Clare Curran - Minister of Digital Media
The government is urging New Zealanders to report suspicious activity on their Facebook accounts, after Digital Media minister Clare Curran was targeted by a fake account.
After being impersonated online, Curran said CERT NZ - a national emergency response team - advised the minister to change her password and upgrade protection.
“The need for vigilance was brought home to me this week when a fake account surfaced using my identity,” Curran said.
“I reported the issue and followed CERT NZ’s advice, changed my Facebook password and upgraded my password protection.”
Curran said all Kiwis who are active online are vulnerable to having accounts compromised or fake accounts created to “trick online communities”.
“Fake Facebook accounts are a common online scam and can be used as part of social engineering campaigns to gather personal or financial information,” Curran added.
“CERT NZ is able to provide a range of advice on protecting genuine accounts.”
In order to further protect Facebook accounts, CERT NZ recommended Kiwi check if there have been any unexpected or suspicious logins.
“It’s easy to do through the settings option,” Curran explained. “CERT NZ also has useful information on reporting fake accounts to Facebook.
“It’s frightening to think someone is impersonating you online and CERT NZ is there to help people sort out issues and feel safe again online. Each report helps build a better understanding of the sorts of threats New Zealanders face online each day.”
The warning comes days after CERT NZ issued an advisory note to businesses across the country, specific to an “active campaign” targeting Cisco devices with Smart Install (SMI) enabled.
“Attackers are identifying these devices by scanning for public IP addresses that have specific SMI ports open and services running,” an advisory note stated.
“Once a device is identified, the SMI protocol is misused and an attacker is able to access and control the device.
“Cisco devices that have SMI enabled and are internet-accessible. These devices can be identified in a number of ways, including checking for devices with SMI port 4786 open and running.”
According to CERT NZ, it’s “prudent to work on the basis” that all Cisco devices with SMI port 4786 open are affected until they are investigated.
“All affected devices need to be investigated and unnecessary services and protocols should be disabled or controlled through Access Control Lists (ACL) to prevent the device from being compromised,” a CERT NZ statement added.
