The Cyber Sushi

(serving up the cold facts, with some phish bytes)

Welcome back! Here's what we are covering in this issue…

Privacy Awareness Week: Back to Basics

The start of May saw the commencement of Privacy Awareness Week with a focus on getting back to basics.

So let's celebrate with our Top 10 Tips!

Make your passwords long and strong! A strong password should be at least 12 characters long and include a mix of upper and lower case letters, numbers, and symbols. Remember to keep them unique. Using a different password for each online account is vital so that your other accounts remain secure if one password is compromised. Consider using a password management system to keep track!
MFA everything. Enable Multi-factor or two-factor authentication on all the accounts that accept it. This adds an extra layer of security to your accounts. Remember to keep one-time passwords or codes private from everyone, no matter who they claim to be.
Be cautious when sharing personal information online. This includes being careful when giving out sensitive information such as your full name, address, phone number, driver licence or Medicare card numbers. Be especially careful when using social media, as the information you share there can be easily accessed by others. Be future thinking and consider how the information and photos you post may be used or viewed in the future.
Use Wi-Fi networks sparingly. Public Wi-Fi is often unsecured, meaning anyone on the same network could access your online activity. Avoid accessing sensitive information such as online banking or credit card accounts when using public Wi-Fi.
Regularly review your privacy settings on social media and other online accounts. Check the privacy settings on your accounts to ensure that you are only sharing information with the people you intend to.
Be aware of phishing. Phishing scams are emails, SMS, phone calls or even social media posts that appear to be from a legitimate source but are designed to steal your personal information. Be cautious when opening emails from unknown senders or clicking on links in messages. Look for signs of phishing, such as misspellings or unusual requests for personal information. If in doubt, contact the sender directly using verified contact details.
Keep your software and security measures up to date. This includes regularly updating your operating system, web browser, and antivirus software. These updates often contain security patches and bug fixes that can help protect your device from potential threats.
Stay vigilant and educate yourself on new threats and security best practices as they emerge. This can help you avoid potential threats and make informed decisions about your online activity.
Be mindful of the data that you share with online companies and services. Many websites and apps collect information about your online behaviour and leverage it for advertising and other objectives. Think before clicking "accept all" and consider going with "just recommended".
Tread carefully with third-party access. Be cautious when granting access to third-party apps and services, as they may be able to access your personal information.

Behind the Mask - a guide to trending scams

Travel Visa Scams: Visa scams are becoming more and more prevalent as people ease back into travel. These scams occur when applying for a visa or visa waiver only to discover you have entered your details and/or paid money to a fraudulent website.
Our Tips: When applying for a visa, make sure you take time to do your research first. Be wary of "cheap" or "fast" application processing. Try to use the official government websites, which can be found through DFAT or NZ MFAT. Read more about visa scams and how to protect yourself in the factsheet on our website.

Investment Scams: Investment scams cause the highest financial losses that IDCARE clients experience. these scams typically start on social media, via phishing links or can transition from a relationship scam to an investment scam. Often an investment scam will take place through a legitimate-looking website and with the guidance of a "dedicated" advisor. These scams generally centre around cryptocurrency investment, such as Bitcoin.
Our Tips: Always do your research before engaging with an investment opportunity. Take your time, and don't be pressured or rushed into committing. Discuss the opportunity with friends and family and your bank or financial institution. For more information on investment scams, check out our factsheet.

The CROC Spot: Northern Territory

IDCARE recently had the pleasure of partnering with Neighbourhood Watch NT, providing free scam prevention and cyber safety presentations across the Northern Territory during April.

The CROC team had their first presentation at the Yulara Community Shed and two community sessions at the Alice Springs Town Council. Participants were highly grateful for and interested in the key takeaways; stop, pause and think and helpful tips like multi-factor authentication and password management. One participant described a recent PayID scam that her university daughter fell victim to; she lost $1000 and was extremely distraught. The CROC team were able to explain the fraud and break it down, and provide some tips to stay safe.

The CROC team received a warm welcome from the beautiful Santa Teresa community, where not only did they get a chance to share some of IDCARE's tips and tricks on cyber safety, but they were able to provide some advice to organisations and their representatives on how to safely support community members navigating safely online. Thank you, Santa Teresa!

