Welcome back to Don’t Be A Sitting Duck, the daily podcast where we break down the latest cyber threats and security risks so you can stay ahead of the hackers. I’m Leigh Kefford, and today we’ve got three critical stories you need to hear. From North Korean hackers targeting professionals on LinkedIn to scammers impersonating the Australian Cyber Security Centre—there’s a lot to unpack. Let’s get started!

North Korean Hackers Exploiting LinkedIn

First up, North Korean state-sponsored hackers—also known as the infamous Lazarus Group—are using LinkedIn to target unsuspecting professionals. Their tactic? Fake job offers that seem too good to be true. These cybercriminals initiate contact with victims, often in the tech and cryptocurrency space, luring them in with promises of lucrative opportunities. But what’s really happening is a phishing scheme designed to steal credentials and deploy malware.

One cybersecurity researcher from Bitdefender uncovered this attack when he was targeted himself, proving that even experts aren’t immune.

TAKE ACTION

So, what can you do to protect yourself? First, verify job offers directly with companies through official websites. Second, avoid downloading any attachments or clicking links from unknown LinkedIn recruiters. And finally, enable multi-factor authentication (MFA) to add an extra layer of security.

Building a Culture of Security

Now, let’s talk about something that every business should be prioritising: cybersecurity awareness and training for employees.

A recent article from Security Boulevard highlights why building a culture of security is more than just having strong passwords—it’s about empowering your employees with knowledge. Hackers know that humans are often the weakest link, so organizations must flip the script and make their workforce a cybersecurity asset instead of a liability.

TAKE ACTION

Start with leadership buy-in—if the top execs prioritize security, the rest of the company will follow. Next, implement role-specific training. A marketing employee needs different cybersecurity knowledge than an IT administrator. And finally, keep security awareness fresh with regular updates, phishing simulations, and interactive training.

Here at Don’t Be A Sitting Duck, we always say: ‘Security isn’t a one-time thing—it’s a culture.’ If you’re a business leader, now’s the time to take action. If you’re an employee, push for better training in your workplace.

Email Scammers Impersonating the ACSC

Last but not least, the Australian Cyber Security Centre (ACSC) has issued a warning about email scammers impersonating them to trick individuals into handing over personal details.

These scam emails look incredibly legitimate, often using official ACSC branding and urgent messaging to create a sense of panic. The goal? To get you to click malicious links, download malware, or hand over sensitive information.

Remember: The ACSC will never ask for your personal details via email. If you receive one of these messages, don’t engage. Instead, report it to the ACSC and your IT team. And, of course, always verify suspicious emails by contacting the sender through official channels.

Closing Remarks

That’s it for today’s episode of Don’t Be A Sitting Duck! Stay vigilant, question everything, and don’t fall for these scams. If you found this episode helpful, share it with your colleagues and friends—let’s make cybersecurity knowledge go viral.

And if you want even more cybersecurity insights, check out the show notes and other resources at sittingduck.com.au.

If today’s discussion has you thinking about your own business security, here’s what to do next:

Book your free Empower Systems Assessment at nationalpc.com.au—it’s the easiest way to understand where your business is vulnerable and how to fix it.

Check out my audiobook, Sitting Duck – The Phone Call You Don’t Want to Receive. It’s a short but powerful listen about how a Business Email Compromise attack unfolds and the real-world impact it has on businesses. Available now on Spotify and leading audiobook platforms.

Until next time, stay safe, stay informed, and don’t be a sitting duck!