1. The "Fool’s Gold" Marketplace Trap Scammers are flooding social media platforms like Facebook Marketplace and eBay with counterfeit bars.
2. High-Profile Celebrity Impersonation Fraudsters are using AI-generated deepfakes of trusted Australians to promote fake bullion investment platforms.
3. The GST "Missing Trader" Fraud A more complex scheme involves criminal syndicates exploiting tax loopholes to sell "investment-grade" gold.
The Bottom Line: To stay safe, experts advise purchasing only from government-owned entities like the Perth Mint or highly reputable distributors. Checkout moneysmart.gov .au and the investor-alert-list. Ep357 Image created by AI
0 Comments
With laws requiring platforms to take "reasonable steps" to prevent users under 16 from holding accounts, scammers are using the confusion to steal personal data and money. Here are the four primary tactics currently being used:
How to Stay Protected: The golden rule is to Stop, Check, and Protect. Legitimate social media platforms will not ask for payment to verify your age, nor will the government text you threatening fines for using an app. Before clicking any links, go directly to the official website of the social media platform or the eSafety Commissioner to check the actual requirements. If you suspect you’ve been targeted, report it immediately to Scamwatch.gov.au. Ep356 Image created by AI
The biggest shift is the rise of AI-driven deepfakes. Scammers are now impersonating CEOs and suppliers with perfect voices and faces. If a business you use gets fooled, they aren't just losing their own money; they’re handing over your trust—and potentially your private information—to the hackers. We’re also seeing "invisible" attacks where hackers hide inside a company’s own software for months. This means your credit card details or home address could be silently siphoned off long before a breach is even announced. In 2026, small businesses are also being used as "backdoors" to get to the big banks and retailers we use every day, creating a domino effect that puts everyone's privacy at risk. To stay safe in this new landscape, you have to be your own digital bodyguard. Here is your 4 step survival kit:
Call to Action: Don't wait for a "we've been breached" email to arrive. Spend ten minutes tonight turning on Multi-Factor Authentication (MFA) for your primary email and banking accounts. It’s the single most effective thing you can do to lock your digital front door. Ep355 Image created by AI
Data Exposed and Risk: The compromised data included first and last names, physical addresses, email addresses, and phone numbers of an undisclosed number of consumers, Dashers, and merchants across multiple countries (including the US, Canada, Australia, and New Zealand). DoorDash maintains that no sensitive information—such as bank details or social security numbers—was accessed, and they have "no indication" the data has been misused for fraud or identity theft as of mid-December. Company Actions: DoorDash deployed new security enhancements and implemented additional awareness training for employees to prevent future social engineering attacks. The company also engaged an external forensics firm and referred the incident to law enforcement for ongoing investigation. User Caution: The primary area of concern a month out is the potential for highly convincing phishing and smishing (SMS phishing) attacks, so remain vigilant, update passwords, and enable two-factor authentication on all related accounts. Key Takeaway for Staying Safe The most effective way to protect yourself is to never click a link in an unexpected email or text message, especially after a data breach. If you receive a suspicious communication:
Ep354 Image created by AI
But now, the ACMA (Australian Communications and Media Authority) is launching a powerful new defense that hands everyday phone users back the power to trust their texts: the SMS Sender ID Register. How It Protects You Starting July 1, 2026, a fundamental shift is happening in how branded messages (those with names like "AusPost" instead of a number) are delivered:
This will be a breath of fresh air for daily users. The system creates a clear, unmistakable red flag. If you receive a text claiming to be from a major bank but the sender is "Unverified," you immediately know it’s a potential scam and can safely ignore it. So, this new Register shifts the burden of trust away from you and onto the telecommunications companies. It's a critical layer of defense that will help restore confidence in official text messages and, more importantly, make it significantly harder for scammers to trick you into financial harm. For once, not having to worry about an impersonation scam is one less thing to check on your phone. Ep353 Image created by AI
