Farms a cyber-crime target

 Edith Cowan University lecturer David Cook is an expert in cyber security.
Edith Cowan University lecturer David Cook is an expert in cyber security.

DO you think you're cyber safe?

Cyber security expert and lecturer at Edith Cowan University David Cook said that people in regional areas were common targets for cyber crime.

And as farm business became more invested in technology and utilised data, Dr Cook said that in the next five years, rural businesses were going to become increasingly at risk.

"I think one of the big issues when I come to rural and remote places is that regional people are so nice and trust people," Dr Cook said.

"They have a different way of life from city people."

Dr Cook said that cyber crime was perhaps more prevalent than other crime, such as theft, but doesn't have the same awareness.

"Cyber crime is one of the fascinating things where you never get to meet the criminal, compared to say a home break-in, where you might see the person or at least realise that you've been robbed," he said.

"In general, our police do a lot better job of tracking down people breaking into houses, than people breaking into computers.

"It's very easy for people to do things you are unaware of."

According to Dr Cook, the criminals who were most interested in stealing agricultural data were from governments and organisations in other countries.

As more data begins to come from farms, with the rise of technology being used, "interest from multi-nationals and other countries' governments will access our data and steal it so they can influence the price of commodities".

"Three years ago, in the State's north west, the price of iron ore plummeted and largely that was on the back of people infiltrating data and stealing it, and they worked out they could lower the price of iron ore - I'm talking about China because in that case, they basically influenced the market.

"So that's the future for us, we have to be careful about what we share.

"Farmers are the way in into multi-million dollar data systems and in a few years when more data is coming from farms, I can guarantee that being relaxed on things like passwords, storage and emails will come back to haunt them."

Passwords

Dr Cook said one of the easiest ways that people could increase their cyber security was through passwords, but they have to be secure.

Using passwords such as the name of a loved one, pet, place of birth, maiden name, birthday or year of birth, address, favourite sporting team are all unsafe as they can be found by cyber criminals on social media or even government websites like Births, Deaths and Marriages and the electoral role.

Dr Cook suggested a method that he has used for 10 years and in that time, has never written a password down.

"I have a passphrase that I carve up into four passwords," he said.

"It doesn't mean anything to anyone, or make any sense but it's my little thing and something I remember - Bye bye Rosie off you go Birmingham western.

"We all have mnemonics in our head that mean nothing at all, so just think of something from the past because they work best."

Dr Cook does use numbers but not his date of birth, address or the number one.

For six months his passwords for all his accounts might be bye bye Rosie!2 and then six months later changes all his accounts to Off you go!3 etc.

"I change my passwords every six months, guaranteed," he said.

"Sometimes it won't let you use the same password more than once but in almost all of our systems, that lasts for up to 24 months.

The cloud

Nowadays many people store their files and photos in 'the cloud', but how safe is it?

"The cloud (that is free) literally means a run down shed somewhere cheap in the world, like India or The Philippines, and it's low security," Dr Cook said.

"If it's data about your farm, then it is critical that it's stored securely.

"The question is how much is your information worth?

"If you use the free cloud for data from your farm, then you are likely putting your security at risk."

Dr Cook said it was only a matter of time until someone hacked into that run down shed, where ever it is, and everyone's data is shared on the dark web, especially if you're password is not secure enough.

"It's important to remember that it's your information on someone else's system somewhere," he said.

"If you want protection, if you want security, the best protection is with yourself and when you don't share everything."

Cyber security risks that are more of a concern to everyone, and less so to farm businesses in particular include:

Baseline security

One of the common issues that impacts baseline security is when people unknowingly give their information to third parties by entering competitions.

Often there are raffles being held by local clubs to win a car or holiday and the entry asks for your name, address, email address and mobile number.

But in the fine print on the ticket, it will read something like 'Please be advised we may use this information and pass it on to a third party'.

The club or charity passes all the ticket stubs onto a third party where the names and information become harvested and are sold to other third parties.

As a result, the club or charity gets paid about $50,000 for doing that and can buy the prize.

So the club is able to make a profit, thinking they are doing it out of goodwill.

But because so many people don't read the fine print, they are then placed on various email lists and that they can't truly unsubscribe from and their data is harvested and sold.

Dr Cook said another issue with baseline security is using free Wi-Fi.

Although it's convenient, especially when travelling overseas, free Wi-Fi that either has no password or the same password for everyone is on a "pancake network".

