DEPARTMENT OF HOME AFFAIRS

ACT NOW, STAY SECURE.

CYBER SECURITY CAMPAIGN

SENIOR AUSTRALIANS STAKEHOLDER KIT

INTRODUCTION

The purpose of this kit is to assist organisations to communicate simple, actionable

behaviours to educate members on how they can be more secure online.

Cybercrime costs the economy $29 billion annually, yet most Australians do not see

cybersecurity as a pressing issue or risk. In fact, most Australians actively look for ways to

not have to think about or engage with the topic of cybersecurity. Most people think a

cybercriminal ‘wouldn’t be interested in me’ but stealing small amounts of data or money

adds up quickly when done on a huge scale, and to the average person, losing even a few

thousand dollars can be devastating. To help address this, the Department of Home Affairs

and Australian Cyber Security Centre (ACSC) are asking for your help to spread the word that

learning simple habits and tricks (like using Multi-Factor Identification) can make a huge

difference in staying secure online.

This kit contains:

• Cyber Security for Seniors presentation with speakers notes

• Real life case studies taken from the ACSC ReportCyber hotline

• Ready-to-post Facebook content

• A copy of How to Use the Internet Securely: A Guide for Seniors

We thank you for your support in this important campaign.

CYBER SECURITY SEMINAR

Please click here to be taken to the Cyber Security Campaign resources page and navigate to

the Cyber Security for Seniors presentation with speakers notes.

This seminar can be delivered online or in-person.

We recommend sharing a copy of How to Use the Internet Security: A Guide for Seniors with

attendees available to download at cyber.gov.au/seniors

CASE STUDIES

These case studies are real word examples based on 2020 data from the ACSC’s cybercrime

reporting tool, ReportCyber. They demonstrate different ways cybercriminals target

individuals and small businesses and show how crimes could have been prevented through

a deeper understanding of cyber secure behaviours.

CASE STUDY #1 – PHISHING/SCAM PHONE CALL

Ron*(not his real name) received a call from someone impersonating a cyber security

company employee asking to investigate a hacking attempt on Ron's computer.

Ron was asked to download software onto his computer, allowing the hacker to remotely

access Ron's device. Ron was advised that he was using expired antivirus software, and that

he had been overcharged for it and was entitled to a partial refund.

In the process of “refunding” Ron, the hacker advised him that he had been accidentally

overpaid $100,000 by the company and could he please transfer the amount back.

Ron's bank statements later revealed that the hacker had actually transferred $100,000 of

Ron's own money between Ron's accounts - it wasn't from the company at all. Ron

immediately informed the bank, who quickly froze his accounts to prevent further criminal

activity.

THE LESSON:

Luckily, Ron didn't lose any money to this cybercriminal because he verified and informed

the bank immediately.

It is important to note that because of the prevalence of phishing, most companies will not

call, email or SMS you to:

• ask for your username, PIN, password or secret/security questions and answers

• ask you to enter information on a web page that isn't part of their main public

website

• ask to confirm personal information such as credit card details or account

information

• request payment on the spot (e.g. for an undeliverable mail item or overdue fee).

Learn the signs so you don't get caught by a cybercriminal phishing for your personal

information or hard-earned savings.

CASE STUDY #2 – CLUB PRESIDENT IMPERSONATION

Ming* (not their real name) is the Treasurer of a local-level sports club. One day, Ming

received an email from the club President asking to transfer $3,850 USD for upgrades to the

club’s website.

The requested funds were transferred to a US bank account in the following week.

A month later, the transfer was questioned. The club President was not aware of any emails

or payments owed for work on the website and pointed out that the website was managed

by an Australian company.

On investigation, they discovered that emails from the “President” had in fact come from a

generic email address ending in president@email.com

Financial Loss: $3,850

THE LESSON:

Cybercriminals are crafty and might use a familiar name and email address.

Be cautious if:

• you’re asked to urgently pay a bill

• you’re asked to change your details or password

• you’re asked to click on a link or open an attachment.

If you think a message or call might truly be from an organisation you trust (such as your

bank or a supplier) find a contact method you can trust. Search for the official website

and/or phone their advertised phone number.

Do not use the links or contact details in the message you have been sent or given over the

phone as these could be fraudulent.

CASE STUDY #3 – HACKED SOCIAL MEDIA ACCOUNT

One morning Faiza* (not her real name) received an Apple ID sign-in request from another

country, which she declined.

Later that day, Faiza discovered that she could no longer access her social media accounts.

