Online Security

Information on protecting yourself from spam, internet phishing scams and setting a strong password as well as important information regarding PABX security.

SPAM – What you can do to reduce it appearing in your in-box.

We’ve all been exposed to spam and we know it’s unavoidable in the online world of communication.  The industry has many tools in place to reduce the spread of spam such as Real-time Black Lists (RTBLs) blocks addresses used by spammers to send bulk emails.  However, even with these strategies in place spam still keeps arriving in our in-box.

In general spammers are not out for financial gain but rather get a kick out of being a huge annoyance.  One way they distribute large amounts of material is to access email address within the Pacnet network. Although we actively work to shut down spammers you have the power to help put a stop to spam. By putting in place a few simple steps you can immediately reduce the impact of this major issue.

Looking to stop spam?  Here’s what you can do.

Use a strong password

Email account hacking is the primary method spammers use to get access to an email address to send high volumes of emails.  A recent report from data security provider Imperva estimated that a weak password means a hacker can access a new email account every second or 1000 accounts every 17 minutes!

What NOT to use as your password

  • Don’t use the word ‘password’ or any variations (password1, PASSWORD)
  • Don’t use your name or any variations of your name (walter, retlaw, , wAlter, walter0, walt3r)
  • Don’t use your car license plate, room/phone number, date of birth, pet names or anything that people would associate with you
  • Don’t use patterns like 123456, qwerty, ABC123
  • Don’t use default passwords – always change it to something unique
  • All dictionary words and derivatives (including foreign dictionaries)

How to set a good password

  • Use at least 8 characters
  • Passwords should have three of the four character categories below:
    • at least one character is lowercase
    • at least one character is uppercase
    • at least one character is a number
    • at least one character is a non-alphanumeric character in the password (!@#%=&*).
  • Your new password has to be hard to guess but easy to remember, you don’t want to be tempted to write it down this removes its function completely
  • Change your password regularly

Useful tips for setting a new password

  • Add two words together which consist of eight characters but have no connection to each other.  Put a punctuation mark in the middle of the two words and convert some characters to uppercase. For example: ‘Dogs+trEe’, ‘coLouR#me’.
  • Use the first characters of the words of a sentence. When we use the sentence ‘My goldfish are called Justerini and Brooks!’ as an example, we would get the password ‘MgacJaB!’.

Should you be updating your password?

To change your Pacnet password visit our Customer Toolkit.  Once you have changed your password online you will also have to update your email program and any necessary hardware such as your DSL router/modem.

If you have questions about setting a secure password please contact our Technical Support team on 13 36 39 they have some great tips.

Don’t fall victim to phishing scams

Phishing is becoming the most prevalent fraudulent activity of the Net with major financial institutions and online entities around the world continually being targeted by phishing scammers. There are simple steps you can take to protect your business and customers from phishing scams.

What is phishing?

Phishing involves attempting to trick people into providing sensitive personal information such as passwords, credit card numbers and banking details by masquerading as a legitimate company via email. These con artists send millions of ‘fake’ emails that appear to come from websites or companies that you know and trust, such as your bank or ISP, and ask you to provide personal details.

Phishing emails appear to be genuine as they tend to include the targeted company’s real logo, style and message format. They often use fake URLs and email addresses that seem to be coming from the real organisation they are attempting to imitate.

Once armed with your personal details, these scammers can go on to steal your money, or even your identity.  When a phishing scam is aimed at Pacnet customers, our networks are used to send spam.

The repercussions are enormous, with some victims of identity fraud spending years trying to clear their name and restore their damaged credit ratings.

How do I recognise a phishing email?

Prevention is always better than a cure, so the best form of protect for your business is to teach your staff and customers how to recognise a phishing email so that they don’t fall victim.