How the Scam Works:
The Clever (and Scary) Part: The instructions that steal your data aren't hiding in a typical file. Instead, they are hidden inside a completely normal-looking image file (a PNG). The malicious code is actually woven into the color data of the image's pixels! Once the malware gets access to your system, it uses special tools to read the image, pull out the hidden code, and then inject powerful tools—called infostealers—onto your computer. These infostealer tools are designed to automatically vacuum up everything sensitive: your stored passwords, banking details, login credentials, and crypto wallet information. All of this is then instantly sent back to the criminals. What You Need to Do: Be extremely suspicious of any full-screen pop-up demanding immediate action. A real Windows Update will never ask you to copy and paste code into the Run window. If you see a prompt like this, close your browser and never follow the instructions. This is one of the most sophisticated scams seen recently, so protect yourself by being cautious about the websites you visit and the commands you run on your computer. Ep352 Image created by AI
The most notorious example is the "USB Rubber Ducky," a device designed to exploit a fundamental trust built into your computer's security. When you plug in a standard flash drive, your computer recognizes it as a storage device. However, the Rubber Ducky is secretly programmed to impersonate a keyboard. Because a computer automatically trusts and prioritizes input from a keyboard, a malicious USB device can instantly and silently inject pre-programmed keystrokes—a keystroke injection attack. In a matter of seconds, this device can execute a complex string of commands: opening the administrative control panel, disabling your firewall, creating a new administrative user account for a remote hacker, or downloading malware, all before you even realize what's happening. This means a $5 bargain USB accessory from an untrusted source, or even a promotional drive found lying around, can completely compromise your system. The lesson is clear: when it comes to USB devices, your vigilance is the first and most critical line of defense. Never plug an unknown or suspiciously cheap device into a computer containing sensitive data. Ep351 Image created by AI
The Problem: 'Nudify' Services in Schools This is not a niche problem: the websites in question were attracting around 100,000 Australian visitors per month and have been identified as being used to generate explicit deepfake images of students within Australian schools. The eSafety Commissioner, Julie Inman Grant, highlighted the app's alarming lack of safeguards and its deliberate marketing of features that encourage CSEM creation. This included explicit "schoolgirl" and "sex mode" options, making it shockingly easy to take an ordinary photo and sexualise a child in seconds. The resulting deepfakes are often highly realistic, causing incalculable psychological and emotional harm to the young victims. Reports of digitally altered images targeting children have more than doubled in the past 18 months, with four out of five reports involving the targeting of females. The Solution: eSafety’s Enforcement Action Australia’s eSafety Commission is helping to stamp out these problems using the strong regulatory powers under the Online Safety Act.
eSafety urges any Australian who has experienced image-based abuse (including deepfakes) to report it on their website. For allegations of a criminal nature, always report to local police first, and then to eSafety. If you want to hear more about how the eSafety Commission is dealing with the broader issues of AI-generated harm, check out this video: Australia's world-first move to protect kids from harmful AI chatbots | 7.30. This video discusses the eSafety Commissioner's efforts to regulate AI tools, which is the same body taking action against the deepfake image websites. Ep350 Image created by AI
The most insidious cold calls involve scammers impersonating Commonwealth agencies like the Australian Taxation Office (ATO), Centrelink, or even the Australian Federal Police (AFP). Their scripts usually run one of two ways:
What to Do When You Answer A legitimate Australian government body will never phone you out of the blue to demand money. Here are the three steps to protect yourself:
Ep349 Image created by AI
What Is Promptware?
What Can It Do?
