$38m lost in online scams; Watchdog warns of data leaks; 7-Zip flaws revealed

Almost $85 million was reported lost to the ACCC’s Scamwatch in 2015, according to the commission’s Targeting Scams Report, released earlier this week. Online-related scams accounted for $38 million of the money reported lost.

The Scamwatch website presents statistics based on data provided to the ACCC by people affected by scams. According to Scamwatch’s stats about 2015 money lost to scams in 2015, Australians reported losing $17,756,275 to scams delivered via the internet, $16,006,630 to those delivered via email, $3,811,429 to social networking scams and $918,784 to scams delivered via mobile applications — combining to make an online-related total of $38,493,118.

Money was also reported lost in scams delivered via offline methods such as phone, mail, text message, fax and in person.

The total losses reported to the ACCC for 2015 across all categories — online and offline — was a little under $85 million, meaning the online-related categories made up a little over 45% of all scam losses in that year. The remaining 55% was lost in scams delivered via offline methods or means not specified by the person reporting the scam.

This total of $85 million was an increase over the near $82 million reported lost for 2014. The number of scams reported also increased, from 91,600 in 2014 to 105,200 in 2015.

“[T]he ACCC is urging the community to ‘Wise Up to Scams’ following a $3 million increase in scam losses reported to the ACCC and a 15% increase in complaints. In particular, we are encouraging older Australians to wise up and watch out for scams that target them so they don’t have their hard-earned savings stolen,” ACCC Deputy Chair Delia Rickard said.

CCC warns public sector employees

The Queensland Crime and Corruption Commission (CCC) has warned public sector employees in the Sunshine State of the consequences they may face if they access a person’s private information without proper authorisation or purpose.

The CCC said in a statement that unauthorised access and disclosure of sensitive and confidential information is not just an invasion of privacy but may also be a criminal offence or grounds for a CCC investigation.

CCC Executive Director, Corruption, Dianne McFarlane said: “Confidential information is entrusted to an agency for lawful purposes, not for the personal use of its employees. Unauthorised access and disclosure can adversely affect projects, give unfair advantage to a person or entity, breach a person’s privacy and will damage the reputation of the agency involved.”

The CCC said that since 1 July 2015, it has finalised 15 corruption investigations related to the abuse of confidential information and that these investigations resulted in 81 criminal charges and 11 recommendations for disciplinary action.

The commission said that allegations of misuse of information are growing more common, currently representing 11.5% of all allegations of corrupt conduct received by the CCC — an increase from the 7% observed in 2014–15.

Exploitable vulnerabilities found in 7-Zip

Cisco’s Talos threat intelligence and research group has reported the existence of several exploitable vulnerabilities in the 7-Zip open source file archiving software.

“Sadly, many security vulnerabilities arise from applications which fail to properly validate their input data. Both of these 7-Zip vulnerabilities resulted from flawed input validation,” a Talos blog post read.

“Because data can come from a potentially untrusted source, data input validation is of critical importance to all applications’ security. Talos has worked with 7-Zip to responsibly disclose, and then patch these vulnerabilities,” the blog post read.

Talos urged users to update their vulnerable versions of 7-Zip to the latest revision (version 16.00 at time of writing).

Head to the Talos blog post for more details on the vulnerabilities.

Image courtesy Shawn Campbell under CC BY 2.0