Do you know enough about ATM skimming? Learn more from Fiscal the Fraud Fighting Ferret!

Long-term readers of Naked Security will know that the techies at Sophos Australia are big fans of the Queensland Police Service (QPS).

Over the past few years, QPS has engaged strongly with the community and with industry to take on cybercrime and cybercriminals, both in Australia and around the globe, winning national awards in the process.

They’ve made a real effort on a number of issues that go well beyond simple law enforcement, trying to try to raise awareness of cybercrime, to improve security practices amongst consumers, and to bring vendors, service providers and investigators together at regular seminars to work out how to cooperate productively against the Bad Guys.

The Queensland cybercops have also come up with a cute educational mascot, Fiscal the Fraud Fighting Ferret, who appears in a range of straight-talking animated cybercrime awareness videos made by the team.

The latest Fiscal video is particularly timely for Naked Security, as it deals with ATM skimming, a topic about which my colleague Chester Wisniewski wrote just the other day.

What surprised me about Chester’s article was the number of people who wrote to us afterwards, convinced that ATM skimmers could catch your PIN on camera but would need to rob you face-to-face to get your card.

But they don’t need to be near the cash machine whilst they’re harvesting your data. Copying the data off the magstripe on your card is surprisingly easy, using a miniaturised card reader called a skimmer fitted over the front of the card slot. Clearly, ATM skimming is not well-enough understood.

So here’s an explanation of why and how to be on your guard when you’re using a cash machine. It doesn’t assume you’re a computer expert, it doesn’t talk down to you, it’s easy to understand, and it’s narrated by a Fraud Fighting Ferret!


As Fiscal the Fraud Fighting Ferret concludes, “Education and awareness are the best fraud prevention weapons we have.”



What do we need to do to reach "cybersecurity awareness"?

In this week’s Patch Monday podcast on ZDNet Australia, outspoken Aussie technology journalist Stilgherrian interviews Sophos's Paul Ducklin about the real issues behind cybersecurity awareness.

This is a topical issue in Australia right now, where it's Cybersecurity Awareness Week – but what does “cybersecurity awareness” really mean?

Is it something we can knock on the head with some one-off campaigning once a year? Does it simply mean urging individual users to improve their online behaviour?

Or is cybersecurity awareness something which belongs in the lap of the big service providers? (Facebook and Sony spring immediately to mind.) If they were to improve their attitude to privacy and security, would that take some of the pressure off end-users?

Join Stilgherrian and Duck to learn more:

30 May 2011, total duration 27:56 minutes, size 8.5MBytes

(And here’s a cybersecurity freebie – to protect your own data, especially if you intend to back it up or want to share it securely with friends on the web or via email, pick up a copy of Sophos Free Encryption for Windows. Direct download – no registration required.)