The next morning, she woke up to an email from someone claiming to have stolen her

accounts and passwords. They said they'd also accessed her camera on her personal device

and had recorded her.

They threatened to release her private information and videos to her contacts and post the

content on social media unless she paid them a Bitcoin ransom.

THE LESSON:

Avoid becoming a victim of cybercrime by applying multi-factor authentication (MFA) to

your accounts where possible, or setting effective passphrases when MFA is not available.

Multi-factor authentication is one of the most effective ways to protect against

unauthorised access to valuable information and accounts.

What is it?

Multi-factor authentication (MFA) typically requires a combination of something the user

knows (pin, secret question), physically possesses (card, token) or inherently possesses

(finger print, retina). You can set this up as the way you access some of your accounts.

Where multi-factor authentication is not available, a strong passphrase can often be the

best way to keep your accounts cyber secure.

Passphrases are most effective when they are long, unpredictable and unique.

Instructions on how to apply MFA are available on the ACSC’s website at:

https://www.cyber.gov.au/acsc/individuals-and-families/step-by-step-guides

FACEBOOK CONTENT

Post 1:

Updating your software is like getting your car serviced. It improves your

device’s performance and makes it more secure.

You can find the Australian Cyber Security Centre’s step-by-step guide for

turning on automatic updates here: https://www.cyber.gov.au/acsc/individuals-

and-families/step-by-step-guides

Alt Text: [Image: A man with his arm around his grandson’s shoulder sitting on a

grey couch. His grandson is showing him something on his mobile phone and

they are smiling]

Post 2:

Cybercriminals are always finding new ways to hack into devices. Setting up your

device to automatically install updates can fix any weaknesses in your software

and keep hackers at bay.

You can find the Australian Cyber Security Centre’s step-by-step guide for

turning on automatic updates here: https://www.cyber.gov.au/acsc/individuals-

and-families/step-by-step-guides

Alt Text [Image: A woman with grey hair wearing a green long sleeve top is

sitting at a desk. She is smiling at her laptop as she is typing .]

Post 3:

DID YOU KNOW?

Updating your software is like getting your car serviced. It improves your

device’s performance and makes it more secure. Updates will also add new

features to your device and make it run faster. You can even turn on automatic

updates so your device will update itself while you sleep!

Get the Australian Cyber Security Centre’s step-by-step guide on how to tun on

automatic updates at https://www.cyber.gov.au/acsc/individuals-and-

families/step-by-step-guides.

Alt Text: [Image: Elderly couple sitting together looking at their laptop screen.

They are sitting in a garden patio. The woman is wearing a blue floral shirt and

the man a white collared shirt with checks on it]

Post 4:

Multi-factor authentication (MFA) on your account is what a security screen is to

your home. It protects you from criminals who are trying to break in.

The multiple layers make it harder for cybercriminals to hack in. They might

manage to work out one part, like your password, but they will still need to

obtain other pieces of the puzzle to access your account.

To learn how to turn on multi-factor authentication, visit

https://www.cyber.gov.au/acsc/individuals-and-families/step-by-step-guides

Alt Text: [Image: A grey-haired man is sitting on his outdoor deck wearing a

maroon collared short sleeve shirt. He is holding his phone in one hand and

credit card in the other]

Post 5:

Multi-factor authentication (MFA) is one of the most effective ways to protect

against unauthorised access to your valuable information and accounts. With

multi-factor authentication activated, you need to give multiple pieces of

information to gain access to your account. For example, you may need to enter

your password and a text message code to login to your social media profile.

Visit, https://www.cyber.gov.au/acsc/individuals-and-families/step-by-step-

guides for our step-by-step guides for turning on two-factor authentication.

Alt Text: [Image: An older woman is sitting in a café looking at her phone with

her laptop open. She has short white hair and is wearing glasses and a blue and

white shirt.]

Post 6:

Performing a 'backup’ is when you make a copy of your important files and put

them somewhere secure. It’s like photocopying precious photos to keep in a safe

in case you lose the originals. Having a backup of your important files and

cherished photos will provide you peace of mind if something goes wrong with

your device or you get hacked by cybercriminals, as you can easily restore your

files from your backups.

The Australian Cyber Security Centre has developed step-by-step guides for

backing up and restoring your files, check them out here:

https://www.cyber.gov.au/acsc/individuals-and-families/step-by-step-guides.