Engagements in Tenant Creek, Katherine, Palmerston, Darwin and Nhulunbuy were up next and were all gratefully received. Casuarina library participants were lively and kept the team busy with various questions ranging from data breaches and how they work to antivirus software and how spoofing works! A highlight was the school engagement with the Year 5/6 students at Anula and Jingili primary schools. It's never too early to learn password management and cyber safety!

Thank you to NT Neighbourhood Watch, it was a pleasure working with you, and we hope to do it again soon.

Coming up in CROC

At the same time the HQ team hit the NT, our roving clinician has been travelling through WA!
Take a look at where the team will be next! Keep an eye on our website for locations and times of our free community events. Come along and learn about scams, cybercrime and identity theft and how to navigate safely online.

The hAPPy score

Temu: Shop Like a Billionaire (with a side of risky business?)

Fancy a shopping spree? As the pandemic closed down some of the brick-and-mortar shopping centres, we found a new normal and moved online. However, even as things have opened up again, many people have found they enjoy the convenience of online stores (Queues? What are they? The battle to find a parking spot? No way!). This brings us to Temu (pronounced "tee-moo"). Temu opened its virtual doors in Australia and New Zealand not long ago, on the 13th of March, 2023. Since then, they have shot to the top of the "shopping" category, holding the top spot on both the Apple App Store and Google Play. So who are they? Are they reputable and safe?

The legal spiel

How much ease in the legalese? (one star equals complicated)

16 thousand words will take you over 2 hours to read at an "average" pace. That's the length of Temus' Terms and Conditions and their Privacy and Cookie Policy. Though considering the content, it might be worth the read.
A big issue with Temus' terms and conditions is quite a broad sweep regarding indemnification. They disqualify any items sold through their service from warranties and remove themselves from any fault relating to the misuse of the information you provide to Temu or third parties. Over the Privacy and Cookie Policy, there are two main concerns. The first has to do with the identity credentials they say they gather (specifically government-issued identity document numbers and a photo of the document - though it's unclear when Temu gather these in the account activation or purchasing process), and also a lack of clarity around how long they hang on to your personal information after you have deleted your account. When considered hand in hand with their terms and conditions, this could be cause for concern.

Pervability

How much they’re looking at you (one star meaning a lot)

It is unclear why Temu may request government identification document numbers. This may be only for sellers, though it does cause some concern.

The Scamometer

How easy is your account to hack? (One is super easy, five is Fort Knox)

A significant positive in Temu's favour is its range of payment methods. These include reputable options, including PayPal and Apple Pay. However, once again, considering the terms and conditions, it is difficult to have complete confidence in Temu after reading their indemnification policy. Remember that Temu is similar to platforms like Etsy, connecting sellers with a paying audience.

The two-left thumbs rating

Can grandma work out how to do it? (One star means "no way", five is "of course she can")

Temu follows the style of most other online shopping apps, making it generally user-friendly regarding navigation and purchasing. However, one downside to Temu's user-friendly nature is the sheer amount of stock on their site and the business of the interface, making it potentially overwhelming.

Because everyone needs a… quick history lesson

There isn't much history to be had with Temu itself; however, there is a bit with their parent company, "Panduoduo", also known as PDD Holdings, founded in 2015. Unfortunately, not all of it is good. PDD Holdings is a Chinese agricultural e-commerce store who have begun to dabble beyond the farm yard, including the birth of "Boston-based" Temu. Panduoduo has been involved in several controversies. Most recently, they landed on the naughty list in the United States 2021 Review of Notorious Markets for Counterfeiting and Piracy. Then in 2023, Google Store removed the Panduoduo app after finding malware in a version of the app. Only time will tell if Temu is a chip off the old block, following in its parent's footsteps, or if it will step out of Panduoduo's shady shadow.

The final countdown: (dunna na… dunna na na na..)

Most things in Temu cost less than $10, and by the looks of the reviews, the quality of the items follows the saying, "You get what you pay for". If you plan to make the most of the cheap products in Temu, be cautious and make the most of secure payment methods. Be aware of the requirement to provide sensitive information, including identity document numbers, especially considering Temu is a conduit for third-party sellers. This poses a risk!