  1. Unsolicited requests for sensitive information
    View any email messages asking for your personal details with the utmost suspicion. Many phishing emails will even be sent from bank or financial institutes that you are not even a member with. Be aware that is would be extremely rare for a legitimate organisation to request details such as your password, credit card details or date of birth.
  2. Urgent account verification
    Phishing emails often claim that your personal details are urgently required for security purposes or to prevent your account from being closed. Those behind the scams hope that you’ll respond immediately without thinking too much about it.
  3. Bad grammar
    As most of these scams originate from overseas locations, they are often badly written. It is common for phishing emails to be rife with spelling mistakes, typing errors and a complete disregard for basic grammar.
  4. Impersonal
    As these emails are sent out in bulk mail-outs they will rarely address you by your proper name. Common greetings are “Dear customer”, “Dear account holder” or “Dear [targeted institution] customer”. When contacting their customers by electronic communications, most companies address their customers by name.
  5. Link to a spoof website
    Another give-away is that the phishing email will request that you click on a link through to a website that is designed to resemble the targeted organisation’s official website. The fake website will use the same fonts, logos, style, images and navigational structure of the genuine site. Once re-directed to the site, you may be instructed to enter your user name and password, or other forms of personal details which are collected and used by the criminals behind the scam.

Protect your business from phishing scams

There are some simple steps you can take to protect your business and customers from phishing scams.

  • Don’t respond to ANY email that request personal details – online account user names and/or passwords, credit card numbers, date of birth, banking details etc.
  • Immediately delete any suspicious or unsolicited emails.
  • Don’t reply to phishing emails or attempt to contact the senders.
  • Don’t click on links in suspicious emails or open any attachments.
  • Report any suspicious emails to your provider but do not contact them via any phone numbers or email addresses supplied in the email. Type in their website address directly into your browser to find their contact details.

If you have further questions on how to protect your business from phishing scams please contact our Technical Support team on 13 36 39.

Phone Hacking. Is your PABX secure?

Phreaks, PABX hackers and shoulder surfers are just a few of the names for people who fraudulently access phone systems and cost Australian companies millions of dollars each year.

These attacks are known as “Toll Fraud” and are a real and serious problem for many businesses. Some companies have been stung for $1 million in a single attack when their phone system is tapped into and large volumes of calls are made at the expense of the unknowing business.

So what motivates these hackers?

Toll fraud can mean big business and big money. A hacker can access an unprotected PABX system by dialing in remotely to use it for fraudulent means.  Free calls can be on sold by organised crime syndicates to make large profits. Or the attacker may be intent on damaging your company reputation.

So, what can you do?  To minimise your risk we suggest you implement a few countermeasures.

What simple steps can you take to protect your business from being attacked?

  1. Change all default passwords on remote access to PABX and voice-mail systems. Avoid using passwords such as 000 or 1234. Make sure all access codes and passwords are secure and not easily accessible by all staff.
  2. Implement a policy of monthly changes to personal voice-mail and remote access pins
  3. If voice-mail features such as remote access and international call forwarding are not required by staff, turn them off. Voice-mail is vulnerable to hackers and can easily be accessed to manipulate your PABX.
  4. Potentially disconnect remote programming such as DISA (Direct Inward System Access) which is only required by technical staff to connect remotely via a modem to carry out PABX changes.  Either limit this access or turn it off completely if or when it’s not required.
  5. Monitor your call costs and destinations – if your system is under attack you could catch it before it gets out of hand and costs your company thousands of dollars.
  6. Restrict long distance and international calls to specific staff who require this call type.  If they no longer require access reflect this in your call settings.
  7. Restrict call forwards to long distance numbers and only forward to mobile numbers that are registered in your system.
  8. Make the best use of your inbuilt security settings.  Your PABX provider will be able to help you to maximise these settings.

Who is being attacked?

Hackers do not discriminate between small and large businesses. All PABX systems are at risk unless the appropriate security steps are taken. Don’t wait for an attack, act today to protect your business from a potentially crippling attack. Why wait to be hit with a huge phone bill?

Who is liable for the call costs if you’ve been attacked?

You are responsible for ensuring that your PABX system is properly secured. Pacnet does not have access your system or provide PABX maintenance services. As each PABX system is different, we suggest you speak directly with your PABX provider to discuss your security options. They will be able to assist you with further information.