Latest news with #DaliKaafar
The Age
03-07-2025
- Business
- The Age
Qantas cybersecurity breach: All you need to know
Part of Scattered Spider's strategy is to 'steal sensitive data for extortion', according to the FBI. The cybergang often deploys ransomware, which involves locking up sensitive data and threatening to delete or release it unless a ransom is paid. Loading How do I know if my data has been affected? If you are one of the six million customers affected by the breach, you will likely have received an email from Qantas. Many received it on Wednesday evening. Whether the data is further exploited for financial gain is a bit of a wait-and-see scenario. Qantas said frequent flyers should remain 'alert for unusual communications claiming to be from Qantas' such as 'emails or calls asking for personal information or passwords'. Such requests should be treated with suspicion. The airline would never contact members 'requesting passwords, booking reference details or sensitive login information'. The airline has set up a dedicated webpage, along with a dedicated support line on 1800 971 541 or 2 8028 0534 for enquiries. What is Scattered Spider? The criminal cybergang is suspected as being behind the breach. It is thought to be motivated by financial gain, and believed to be based in the US and UK. 'The FBI has recently observed the cybercriminal group Scattered Spider expanding its targeting to include the airline sector,' the agency said on June 28. Scattered Spider relies 'on social engineering techniques, often impersonating employees or contractors to deceive IT help desks into granting access... They target large corporations and their third-party IT providers, which means anyone in the airline ecosystem, including trusted vendors and contractors, could be at risk.' While complete attribution takes time, Hawaiian Airlines and Canada-based WestJet are also suspected to be victims of Scattered Spider. Macquarie University cybersecurity professor Dali Kaafar said: 'Scattered Spider are known to be in this sophisticated social engineering tactics, often coincidentally also targeting help desks or call centre personnel to gain access to some corporate networks. 'Scattered Spider often combines some data exfiltration with possible ransomware threats, which I wouldn't be surprised to see in the next few days.' Qantas has not – at time of writing – received a ransom demand. What can I do to protect my data now? In the email to affected members, Hudson told customers: 'I want to reassure our Qantas frequent flyers that there's no requirement to reset your password or PIN.' The company has urged frequent flyer members to use two-factor authentication on their accounts. 'The information released in the incident is not enough to gain access to frequent flyer accounts,' a Qantas spokesman said. Loading In addition to the two-factor authentication (2FA) or multifactor authentication (MFA) in place, 'we have always strongly encouraged customers to set up and install an authenticator app for added account security', the spokesman said. Two-factor authentication was made default on frequent flyer accounts some time ago. Not all members would have set up the 2FA. Macquarie's Kaafar said: 'The idea that login details have not been compromised so it should be secure and safe, definitely doesn't make sense to me.' Research and empirical evidence shows that many members would actually be using some form of the birthday as a PIN number, he said. The fact that the date of birth associated with frequent flyer members' numbers are now 'out there, compromised' and that the mobile app relies on only three main pieces of information makes the app 'quite vulnerable to further compromise'. The app requires a user's surname, frequent flyer number and a PIN code. 'So I think it just makes perfect sense, an immediate action to take, is to at least change that PIN code.' Kaafar said the two-factor authentication also wouldn't protect from overall phishing and scam vulnerabilities once the data was in the hands of criminals. Chief technology officer at NordVPN Marijus Briedis urged customers to use a password manager app 'to create unique, strong passwords for all your accounts'.
Finextra
30-06-2025
- Business
- Finextra
CommBank deploys batallion of AI-powered bot profiles to chat with scammers
Australia's CommBank is turning the table on scammers, launching a fleet of thousands of AI-generated bot profiles to engage with and disrupt criminal networks fleecing consumers. 1 The AI bots are deployed by - a cyber-intelligence firm and spin-out from Macquarie University. 'This is about flipping the script,' says James Roberts, CommBank's general manager of group fraud. 'Scammers are increasingly using AI to target Australians - we're turning the tables by using AI to fight back. Every minute a scammer is engaging with a bot, is a minute they're not targeting an Australian. The near real-time intelligence being gathered is a game-changer in how we help to protect our customers and the broader community.' When a scammer calls or texts, the bots engage them in extended conversations, gather intelligence, and feed near real-time insights directly into CommBank's scam control systems and the broader cross-sector anti-scam ecosystem. Professor Dali Kaafar, CEO & founder of says: 'Our system is based on a 'Honeypot' strategy. In collaboration with our telco partners, operates a vast and constantly growing network of dedicated telephone numbers connected to the telcos networks and designed specifically to be discovered and targeted by scammers. When a scammer dials or messages one of these numbers, they actually engage in conversations with one of our AI-powered bots and not a person. 'We've designed our bots to be difficult to detect by scammers, making them incredibly effective at gathering intelligence and disrupting scam operations. The bots are uniquely crafted with diverse identities - varying in gender, age, tone, and cultural nuance - and fine-tuned with Australian slang and humour to improve realism.' The full-scale roll out of the bot network follows a successful pilot programme with Macquarie University in late 2024. 'Since the pilot programme was announced late 2024, it has expanded in both scale and sophistication,' says Roberts. 'This has seen hundreds of thousands of scam calls diverted to bots, with intelligence gathered helping to generate near real-time alerts and blocks to protect CommBank customers."