How to Stay Safe
Ep348 Image created by AI
The Rise of a Global Threat Cybercriminals have turned the QR code into a new weapon. They can easily print fake QR code stickers and place them over legitimate ones on public surfaces like parking meters, train stations, or even utility bills. They rely on the victim being in a hurry, with the urgency of a payment or transaction overriding their caution. When the unsuspecting user scans the fraudulent code, they are redirected to a malicious website designed to steal personal information, download malware, or trick them into making an unauthorized payment. This low-effort, high-return tactic is gaining traction as traditional email phishing campaigns become less effective. A study by the cybersecurity platform KeepNet Labs found that 26% of all malicious links are now sent via QR code. The appeal for criminals is the ease with which the scam operates and the user's inability to verify the destination URL just by looking at the code. Why We Fall for It A significant factor contributing to the success of quishing is user trust. A global study by Malwarebytes found that 70% of iPhone users have scanned a QR code to begin or complete a purchase, compared to 63% of Android users. The researchers suggest that the high trust in their devices may cause some users to let down their guard. The same study found that 55% of iPhone users and 50% of Android users believe their devices can keep them safe from cyber threats, highlighting a pervasive and dangerous overconfidence. Experts warn that even stylized QR codes with company logos can be easily copied by cybercriminals, creating a false sense of security. Attackers can even use these codes to infiltrate critical networks or distribute remote access Trojans (RATs), a type of malware that allows hackers full access to a device. As a result, quishing isn't just a risk for consumers; it's a threat to corporate and government security. The Cat-and-Mouse Game of Security The battle against quishing is an ongoing one. Some institutions, like the Children's Museum of Indianapolis, are fighting back by using stylized QR codes and regularly inspecting them for tampering. At the same time, researchers like Professor Gaurav Sharma at the University of Rochester are working on developing "smart" QR codes with built-in security features. However, as a cybersecurity professional noted, "QR codes weren’t built with security in mind; they were built to make life easier." This makes them a perfect tool for scammers. As long as attackers can easily compromise legitimate documents and public surfaces by simply pasting a fake QR code over a genuine one, the onus remains on the user. The best defense is to exercise caution: avoid scanning unwanted or unexpected QR codes, and if you must, always check to see if your phone's camera app displays the full URL before you click on it. Ep347 Image Source: Licensed by Google
"It's like having a little tutor and best friend all rolled into one," says one parent, showcasing her daughter's new "Proxima Bear." "The interactions are surprisingly genuine, and my daughter absolutely adores it." However, the warm feelings quickly turn to questions about data privacy. Every conversation and every shared secret generates a trove of data, raising serious concerns about what happens to that information. Privacy advocates worry that if not handled carefully, this data could pose significant risks. Developers are racing to address these fears, implementing safety features like:
Despite these efforts, consumer watchdogs remain concerned. "We've seen how quickly privacy policies can change and how vulnerable cloud data can be to breaches," warns one expert. "The emotional bond children form with these toys could make them particularly susceptible to exploitation if safeguards aren't rock-solid." As these AI companions become a household staple, the debate intensifies. The challenge is to design a future where the innovation of AI doesn't come at the cost of safety, privacy, and the very innocence it seeks to enhance. The line between a comforting friend and a data-collecting device is a delicate one, and society is just beginning to figure out where to draw it. Ep346 Image created by AI
Malwarebytes Mobile Security for Android offers several features to help protect against phishing messages and other scams. The key features for this type of threat are its Anti-Phishing Alerts and a newer, AI-powered tool called Scam Guard.