Alt Text: [Image: A senior couple are sitting in a park with facemasks on taking a

selfie on a black phone. They are both wearing white collared button up shirts]

Post 7:

When you back up your computer, phone or tablet, copies of your files are saved

online or to a separate device. Having a backup of your important files and

cherished photos will provide you peace of mind. If something goes wrong with

your device or you get hacked by cybercriminals, you can easily restore your files

from your backups.

Fine out how to backup and restore your files at

https://www.cyber.gov.au/acsc/individuals-and-families/step-by-step-guides

Alt Text [Image: Man sitting at a park bench looking at a tablet computer. He is

wearing a driving hat, tinted reading glasses a black vest and plaid shirt.]

Post 8:

DID YOU KNOW?

Backing up your device regularly means that you’ll always have access to your

most up-to-date files.

The Australian Centre for Cyber Security has developed step-by-step guides for

backing up and restoring your files for different device types including Apple or

Windows. Get the guides here: https://www.cyber.gov.au/acsc/individuals-and-

families/step-by-step-guides

Alt Text: [Image: Silver haired couple sitting in their backyard looking at their

tablet. The man has his arm around his wife’s shoulder, and they are smiling at

the device.]

Post 9:

If a password puts a padlock on your account, a passphrase gives its own

security system! They’re stronger and more secure versions of passwords.

When you can’t turn on multi-factor authentication, use a passphrase to secure

your account. Passphrases use four or more random words as your password.

This makes them hard for cybercriminals to guess but easy for you to remember.

For more information on passphrases visit,

https://www.cyber.gov.au/acsc/view-all-content/publications/creating-strong-

passphrases.

Alt Text: [Image: An older man is sitting on a grey couch. He has his computer on

his lap and is looking at his credit card. The man is wearing a coral coloured t-

shirt with a blazer over the top and reading glasses.]

Post 10:

When you create a passphrase, make it:

Long.

The longer, the better. Aim for at least 14 characters in length. Four or more

random words that you will remember is great. For example, ‘purple duck

potato boat’.

Learn more about creating secure passphrases here:

https://www.cyber.gov.au/acsc/view-all-content/publications/creating-strong-

passphrases.

Alt text: [Image: An elderly couple are at a white table in their house looking at a

tablet. The man is standing as his wife sits and holds the tablet. They are waving

to the people on their video call]

Post 11:

When you create a passphrase, make it:

Unpredictable.

The less predictable your passphrase, the better. Sentences can make great

passphrases, but they’re easier to guess. A mix of four or more random words

will make a stronger passphrase.

Learn more about creating secure passphrases here:

https://www.cyber.gov.au/acsc/view-all-content/publications/creating-strong-

passphrases.

Alt text: [Image: A grey-haired woman is sitting on a dark purple couch, wearing

a blue bathrobe, and holding a cup of coffee whilst looking at her silver laptop.]

Post 12:

When you create a passphrase, make it:

Unique.

Don’t recycle your passphrases. Use different passphrases for different accounts.

Learn more about creating secure passphrases here:

https://www.cyber.gov.au/acsc/view-all-content/publications/creating-strong-

passphrases.

Alt Text: [Image: Man sitting on a grey leather lounge wearing a yellow Hawaiian

shirt, black pants and headphones. He has his laptop resting on his knees and he

is typing.]

Post 13:

Arm yourself with the knowledge to use the internet more securely so you can

browse with confidence and continue enjoying your time online with the

Australian Cyber Security Centre’s Guide for Seniors called How To Use The

Internet Securely. Get the guide at https://www.cyber.gov.au/acsc/view-all-

content/guidance/how-use-internet-securely-guide-seniors

Alt text: [Image: Senior couple sitting in their kitchen at a dining table. On the

table is a cheese board and a silver laptop. The man wears a blue collared top

and has their dog sitting on his knee. He has his hand on a glass of red wine. The

woman is holding a glass of red wine and is wearing a light blue button up shirt.]

Post 14:

RECOGNISE AND REPORT SCAMS

The faster you report a scam, the quicker we can act. If you believe that

someone is attempting to use the internet to scam you, it’s better to be

proactive and cautious than risk being taken advantage of. To report a

cybercrime you can use the Australian Cyber Security Centre’s online reporting

tool at https://www.cyber.gov.au/acsc/report or call the Cyber Security Hotline

on 1300 CYBER1 (1300 292 371).

Alt text: [Image: A man with greying hair is sitting at his kitchen bench. He has

his phone to his ear and is looking at his silver laptop. The man is wearing a

white and blue t-shirt and reading glasses.]

