Scam Updates: April ’22
Cyber Security Breaches Survey 2022
The Cyber Security Breaches Survey is an influential research study for UK cyber resilience, aligning with the National Cyber Strategy. It is primarily used to inform government policy on cyber security, making the UK cyber space a secure place to do business. The study explores the policies, processes, and approaches to cyber security for businesses, charities, and educational institutions. It also considers the different cyber-attacks these organisations face, as well as how these organisations are impacted and respond.
Some of the key findings:
- In the last 12 months, 39% of UK businesses identified a cyber-attack.
- The most common threat vector was phishing attempts (83%).
- Within the group of organisations reporting cyber-attacks, 31% of businesses and 26% of charities estimate they were attacked at least once a week.
- An average estimated cost of all cyber-attacks in the last 12 months of £4,200.
- Around four in five (82%) of boards or senior management within UK businesses rate cyber security as a ‘very high’ or ‘fairly high’ priority, an increase on 77% in 2021.
- Just over half of businesses (54%) have acted in the past 12 months to identify cyber security risks, including a range of actions, where security monitoring tools (35%) were the most common.
To read the full survey report, click here.
Fake ‘missed parcel’ messages: advice on avoiding banking malware
Our friends at the West Midlands Police Cyber-Crime Unit are alerting us to the threat that cyber criminals are tricking UK citizens into downloading a malicious app by sending convincing-looking ‘missed parcel’ text messages. The messages contain links to a page that either tells you to download a tracking app for the parcel delivery, or that your phone is infected with FluBot and you should download anti-FluBot software.
These apps are malicious and often contain Spyware. If installed they can steal your details, the can also access your contacts and send messages to them in an attempt to further spread the malware.
What to do if you have already downloaded the spyware app?
- Perform a factory reset as soon as possible
- When you set up the device after the reset, it may ask if you want to restore from a backup, do not restore from any backups that were made after installing the malicious app
- If you have logged in to any accounts or apps using a password since downloading the app, you must change that account password
- Any accounts with the same passwords must also be changed
How to safely check for missed parcels?
- Do not click any links
- Use official websites of delivery companies, in order to track the parcel
Reporting suspicious-looking messages
If you ever receive any suspicious looking text messages:
- Do not click on any links or install apps if prompted to
- Forward the message to 7726
- Then delete the message
How to protect yourself from future scams
- Back up your device to ensure you don’t lose any important information
- Only install apps from official ‘App’ stores
- For Android devices, make sure that Google’s Play Protect service is enabled if your device supports it.
For more information on protecting yourself or your business from banking malware please visit the NCSC website.
Fake Cadbury ‘Easter Chocolate Basket’ message
A fake message posing as Cadbury is spreading quickly on WhatsApp. It’s inviting people to grab a ‘Cadbury FREE Easter Chocolate Basket’ by clicking through to a site that has nothing to do with Cadbury.
Fortunately, Cadbury UK has been quick to warn its customers that the message is absolutely nothing to do with the brand. It’s urged anyone who’s received it not to interact and says it’s working to resolve the issue.
To read more on this, click here.
British Gas, Scottish Power, SSE and more issue warning amid electricity meter credit scam
Customers of British Gas, EDF Energy, E.ON, npower, Scottish Power and SSE have all been issued an urgent warning amid a rise in meter scams which to date has conned almost 200,000 people.
According to Action Fraud electricity or doorstep electricity meter credit scams are on the rise with it being revealed that more than 188,000 customers are said to have already fallen victim to the scam.
The scams involve being offered “cut-price energy” for those who use pre-payment meters.
To learn more about this scam, click here.
Free NCSC webinar: Phishing
The NCSC (National Cyber Security Centre) has released a free phishing webinar explaining how you can protect your organisation from scam email campaigns.
Phishing is a threat that most people know about. Emails designed to trick you into clicking a malicious link or divulge passwords and other credentials have become an everyday occurrence. Despite this familiarity, and the multitude of tools and techniques which purport to stop it, phishing remains the number one initial attack vector affecting organisations and individuals.
Unfortunately, there is no silver bullet. Phishing can only be dealt with using multiple complementary measures. This fact leads to some questions: Which measures are most (cost) effective? How should they be implemented? Can they be automated?
To help you answer some of these questions and begin protecting your organisation effectively, the NCSC has produced a Webinar titled, ‘Countering Phishing Threats to The UK’s Critical National Infrastructure.’ This details the NCSC current thinking on how best to stop phishing attacks. Once you’ve registered with (ISC)2, who helped produce the video, you can view the 30 minute presentation here.
NCSC advice on phishing
The NCSC phishing guidance has all the details, but in essence, your defensive layers should be arranged to:
- Make it difficult for attackers to reach your end users
- Help users respond appropriately if they receive phishing emails
- Provide additional measures to prevent consequences of opening phishing emails
- Allow you to respond appropriately and quickly, if the first three fail
To read more about the NCSC guidance on phishing campaigns, click here.