Australian Banking Passwords Stolen and Posted on the Dark Web: 7 ways to protect yourself right now
Over 30,000 passwords from customers at Australia’s Big Four banks have been compromised and posted on the dark web. This includes credentials belonging to at least 14,000 Commonwealth Bank customers, 7,000 ANZ customers, 5,000 NAB and 4,000 Westpac customers.
This comes just 3 weeks after thousands of Australian superannuation passwords were stolen and used to fraudulently access accounts from Australian Retirement Trust, AustralianSuper, HostPlus, Rest and Insignia Financial. Several people lost hundreds of thousands of dollars.
everything you need to know about Australia’s password crisis
Research by Sydney-based cybersecurity firm Dvuln has found that infostealer malware is being used to target and steal passwords from devices belonging to customers of major Australian banks, including ANZ, NAB, Westpac, and the Commonwealth Bank. This is not a cyber attack on the Big Four banks, rather passwords have been stolen directly from the users’ device.
You may be asking, what is infostealer malware and how does it work?
Infostealers are a type of malware designed to collect information from your device, recording everything you type and do. Often, without even triggering an alert or victims being aware that they have been compromised in the first place. Dubbed “the silent heist" by the Australian Signals Directorate, infostealers extract usernames and passwords, credit card details, cryptocurrency wallets, local files, and browser data including cookies, history and autofill form details.
This malware then sends the valuable stolen data directly to cybercriminals, who trade, sell or distribute this data online via the dark web.
How is Infostealer malware spread?
Infostealers can spread through a variety of attack vectors, but three of the most common include:
Phishing: a type of scam where cybercriminals send an email or SMS designed to trick you into clicking on a malicious link, downloading a malicious attachment or giving away personal data. They may also call you to trick you into giving them remote access to your device.
Malicious downloads: files or software downloaded from the internet or app stores that are deliberately designed to infect your device. These downloads can be disguised as legitimate software or come bundled with other software, leading you to unknowingly install them.
Malvertising: an attack that involves injecting malicious software into legitimate online advertising networks, and then displaying these ads to users, leading them to unknowingly click and download malware.
What can you do to protect yourself today?
This isn't a “wait and see” situation. Here’s what you should do right now to protect yourself, your family, and your business:
Use a paid malware detection and removal software. We recommend Microsoft Defender, it is as little as $179 a year for the whole family.
Change your banking and superannuation passwords after you’ve ensured your devices are not infected with malware. Make it a strong, unique passphrase (Pari30lymp1c3!4remyf@v!) and don't reuse it elsewhere.
Turn on multi-factor authentication (MFA) for all of your online accounts. Even if your password becomes compromised, attackers can't get in.
Use a trusted password manager to securely store all your unique passwords. Do not store passwords in your browser.
Beware of suspicious emails, messages, and phone calls. Any requests for personal or financial data, or instructions to click on a link, especially where there is a sense of urgency, are signs of a red flag.
Update your devices. Software updates aren't just annoying notifications, they patch vulnerabilities in existing software that cybercriminals use to exploit and enter a backdoor into your device.
Regularly review your bank accounts. Set alerts so that you can be notified of any transactions, and look out for ones that you don’t recognise. Report anything suspicious to your bank immediately.
Final thoughts…
The bottom line? Don’t wait to become a target, take action NOW. Attackers don’t discriminate, and they are using AI to enhance the sophistication and speed of their operations. By taking a few proactive steps today, you can protect yourself, your family, your life savings and your financial future.
📞 Are you a business wanting to secure yourself against cyber attacks?
If you’re a business and want help securing your business from cyber attackers through security awareness training, you can book a call with our team here. We're here to make sure you stay protected, not panicked.
The best time to strengthen your security was yesterday. The second-best time? Today.
Book a free consultation with our team now and learn how we can help your business stay safe against cyber threats.
Based in Sydney and trusted by businesses nationwide.