"It means everyone is on it and can see what everyone else is looking at," Dr Cook said.

He advised to not use free Wi-Fi when overseas to check accounts such as emails and banking and instead find somewhere where you can pay for it.

"The amount of people that target people this way is on the rise, because when you're travelling is when you're vulnerable," he said.

Facebook

"Sometimes people put things up on Facebook that gives up so much information about them," Dr Cook said.

He said cyber criminals would follow what other people put on Facebook about people, as more often than not, that gives away more information, such as comments and tagged photos.

Dr Cook suggested to avoid posting photos while overseas, as cyber criminals will know that's an ideal time to hack your accounts.

Photos taken on your property have a geo-location so criminals can find out where you live.

He also recommended caution when posting photos of children, as there was a chance of them being found by online predators and circulating the dark web.

Online shopping

When targeting people via online shopping, Dr Cook said cyber criminals wait for you to be on an unsecure network or website.

To ensure you're buying something securely, at the point where the money is handed over, the web address should read: https:// - noting the 's', which changes the website to a secure version for making the payment.

If the web address does not have an 's', as some websites might bypass the secure version, simply type it into the address box and click refresh.

Dr Cook said to also check for the padlock which was pictured in the same text box where the web address was, as it acted as another level of security.

"But be careful because some criminals have worked out how to put a picture of a padlock on websites but it's not where it should be," he said.

Dr Cook said PayPal was the most trustworthy method of online payment where the person on the other end can't see your card details.

Emails

"We share a lot of information in emails and spam emails are harvesting data," Dr Cook said.

He recalled an example where a woman responded to an email from an 'African prince', which is a common scam.

She replied to the email asking that the emails be stopped and signed it with her name and location.

"The thieves are only waiting for the last three or four words in her email, because they know a lot about her now and they start to aggregate data about her," he said.

"This is called email harvesting and they will harvest information about farmers of significant properties and businesses are of immense interest to cyber thieves."

Dr Cook also advised to be aware of scam PayPal emails, which ask you to update your PayPal details via a link in the email.

"The only way to do that is to login to the PayPal website, not from a link in an email," he said.

Another key for spotting PayPal email scams, or scams impersonating other organisations for that matter, is to look at the email address it came from.

If it's a scam, it won't be the correct email address.

Telephone

Telephone scams have been around a long time and Dr Cook said most people think they know a phone scam when they hear one.

But he said criminals were becoming savvier, smarter and sneakier about scamming people and stealing their money.

"It's important to not stay on the line with them," Dr Cook said.

"Some people like to joke around or mess with them, but it's best to just hang up."

Dr Cook referred to a common current phone scam, known as the 'Telstra scam'.

It goes something along the lines of a woman operating out of Queensland, she has an Australian accent and there is no delay on the phone line.

"She rings and says your Telstra bill is $11.15 overdue and asks you to pay it how you normally would, be it at the Post Office, BPay etc," he said.

"Then she talks to you, which is so clever and the new way of telephone scams in rural and remote areas and organisations because people talk back and fall for it, apparently they like a yarn.

"It's what we call social engineering, which is the cleverest way to get information out of people and they are experts at it."

Dr Cook said it's more common against women, as they were more likely to have a chat.

"They will agree with whatever you say and massage your ego and make you feel like you've made a friend," he said.

"Then at the end of about five minutes, the conversation will change and she'll get flustered and say 'I was meant to have rung all these other people and now I'm going to be in big trouble with my boss', which will last about 30 seconds.

"The she'll hit you with the punch line: 'If you give me your credit card details, I will put this $11.15 through and I can tell my boss I've moved onto the next one'."

On bank statements the transaction won't read Telstra but something similar like Telstrasoc or Telstracomnet.

"It's just enough to make you think it's Telstra, then every month you will be charged some amount under $15 for the rest of your life," Dr Cook said.

"People have certain limit when it comes to money, they notice being billed for $500 but not $11.15 every month, because we have a certain mindset when it comes to small numbers because we see so many of them in our statements.

"So we know the golden rule for criminals is under $15 and after a while people normalise it."

Dr Cook said the statistics showed about one in 10 people fell for this scam but one in five people in regional locations fell for it.

"It's because they are nice to people, like a yarn and trust people and when they are nice to them on the phone, they like to help them out," he said.

Dr Cook said there was a version of this scam for every utility.