ACSC programs and advice are being migrated to cyber.gov.au (see sidebar)

CyberSense video

< Previous episode - Index - Next episode >

CyberSense episode 6: Let’s Go Phishing

Download (right-click > Save As) MP4 (19MB) or OGV (20MB)

Read script

CyberSense episode 6 'Let’s Go Phishing' script

  1. FADE IN: Office interior - daytime. KIM is working at her computer when a soft football flies over, knocking something off her desk.
  2. KIM - Hey! (She shakes her head, smiling, and returns to checking her emails.) (To herself) Who really falls for these money-laundering emails?
  3. GRAPHICS: Kim’s screen. Scrolling through a Nigerian bank scam phishing email. She deletes it.
  4. KIM - What’s this?
  5. GRAPHICS: Kim’s screen. Scrolling through what appears to be an email from her bank. It is asking her to reconfirm her details because they are doing some upgrades to their web site. She clicks on the link which takes her to her bank’s website (or so she thinks). Kim begins entering her personal details.
  6. CUT TO: Inside hackers' bunker - daytime. EMILY and ANUSHKA are working away at computers.
  7. GRAPHICS: Anushka’s screen. 'External target detected', 'Attempting to exploit known vulnerabilities', 'Target successfully infected', 'Deploying Trojan. Success', 'Enabling Remote Desktop Connection'.
  8. PAN: from screen showing Kim’s personal details to Anushka.
  9. ANUSHKA - Gotcha!
  10. GRAPHICS: Anushka, now with full access to Kim’s computer. She starts clicking away madly, looking into all her systems. Various screens appear one after the other. Finally a financial systems screen.
  11. ANUSHKA - Yes! It looks like our new friend, Kim, has access to the payroll system.
  12. EMILY - Yeah, but we don’t have credentials yet. Should I install the keylogger?
  13. ANUSHKA - Maybe, but first let’s try the credentials she used to log into our bank website. (Types.)
  14. ANUSHKA - Bingo! We’re in. Let’s move some money.
  15. GRAPHICS: Money is transferred out of the departmental payroll account to an external account. 'Transfer complete.' Anushka and Emily high five.
  16. REWIND TO: KIM - What’s this?
  17. GRAPHICS: Kim’s screen. Scrolling through the supposed email from her bank. She types in the link manually into her browser. The information displayed doesn’t match up with what the email is saying.
  18. KIM - Bogus. (Hits 'delete'.)
  19. GRAPHICS: The email disappears. FADE OUT

 

In August 2018 ACSC launched a new website, cyber.gov.au, to reflect its new organisation.

Cyber security programs and advice are being migrated to cyber.gov.au. Information and advice on this site remains current.

Reports help the ACSC to develop a better understanding of the threat environment and will assist other organisations who are also at risk.

Cyber security incident reports are also used in aggregate for developing new defensive policies, procedures, techniques and training measures to help prevent future incidents.

Information for Australian businesses
Information for individual Australian citizens
Information for Federal, State and Local government agencies