.

‘One in three people are part of a cyber attack,’ he pointed out.

‘People think they're going to be provided support by the banking system and the government, and they're just not.

‘Only [four] per cent of Australians are getting their money back.’

Why small businesses are targets

Mr Treptel warned that small businesses are more accessible targets for hackers.

‘They generally have less security, they generally have easy funds to access, they might only have one person to sign at the bank, they use things like mobile phones, identities,’ he said.

Mr Treptel noted that hacking techniques are now more advanced than many business owners recognise.

‘It used to be that a hacker might target one or two businesses, but now I can use an artificial intelligence-based tool, and I can do that to 50 businesses overnight,’ he said.

He said that nowadays, you don't even have to open a malicious email or file.

‘If you use Outlook as a browser or even Gmail, it's got the option to automatically download pictures, if you turn that on, you're at risk,’ he said.

‘So just by downloading a picture onto your computer, we can get it to run code, and that code can infiltrate your computer.’

He also mentioned that AI can alter bank details in invoices found in PDF files. Devices like smart TVs also pose risks.

‘Printers, TVs, if you've gotten smart air conditioners—all these things have an IP address, and all of them are an entry into your life and business,’ he pointed out.

Mr Treptel emphasised the importance of two-factor authentication.

ID Support NSW, the state's agency aiding identity theft and hacking victims, stressed the significance of businesses enhancing their cybersecurity.

‘[This includes] mandating strong and complex passwords for all accounts, assessing the security of any third-party systems in use, limiting access to sensitive information as well as ensuring only collecting necessary personal information,’ a spokesperson said.

Key Takeaways

• Hackers managed to steal $1.2 million from a family-owned business based in Grafton.
• The hacker posed as an employee from National Australia Bank (NAB) and convinced the business's accounts manager to give them access to the business bank accounts.
• NAB has since recovered $84,000 but has stated there is no chance of recovering any more of the stolen funds.
• Bastien Treptel, an ex-hacker turned cyberspace security consultant, said that small businesses are increasingly targeted by hackers due to their weaker security systems and easier access to funds.

Members, how do you ensure the security of your accounts or devices against hacking attempts? Share your insights and best practices in the comments below!

 

[Nannymoore1]

At the SDC, safeguarding our funds against theft and fraud isn't just a priority—it's a commitment.

So today, we’ll share a story highlighting the unpredictable ways in which theft and fraud can arise and offer insights from a former hacker who is now dedicated to strengthening business cyber defences.

Recently, Paul Fuller's Grafton-based earthworks company almost lost close to $1.2 million when hackers tricked their accounts manager into sharing the business's bank details over a call.

The man on the other line said he was Mike from National Australia Bank (NAB).

Having previously interacted with a Mike from NAB in Coffs Harbour, no one in Mr Fuller's company was suspicious.

View attachment 32260

The Australian Cyber Security Center (ACSC) receives an average of 164 cybercrime reports daily, amounting to one report every 10 minutes. Image source: Pixabay

‘He knew who had been paid the day before in our normal weekly pay run, he knew everyone we paid and the amounts,’ Mr Fuller said.

‘Mike’ tricked the accounts manager into giving him access to the business bank accounts.

‘He said there'd been fraudulent activities, and he needed to check things out and, bang, the money is gone.’

Mr Fuller recalled that in just a few minutes, the hacker had taken $1.2 million from the company's bank account, almost causing the business to collapse.

‘They (NAB) did get some money back but not nearly as much as went missing,’ Mr Fuller said.

NAB managed to retrieve $84,000 but informed Mr Fuller that further recovery was unlikely.

The financial strain has been immense.

Mr Fuller mentioned he's finding it hard to keep the business running.

‘Twenty-five families rely on us; I lie awake at night wondering how I'm going to keep going,’ he shared.

Mr Fuller notified both the police and the banking ombudsman about the incident, but he isn't optimistic about recovering any more of the money.

‘We now have lots more checks in place, including not talking to anyone from the bank except our bank manager,’ he said.

Mr Fuller advised other businesses to stay alert.

‘The banks never ring you and ask you those questions, so don't give out any information to anyone,’ he stressed.

Ex-hacker turns over a new leaf

At 14, using a late 90s PC and dial-up modem, Bastien Treptel broke into one of Australia's major banks and stole the details of 40,000 credit cards.

