Bushfire charities targeted by cyber criminals
Charities have been forced to bring in cyber security experts to deal with fraud as ‘bots’ target the sector in the wake of the devastating bushfires.
Security
Don't miss out on the headlines from Security. Followed categories will be added to My News.
- Aussies reject ‘tax holiday’ amid fire, coronavirus fallout
- Stop hating on Celeste Barber. She’s a national star
Charities have been forced to bring in cyber security experts to deal with fraud with ‘bots’ targeting the sector in the wake of the bushfires.
Smaller charities who are under resourced and Instagram pop-up fundraisers are particularly vulnerable and experts warn the entire sector needs to arm itself in the battle with bots.
“If you’re not fighting bot attacks with similarly sophisticated methods, you’re bringing a knife to a gunfight,” F5 Networks executive vice-president Kara Sprague said.
It comes as a new report from the Australian Government’s Cybercrime in Australia reveals there is a cybercrime report every 10 minutes with an average of $6000 lost each time, more than $890,000 in reported losses each day and $328 million lost each year.
In the latest Australian Cyber Security Centre data, Victoria received the greatest proportion with 26.4 per cent of reports made to ReportCyber in July to September last year, followed by Queensland, 26.1 per cent and then New South Wales 25.6 per cent.
Identity theft and online fraud are the two most commonly reported cybercrime categories, making up over 40 per cent of reports received by the ACSC over the quarter.
Cyber criminals would continue to target Australian charities after this year’s bushfire appeals, security experts warned, and most will have no option but to spend public donations on fraud protection and prevention.
Noel Clement, Director Australian Services, Australian Red Cross, said the global charity has been forced to bring in fraud experts in to ensure that the money is getting to the right people.
“We are making sure we are smart about fraud and having experts in because we don’t want to hold up process for everyone else,” he said.
Mr Clements said they had a number of people trying to defraud the charity – from bots flooding the system early on and, in other cases, identity fraud.
“We are carefully working through that and some we know are suspicious and those ones we will be referring to police.”
Red Cross confirmed all funds received for the bushfires have been allocated and are being distributed for the bushfire response.
The Salvation Army’s Craig Tucker, TSA Chief Information Officer, said they have also upgraded their IT security systems in response to the new threat.
“It’s a necessary investment in today’s world and our IT department includes a head of Cybersecurity, a role that recognises the need to have someone always focused on the robust defence of our mission critical information systems,” he said.
Dr Gary Johns, from Australian Charities and Not-for-Profits Commission, said smaller charities or social media fundraisers, even those with the best intentions, can face extra challenges.
The $52 million raised by comedian Celeste Barber for the RFS is currently in legal negotiations due to strict charity laws and Australian influencer Sarah Stevenson, who has a
YouTube channel “Sarah’s Day, with 1.38 million subscribers and 1 million followers on Instagram, was forced to prove she donated the nearly $400,000 raised.
“She has had to provide proof of money’s donated due to low life’s contacting the ACCC thinking she was a fraud. It’s a shame because of the lack of trust some have mixed with “Tall Poppy syndrome,” her father wrote.
“Can you believe there are actually people out there that believe she is doing this as an act of marketing, self-promotion and in some cases honestly think she is pocketing some of the moneys been given. “
Dr Johns said that all charities needed to be wary but particularly smaller ones that may not have robust systems in place, although he was not specifically referring to Ms Barber or Ms Day
“We had this in two cases, charities raising money for drought, raised huge amounts of money and then they had a problem,” he said.
“We were called in as people complained about how they money was being used.
“They had no idea how to get the money out the door.”
“Because we all live on the internet we tend to click and promise things to people without checking.”
Check Point cyber security expert Ashwin Ram said bot attacks and compromised accounts had also become much more difficult to pinpoint, as criminals used cloud services to mask their real locations.
He said Australian charities should brace for a rising number of attacks, and for threats to charitable organisations of all sizes.
“The landscape has evolved and any firm who deals with financial interactions will be targeted.”
Originally published as Bushfire charities targeted by cyber criminals