Straits Times
27-06-2025
- Business
- Straits Times
Chatty AI bots put to work in Australia's fight against fraud
When a scammer calls or texts, the AI bots—sophisticated digital decoys—spring into action. PHOTO ILLUSTRATION: PEXELS Scammers targeting people in Australia may soon find themselves talking not to victims but to bots instead. On June 27 , Australia's largest bank Commonwealth Bank of Australia deployed 10,000 artificial intelligence bots to disrupt scam operations, engage scammers in extended conversations, and gather valuable intelligence in real time. When a scammer calls or texts, the multilingual AI chatbots create voice clones that keep fraudsters on lengthy phone calls. During the calls, the bots also extract as much intelligence as possible and feed real-time insights directly into the bank's scam-control systems. 'Scammers are increasingly using AI to target Australians – we're turning the tables by using AI to fight back. Every minute a scammer is engaging with a bot is a minute they're not targeting an Australian,' the bank's group fraud general manager James Roberts said. Developed in partnership with cyber-intelligence firm the initiative is based on a honeypot strategy, which refers to a security mechanism that creates a virtual trap to lure attackers. Professor Dali Kaafar, founder and chief executive of said: 'In the fight against scams, timing is everything. Our intelligence gives organisations like Commonwealth Bank the edge, not just to detect scams, but to anticipate and block it before it reaches customers.' According to data from Australia's National Anti-Scam Centre, phone scams were the most financially damaging form of scams in 2024, with 2,179 victims losing A$107.2 million (S$89.3 million). Text messages were the second most common contact method used by scammers, with investment scams responsible for the highest losses via this channel. Beyond immediate engagement, the bots also help identify emerging scam trends, improve the bank's scam detection capabilities, and support collaborative efforts to shut down scam networks industry-wide. In Singapore, the AI model Meralion screens phone calls and intercepts potentially fraudulent ones, preventing scammers from reaching their intended victims. The Singlish-savvy national AI program, developed by the A*Star Institute for Infocomm Research, is available for the public to install for free. If a call is flagged as suspicious, Meralion answers on behalf of the user, identifies itself as an AI assistant, and prompts the caller to explain the reason for the call. Based on the response, the bot decides whether to connect or block the call entirely. Meralion is also capable of blocking robocalls – automated calls frequently used by scammers to reach large numbers of victims at once. Join ST's Telegram channel and get the latest breaking news delivered to you.
News.com.au
26-06-2025
- Business
- News.com.au
Commonwealth Bank Australia reveals new 'honey pot' strategy in bid to stop scammers
Commonwealth Bank Australia has revealed a new strategy which will be put in place to stop scammers – using artificial intelligence (AI) to trap them in a 'honey pot' strategy. CBA, in partnership with says they are deploying thousands of conversation bots to stop scammers ringing or phoning actual Australians. This fleet of AI-powered bot profiles are engineered to engage with scammers, gather intelligence on them and disrupt scam operations all in near real-time. chief executive and founder Dali Kaafar said the system was based on a 'honey pot' strategy. 'We've designed our bots to be difficult to detect by scammers, making them incredibly effective at gathering intelligence and disrupting scam operations,' professor Kaafar said. 'The bots are uniquely crafted with diverse identities – varying in gender, age, tone, and cultural nuance – and finetuned with Australian slang and humour to improve realism.' Professor Kaafar said in collaboration with our telco partners, operates a vast and constantly growing network of dedicated telephone numbers connected to the telcos networks and designed specifically to be discovered and targeted by scammers. 'When a scammer dials or messages one of these numbers, they actually engage in conversations with one of our AI-powered bots and not a person,' he said. 'In the fight against scams, timing is everything. 'Our intelligence gives organisations like CBA the edge, not just to detect scams, but to anticipate and block it before it reaches customers.' Commonwealth Bank general manager of group fraud James Roberts said while the bank won't share specific methods this collaboration is helping to strengthen the ability to quickly and effectively to evolving threats. 'Since the pilot program was announced late 2024, it has expanded in both scale and sophistication,' Mr Roberts said. 'This has seen hundreds of thousands of scam calls diverted to bots, with intelligence gathered helping to generate near real-time alerts and blocks to protect CommBank customers. It comes as the bank looks to offset some of the financial damages caused by scammers in Australia. CBA says phone scams accounted for the highest overall financial losses in 2024, and were more likely to result in significant losses for an individual. Mr Roberts said every minute a scammer is engaging with a bot, is less time they can be using to target Australians. 'The near real-time intelligence being gathered is a game-changer in how we help to protect our customers and the broader community,' he said.
