Archives for : GOVERNMENTS

Fraudsters steal $50,000 from Queensland university

Fraudsters have stolen tens of thousands of dollars from a Queensland university, prompting a warning from the state’s auditor general Brendan Worrall.

The Queensland Audit Office revealed there had been an increase in external attempts to divert employee and supplier payments to illegitimate bank accounts across the sector.

Universities have been warned about increasing attempts to switch bank account details to gain access to employee and supplier payments.Credit:Reuters

In one case, Griffith University did not adhere to processes to independently verify requests to change existing supplier bank account details, resulting in a “small fraudulent payment” last year, an Audit Office report revealed.

A fraudulent request was made by an external source to change an existing supplier’s bank account details and divert payments to an illegitimate bank account.

Griffith University vice-president of corporate services Peter Bryant said an external supplier was hacked, resulting in a $52,000 loss last financial year.

“Griffith University takes fraud prevention very seriously,” he said.

“Last year, the university commissioned an expert review and adopted all recommendations to strengthen fraud prevention measures.

“New measures include improved staff training, business processes and additional bank account checks.”

The Queensland Audit Office recommended universities verify bank account detail changes for suppliers and employees through an independent source, not the person who requested the change.

In addition, the Audit Office found electronic funds transfer (EFT) files were not appropriately secured at Griffith University and the University of Southern Queensland.

Henry Sapiecha

Over 746,000 NHS phishing emails blocked in a 30 day period

The National Cyber Security Centre blocked more than 746,000 NHS phishing emails in one month in 2017


More than 746,000 phishing emails pretending to be from the NHS were blocked in just one month in 2017, the National Cyber Security Centre says.

A report on the first year of the GCHQ unit’s cyber-defence programme found that it removed 121,479 phishing sites hosted in the UK.

This reduced the UK’s share of global phishing attacks from 5.3% to 3.1%.

Three-quarters of UK government-related phishing sites were taken down in 24 hours.

Phishing emails trick users into visiting websites that impersonate known brands and ask the user to log in to their account.

This enables attackers to gather confidential login details or financial information.

Phishing emails are also used to trick people into opening malicious email attachments that install malware on their computers.

The methods of reducing phishing involved using various security scanning systems to perform millions of tests on government websites and emails being sent in and out of government networks.

‘Simple things’

“What they’ve done is not brain surgery – the technology’s been around for a while, but they’ve managed to persuade various government departments to do the simple things to reduce cyber-security threats dramatically,” cyber-security expert Prof Alan Woodward, from Surrey University, told the BBC.

“Phishing emails from HM Revenue and Customs (HMRC) used to be the most common emails you’d see, but they got the HMRC to put the technology in place, and the spoofing emails dropped to zero in a matter of days.”

Cyber-security expert Graham Cluley said that technologies used were not new, but the NCSC’s efforts had produced “impressive results”.

“Of course they won’t have caught every phishing attempt, but they will have helped stamp out many of the most convincing attacks,” he told the BBC.

Martyn Thomas, Gresham College’s professor of IT, agreed: “I think their success rate on stopping really legitimate-looking spam is really high and they are to be congratulated.”

While Prof Thomas felt that the NCSC would benefit from having a “longer-term vision” when it came to cybersecurity, he felt the fact that the government agency could gain intelligence from GCHQ on potential cyber-attacks gave it an edge over commercial cybersecurity contractors.

NHS targeted

Prof Woodward said the NCSC’s work was “an important development” because the organisation was able to close down the opportunity for people to pretend to be from within the NHS, which would help to prevent future attacks.

“The biggest problem is people pretending to be within,” he said. “Whenever you receive something that seems to come from your own network, you inherently trust it.”


Henry Sapiecha