By the age of 17, the police approached him with an ultimatum: serve time in juvenile detention or help the police in identifying cybercriminals.

‘I think it was more a bit of an embarrassment for the banks, so they didn't really want to press charges. It was more the police that went after me,’ he said.

Over the following 14 years, Mr Treptel ran his own company helping other businesses protect themselves.

View attachment 32259

Bastien Treptel is now collaborating with brands to raise awareness about cyber and digital crime. Image source: LinkedIn (@bastien-treptel-80a38747)

He said that hacking, much like ‘cancer,’ is something people believe won't happen to them.

‘One in three people are part of a cyber attack,’ he pointed out.

‘People think they're going to be provided support by the banking system and the government, and they're just not.

‘Only [four] per cent of Australians are getting their money back.’

Why small businesses are targets

Mr Treptel warned that small businesses are more accessible targets for hackers.

‘They generally have less security, they generally have easy funds to access, they might only have one person to sign at the bank, they use things like mobile phones, identities,’ he said.

Mr Treptel noted that hacking techniques are now more advanced than many business owners recognise.

‘It used to be that a hacker might target one or two businesses, but now I can use an artificial intelligence-based tool, and I can do that to 50 businesses overnight,’ he said.

He said that nowadays, you don't even have to open a malicious email or file.

‘If you use Outlook as a browser or even Gmail, it's got the option to automatically download pictures, if you turn that on, you're at risk,’ he said.

‘So just by downloading a picture onto your computer, we can get it to run code, and that code can infiltrate your computer.’

He also mentioned that AI can alter bank details in invoices found in PDF files. Devices like smart TVs also pose risks.

‘Printers, TVs, if you've gotten smart air conditioners—all these things have an IP address, and all of them are an entry into your life and business,’ he pointed out.

Mr Treptel emphasised the importance of two-factor authentication.

ID Support NSW, the state's agency aiding identity theft and hacking victims, stressed the significance of businesses enhancing their cybersecurity.

‘[This includes] mandating strong and complex passwords for all accounts, assessing the security of any third-party systems in use, limiting access to sensitive information as well as ensuring only collecting necessary personal information,’ a spokesperson said.

Key Takeaways

• Hackers managed to steal $1.2 million from a family-owned business based in Grafton.
• The hacker posed as an employee from National Australia Bank (NAB) and convinced the business's accounts manager to give them access to the business bank accounts.
• NAB has since recovered $84,000 but has stated there is no chance of recovering any more of the stolen funds.
• Bastien Treptel, an ex-hacker turned cyberspace security consultant, said that small businesses are increasingly targeted by hackers due to their weaker security systems and easier access to funds.

Members, how do you ensure the security of your accounts or devices against hacking attempts? Share your insights and best practices in the comments below!

 

[Keswickian]

Undertake your own security check with the caller.
Ask for their name, job position, location or branch address, phone number etc. Tell them you'll phone them back and hang up. Then phone the bank on a number you know to be correct and ask for that person.

 

[Silverfoxed]

Undertake your own security check with the caller.
Ask for their name, job position, location or branch address, phone number etc. Tell them you'll phone them back and hang up. Then phone the bank on a number you know to be correct and ask for that person.

Just to add to this - for the trusted number look at the back of your Bank's card - that is the number you should call if you have a concern about a supposed Bank call......

 

[Ezzy]

Knowing hackers can use an IP address to get into our private information makes me uncomfortable.

 

[Aidal]

Navigating the crypto landscape is like exploring a digital frontier, and having a secure wallet is your trusty map and compass. Enter OWNR Wallet, a virtual vault that doesn't just keep your crypto safe but turns the security game into an art form. In this crypto wild west, OWNR stands tall as the reliable sheriff. It's not just about storing coins; it's about having a versatile sidekick that can dance with nine different coins, manage the ERC-20 tokens like a maestro, and keep an eagle eye on BTC price movements. Picture this: OWNR is like a bouncer at a high-tech club, making sure only the right currencies get in, all while ensuring your transactions are smoother than a perfectly executed moonwalk. And hey, you can even buy crypto with a card, turning the process into a financial tango. So, fellow crypto pioneers, if you're in the market for a wallet that's not just secure but a downright crypto maestro, check out OWNR Wallet. It's not just a wallet; it's your partner in this digital expedition.

Unfortunately there are tons of methods when hackers can get into regular people's private information and frankly speaking there are not a lot of ways to protect oneself against it.