How it Works The app works by continuously monitoring your device and its activity. For phishing links, it checks the URLs you're about to visit against a database of known malicious sites. If a link in a message is identified as suspicious, Malwarebytes will warn you before you can proceed to the site. The Scam Guard feature goes a step further by providing a way for you to actively check things you are unsure about. This is particularly useful for scams that don't involve a malicious link but instead try to manipulate you into giving up information or money. Free vs. Premium While some basic features like a manual virus scan may be available for free, a premium subscription is required for real-time protection, which is what is needed for the anti-phishing alerts and web protection. The Scam Guard feature is also available as part of the Malwarebytes Mobile Security app. In addition to phishing and scams, the Malwarebytes Android app also provides:
Ep345 Image Source: Malwarebytes
Just as we've come to accept that our voice assistants might be listening for commands and pushing ads our way, it's time to extend that scrutiny to every app on our phone. Many apps, even seemingly innocuous ones, can demand excessive access to your device's features and data. The Hidden Dangers of Over-Permissive Apps When you grant an app permission to access your microphone, camera, contacts, or location, you're opening a door. While some permissions are essential for an app's core functionality (e.g., a camera app needs camera access), many others are not. Granting unnecessary permissions can lead to:
Cybersecurity experts frequently find that many apps request far more permissions than they actually need. It's a common practice for developers to cast a wide net, and for users to click "Allow" without fully understanding the implications Check Settings -> Security and Privacy (Android and Apple) -> Permission Manager. You can then tap Camera and see what apps have access and change/update. Also check Location, Microphone, Contacts, Calendar, etc… Ep344 Image created by AI
These platform-based password management tools have come a long way from being simple browser autofill features. They've evolved into surprisingly capable, often cross-platform, solutions designed to simplify our digital lives. The Upside: Convenience and Integration For many users, the appeal of these free options is undeniable. They come with several compelling advantages:
The Downside: Limitations and Niche Use Despite their growing capabilities, these built-in managers do come with certain limitations, particularly when compared to dedicated, paid password management services:
So, Should You Use Them? The verdict largely depends on your digital habits. For users who are not particularly tech-savvy, or those with relatively simple online needs and a strong preference for staying within a single ecosystem (e.g., an all-Apple household or someone who lives entirely in Google's cloud), these platform-based password managers are a perfectly viable and secure solution. They offer a significant upgrade over reusing simple passwords or writing them down. However, for individuals who frequently switch between different operating systems or browsers, manage a high volume of complex online accounts, or require advanced features like secure sharing or password auditing, a dedicated, paid password manager might offer a more robust, versatile, and ultimately more secure experience. Ultimately, the best password manager is the one you actually use consistently to generate and store strong, unique passwords. Ep343 Image created by AI
According to cybersecurity firm Bitsight, these cameras are broadcasting video feeds that can be accessed without any form of authentication, encryption, or even the most basic password protection. This means anyone with the right tools or knowledge can potentially view private spaces and activities. The United States appears to be a major hub for this vulnerability, with nearly 14,000 potentially exposed cameras. The states with the highest concentrations of these unsecured devices include California, Texas, Georgia, and New York. Bitsight's Cyber Threat Intelligence team has unearthed evidence suggesting that these unsecured feeds are a hot topic in dark web forums. Cybercriminals are reportedly discussing and sharing methods, tools, and techniques to gain unauthorized access to these video streams. Worse still, access to these unprotected cameras is being bought and sold, highlighting the lucrative nature of exploiting such privacy breaches. Australia is not immune to this widespread issue. Cybersecurity experts and government bodies here frequently warn that many Internet of Things (IoT) devices, including security cameras in Australian homes and businesses, are deployed with inadequate security, often relying on weak or default passwords. This leaves them wide open to exploitation. Actual instances of unsecured camera footage being accessed in Australia have been reported. For example, a rug shop in Cairns was found to be live-streaming its camera footage to a site linked to Russian hackers. Similarly, a mechanic was alerted that his activities were being streamed live online to a compromised website during a home service call. These incidents underscore the tangible risk to privacy and security posed by unsecure camera setups. This incident serves as a stark reminder of the critical importance of cybersecurity best practices, particularly when setting up internet-connected devices. Users of security cameras, whether for personal or business use, must ensure their devices are properly secured with strong, unique passwords, encryption where available, and limited external access to prevent becoming part of this widespread privacy nightmare. Ep342 Image created by AI