Post 15:

If it sounds too good to be true, it probably is. While a message might say you’ve

won a prize or that your computer contains a virus, that message is not unique

to you. It might be coming from a scammer and they want to take advantage of

you. To find out more, visit www.scamwatch.gov.au and www.cyber.gov.au

To report a cybercrime you can use the Australian Cyber Security Centre’s online

reporting tool at https://www.cyber.gov.au/acsc/report or call the Cyber

Security Hotline on 1300 CYBER1 (1300 292 371)

Alt text: [Image: A woman is sitting on a brown leather couch with her mother.

She is showing her mum how to use her tablet. Her mother is smiling at her.]

Post 16:

DID YOU KNOW?

Cybercriminals are crafty and might use a familiar name and email address. Be

cautious if:

• You’re asked to urgently pay a bill

• You’re asked to change your details or password

• You’re asked to click on a link or open an attachment.

It might be coming from a scammer and they want to take advantage of you.

You can visit www.scamwatch.gov.au and www.cyber.gov.au to find out more.

Alt text: [Image: A man with a white moustache sits on his back porch next to

the pool. He is wearing a fedora and has glasses hanging around his neck. He is

holding his phone with two hands and looking at it.]

Post 17:

Cybercriminals are always coming up with new ways to target people. It never

hurts to brush up on your cyber security know-how from time to time and learn

new ways to stay secure.

Get The Australian Cyber Security Centre’s Guide for Seniors at

https://www.cyber.gov.au/acsc/view-all-content/guidance/how-use-internet-

securely-guide-seniors

Alt text: [Image: A couple with grey hair is sitting in their backyard on a white

bench. The husband has his arm around his wives’ shoulder, and they are

looking at their tablet. The wife is holding the tablet and touching the screen.]

Post 18:

Think about what you post.

Think carefully about the information you share online and who will see it. Only

accept friend requests from people you know in real life

Find out how to take control over what information others see about you, to

help reduce risk when you’re socialising online at the Australian Cyber Security

Centre’s website: https://www.cyber.gov.au/acsc/view-all-

content/guidance/be-control-what-you-share

Alt text: [Image: An elderly couple sit at a table with cups of tea. The woman is

wearing a bright blue t-shirt and smiling whilst typing. The man is wearing a light

blue collared t-shirt and is looking at his wife.]

Post 19:

Get alerts on new threats

Sign up for the Australian Cyber Security Centre’s free alert service at

https://www.cyber.gov.au/acsc/register/individuals-and-families. This will let

you know whenever a new cyber threat is found, and will also give you advice on

what to do if an attack happens.

Alt text: [Image: A grandfather sits with his grandchild on his lap whilst looking

at a mobile phone. The grandfather is wearing a charcoal shirt and the young

child is wearing bright blue pyjamas.]

Post 20:

Talk about cyber security with family and friends

Now that you’ve been skilled up in cyber security, share what you’ve learnt with

your family and friends. Your knowledge could help them out of a tricky situation

down the track!

You can visit www.scamwatch.gov.au and www.cyber.gov.au to find out more.

Alt text: [Image: A multigenerational family gather around a mobile phone in the

living room. The grandmother and father are smiling at the mobile phone as the

baby laughs and the mother is holding the device.]

Post 21:

Avoid public Wi-Fi when you’re banking or shopping online

Public Wi-Fi is great for watching videos or reading websites but keep any online

activity involving money for your home internet connection. Public Wi-Fi can be

risky.

You can visit www.scamwatch.gov.au and www.cyber.gov.au to find out more.

Alt text: [Image: a phone is tapping on an electronic EFTPOS machine. There is a

hand holding a coffee cup and a menu laying on the bench. There is a yellow sign

on the EFTPOS machine that reads “tap here”.]

Post 22:

Report cybercrimes and incidents to keep Australia secure.

If you think you’ve been a victim of a cybercrime, act quickly. More advice can

be found at cyber.gov.au. To report a cybercrime you can use the Australian

Cyber Security Centre’s online reporting tool at

https://www.cyber.gov.au/acsc/report or call the Cyber Security Hotline on 1300

CYBER1 (1300 292 371)

Alt Text: [Image: A woman with grey hair who is wearing a blue knitted jumper

sits at her desk. She has her chair turned around and is smiling at the camera.

Behind her is her computer set up on her desk along with a lamp, printer, and

some wall decorations.]