Scam Updates: March ’22
Increased malicious and scam activity exploiting the war in Ukraine
As the war in Ukraine intensifies, cyber security specialists are seeing waves of fraudulent and malicious emails exploiting the humanitarian crisis and charitable spirit of recipients across the globe.
Leading cyber security provider Bitdefender is currently warning the public and businesses alike that scammers and criminal groups are using fraudulent emails and SMS messages asking recipients to donate money.
Scammers are impersonating the Ukrainian government and international humanitarian agencies.
Consequently, Bitdefender are recommending the following:
- Don’t open emails or attachments from unknown senders – particularly if the message carries a sense of urgency.
- Be on the lookout for emails asking for donations, even if the email appears to be from a credible agency. If you want to make a donation do it directly via the agency’s website.
- Beware of text messages from unknown senders, and don’t click on any links within the message. If in doubt, delete the message and block the sender.
- Be aware of misinformation campaigns – ‘deepfake’ synthetic media (manipulated media) spreads misinformation. A particular ‘red flag’ is if the campaign asks you to spread the information wider.
- Use strong passwords for online accounts – use different strong passwords for each account and consider using a password manager to simplify management and keep you safe.
- Use a virtual private network (VPN) on all public WIFI connections.
- Encourage everyone to install a security solution on all digital devices
- Remain updated by subscribing to cybersecurity news updates, alerts and cyber safety tips (such as the ones featured in these newsletters) to learn the latest on malware attacks, ransomware and top tips for staying safe online.
To learn more about the current scams related to the Ukrainian war, and see examples of some of the messages sent, click here.
Action Fraud has received 196 reports of bogus requests to fundraise for victims of the crisis.
Scammers are using a variety of methods to con donors, including selling charity T-shirts. Some are even pretending to be Wladimir Klitschko, whose brother Vitali is mayor of Ukraine’s capital, Kyiv.
Scammers involved in Ukrainian related charity scams have also been requesting crypto donations. They often email out fake QR codes and GoFundMe accounts to trick people into following malicious links. Crypto-currency phishing emails ask people to donate Bitcoin or Ethereum. And criminals provide addresses they falsely claim are connected to the Ukrainian government.
Action Fraud advises people to ask to see the collector’s ID badge and check if they have a licence to fundraise with the local authority.
Be cyber OK with MFA
Do you believe that having strong and complex passwords for your digital devices and accounts will stop them being compromised and exploited? If so, you are seriously leaving yourself vulnerable to cyber-attack.
If you only use a password to authenticate a user, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, an attacker could be using it to gain access. When you require a second form of authentication, security is increased because this additional factor isn’t something that’s easy for an attacker to obtain or duplicate.
Multi-factor authentication (MFA) is a process in which users are prompted during the sign-in process for an additional form of identity verification, such as a code on their smartphone or a fingerprint scan.
Setting up MFA is both quick and simple. For guidance on setting up MFA for your Microsoft accounts click here. For guidance on setting up two-factor authentication for your Apple ID, click here.
There are 8 clear benefits of MFA:
- Increases security – providing multiple credentials stops hackers from gaining control of your accounts.
- Reduces risks from compromised passwords – passwords can be guessed, exposed or stolen.
- Customised security solution – Each authentication factor offers multiple options, such as fingerprint ID.
- Compatible with Single Sign-On (SSO) systems – MFA can be fully embedded into SSO, reducing the need for multiple passwords.
- Scalable for your business needs – MFA can be set up for all staff, contractors, partners and customers.
- Regulatory compliance – MFA meets the authentication requirements of many Industry Standards, particularly regarding payment methods and management of sensitive data.
- Enables enterprise mobility – MFA is totally versatile and can be used on desktop as well as remote working mobile devices.
- Adaptable for different user functions – MFA is scalable and can be set up to require more levels of authentication for risky situations e.g. public, open or anonymous IP addresses that require greater assurance of a user’s identity.
To learn more about MFA and how you can integrate it into your environment, read the following National Cyber Security Centre guidance.
Royal Mail chatbox scam
The public are being warned about a new type of ‘delivery scam’ where the perpetrators create fake chatbots that sneakily sign victims up for expensive monthly subscriptions. It starts by sending phishing emails impersonating Royal Mail that invite you to ‘start a chat’ to trace or reschedule a delivery.
The fake Royal Mail chatbot is plausible as it lists a delivery tracking number and shares an image of a parcel, explaining that the ‘label was damaged’, to convince you to reschedule the delivery.
Read more about how the chatbox scam works, who’s behind it and how to protect yourself.
UK Sport hit by thousands of cyber-attacks during the last year
Security Journal United Kingdom report that UK Sport, the government agency responsible for investing in Olympic and Paralympic sport in the United Kingdom, has been hit by almost a quarter of a million cyber-attacks during the past year, according to official figures.
This comes at a time of heightened sensitivity amidst threats of Russian cyber-attacks on the UK.
UK Sport rejected a total of 246,724 malicious emails during the reporting period with a noticeable increase in the latter half of 2021. During the first half of the period, 105,920 attacks were blocked by UK Sport, rising to 140,804 during the second half of the period, an increase of 33%.
To read more about this, click here.
Android users warned about dangerous DHL text scam
Android smartphone owners are being warned to be on their guard to keep a close eye on any text messages received.
Security experts have warned a new malware campaign is targeting Android users in the US and Europe, with scammers posing as delivery firm giant DHL.
Victims will be sent a text message with a URL to a website asking them to download a bogus DHL app for Android. For more information on this scam click here.
74% of ransomware revenue goes to Russia-linked hackers
New analysis conducted by Chainalysis suggests that 74% of all money made through ransomware attacks in 2021 went to Russia-linked hackers.
Researchers say more than $400 million worth of crypto-currency payments went to groups “highly likely to be affiliated with Russia”. Russia has denied accusations that it is harbouring cyber-criminals.
Researchers also claim “a huge amount of crypto-currency-based money laundering” goes through Russian crypto-companies.
To read more about this, click here.
Fake Amazon ‘Locked Accounts’ emails
There have been a number of fake Amazon emails in the past 12 months, but we’ve noticed a new example that claims your account has been ‘locked’ and is ‘holding all your last orders’.
Its layout is slick and could look genuine enough to deceive you if you don’t take a moment to assess it. Here’s what it looks like.
British Gas phishing email
Consumer champions Which? are urging the public to be on their guard for a British Gas phishing email currently in circulation.
The phishing email purporting to be from British Gas states the customers’ bills are overdue and need paying. It attempts to extort the recipient’s account details by urging them to click through to fake websites.
Here are examples of the fake British Gas emails – which the provider has confirmed has nothing to do with them. Which? has produced some helpful guidance on what to do if you are sent one of these emails. Click here for more details.