The benefits are simple: Phishing Resistant: Passkeys are inherently resistant to phishing. Since you're not typing a password, there's nothing for a fake website to steal. The authentication happens directly between your device and the legitimate service. Simpler Login: No more typing complicated passwords or struggling with autofill. A quick glance or touch is all it takes. More Secure: Cryptographic keys are far more robust than even the strongest human-created passwords. Device-Linked Convenience: Your passkeys are often synced across your devices, making it easy to log in from anywhere you trust. While passkeys are rapidly gaining traction, they're still a relatively new technology, and not every website or service has implemented them yet. This can leave users wondering: "Where can I actually start ditching my passwords?" This is where passkeys.directory steps in. This site helps: Discover compatible services: Easily find out which of your favorite apps and websites now offer passkey login. Learn how to enable passkeys: Many entries on the directory might include quick guides on setting up passkeys for specific services. Stay updated: As more companies roll out passkey support, the directory will provide a live overview of the expanding ecosystem. Ep341 Image created by AI
Whether it's a PIN, password, pattern, fingerprint, or facial recognition, enabling a screen lock on your phone, tablet, or laptop is your first and most essential line of defense against unauthorized access. It’s the digital equivalent of locking your front door; without it, anyone can simply walk in. The Risks of an Unlocked Device:
Choosing the Right Screen Lock: Modern devices offer various options, each with its own balance of convenience and security:
So, make it a habit: Enabling a screen lock takes mere seconds to set up in your device's security settings. Most devices allow you to choose how quickly the screen locks after inactivity (e.g., immediately, after 30 seconds, 1 minute). For optimal security, set it to lock almost instantly. In an age where our devices are extensions of ourselves, protecting them is paramount. A simple screen lock isn't just a recommendation; it's a fundamental pillar of personal cybersecurity. Don't leave your digital life exposed – lock it down. Ep340 Image created by AI
Cybersecurity experts are increasingly sounding the alarm, highlighting the inherent cyber risks that come with such highly sensitive data, particularly the danger of this collected information falling into the wrong hands through data breaches or misuse. This raises a crucial question: are we trading too much privacy for the convenience of knowing exactly where everyone is? For many families, apps like Life360 embody the promise of constant connection and safety – real-time location tracking, crash detection, and emergency alerts. The idea of always knowing where your loved ones are can be incredibly reassuring. However, cybersecurity experts are increasingly highlighting the inherent cyber risks that come with such highly sensitive data, citing past incidents and persistent privacy concerns surrounding these omnipresent tools. These "family safety" applications typically operate by continuously monitoring GPS signals, often enhancing accuracy with Wi-Fi and Bluetooth data. Users form "Circles" to share their whereabouts with chosen contacts, receiving automatic notifications for arrivals and departures from designated locations. While some premium features even extend to identity theft protection and dark web monitoring, the core function—constant location data collection—creates significant vulnerabilities. Reports and analyses have consistently pointed to several critical areas of concern:
While location-sharing apps undoubtedly offer a sense of security, users must critically evaluate the privacy trade-offs and cybersecurity risks involved. It is paramount to meticulously review an app's privacy policy, configure permissions to the absolute minimum required, employ robust and unique passwords, enable multi-factor authentication whenever possible, and remain perpetually vigilant for any suspicious activity linked to your accounts. For families weighing the benefits against the potential perils, exploring alternatives with stronger privacy guarantees or engaging in transparent conversations about data sharing boundaries is crucial. Ep339 Image created by AI
The Cyrillic alphabet has significant relevance for hackers, primarily because of a tactic known as homoglyph attacks (also sometimes called homograph attacks or script spoofing).  Here's why it's a valuable tool for cybercriminals:
So basically, in the past the links were obvious to detect as they go to unexpected addresses. Now they actually look correct but the changes font for particular letters can completely change the destination. How to Protect Yourself
Ep338 This image is used under the Fair Use provision for the purpose of review and commentary. Source: Facebook
The latest tool in the hacker’s arsenal is the SVG file. We should all be wary of email attachments and really be sure of their legitimacy before attempting to open them. There's a new and sneaky way hackers are trying to trick people, and it involves something you might think is harmless: image files. Cybersecurity experts recently discovered a new wave of phishing emails that are using special image files called SVGs to sneak past your email security and steal your information. Think of an SVG file like a super-smart picture. Unlike regular photos you take with your phone, SVGs are actually based on text. This means they can do more than just show a picture; they can also contain hidden instructions, like tiny computer programs. This makes them great for websites because they can look good on any screen size and even be interactive. But now, bad guys are using this clever feature against us. Here's the trick: hackers are putting secret instructions inside these SVG image files. When you open the SVG file (which might look like a simple invoice or a document), those hidden instructions kick in. They tell your computer to automatically send you to a fake website that looks exactly like a real one, perhaps your bank or a well-known online service. Their goal? To get you to type in your usernames and passwords, which they then steal. What makes this so tricky is that many security tools are designed to spot typical dangerous files like Word documents with tricky macros or PDF files. But because SVGs are often seen as innocent image files, these tools might not look inside them for hidden dangers. Watch out for Phishy emails especially as specific events are nearing. Tax time is a good one.   Ep337 Image Source: Screenshot taken by MITE Radio
Your main email account with Google, Microsoft, Apple may be pretty robust, but what if you connect your email to other services like a calendar, to-do list, CRM system. These third party systems may provide hackers a back way into your accounts. So be aware of what's in your email and maybe file some things elsewhere as well as deleting them if they have served their purpose. Consider encrypted cloud storage (Google Drive) or perhaps Vaults Apps like OneDrive and Dropbox. Oh, don’t forget to empty the trash. Ep336 Image created by AI
To sweeten the deal and make you a tad more comfortable, all the data is stored locally on your PC and you can search through it all with the help of CoPilot anytime, even if you are offline… but… Microsoft's "Recall" feature has sparked significant cybersecurity and privacy concerns. While Microsoft has implemented safeguards, the nature of the feature inherently introduces new risks. These include:
So if you’re in the market for a new PC and you buy one with Microsoft-Copilot, consider turning Recall OFF! Ep335 Image created by AI
It used to be quality of service. A third party might not give you the same level of service you had previously and have come to expect, just make a support call to Telstra or Optus or iiNet and you’ll quickly see what I mean. But more scarily, what guarantees do we have that they are doing at protecting our privacy and data? Clearly, they’re not all doing so well. What does that mean for us? We don’t have a choice which 3rd parties our accounts go through, who our data is shared with or even where it is stored. Cybercriminals are increasingly sophisticated, shifting their focus from direct assaults on well-defended organizations to exploiting their trusted partners. These "supply chain attacks" leverage a single point of entry within a vendor's system to gain unauthorized access to multiple, often larger, client networks. This trend is alarming, with figures showing a dramatic surge in such incidents over the past few years. As a consumer, it’s frustrating to feel like your data is at risk due to a company's third-party providers, especially since you have no direct control over their security practices. However, there are definitely proactive steps you can take to minimize your exposure and protect yourself: 1. Be Mindful of What You Share (and Where):
2. Strengthen Your Own Digital Hygiene:
3. Act Quickly When a Breach is Disclosed:
Ep334 Image created by AI
The company released a statement acknowledging that an "unauthorised external party obtained certain consumer data through a third-party customer service provider." Adidas has swiftly initiated containment measures and launched a comprehensive investigation with the assistance of leading information security experts. Crucially, Adidas has reassured customers that "The affected data does not contain passwords, credit card or any other payment-related information." The exfiltrated data primarily consists of "contact information relating to consumers who had contacted our customer service help desk in the past." Previous disclosures regarding the regional breaches in Turkey and Korea indicated that the compromised data included full names, phone numbers, dates of birth, gender details, and email addresses. These regional reports also emphasized that no passwords or financial information were accessed. Given Adidas's vast international reach, with operations in 50 countries and a staggering 303 million members in its adiClub loyalty program, the potential scale of this incident is considerable. If the breach impacts customers who have contacted their help desk globally, millions of individuals could have had their contact information exposed. Adidas has commenced the process of notifying potentially affected consumers, as well as relevant data protection and law enforcement authorities, in compliance with applicable laws. "We remain fully committed to protecting the privacy and security of our consumers, and sincerely regret any inconvenience or concern caused by this incident," the company stated. As of reporting, no threat actors have publicly claimed responsibility for the breach. The incident underscores the escalating risks associated with third-party vendor relationships and the critical importance of robust supply chain cybersecurity. Ep333 Image created by AI
|
AuthorDelve into the world of MITE Radio through our captivating blogs. From music and tech to community news, our articles offer fresh perspectives and behind-the-scenes glimpses. Stay informed, connect with our community, and explore MITE Radio in a new way today! Archives
March 2026
Categories
All
|
RSS Feed