- Security TWENTY
- Women in Security Awards
Where to go for proper advice on avoiding cyber scams – knowing what to look for, and indeed knowing whether you have fallen a victim to a scammer. There’s the new National Cyber Security Centre (NCSC) as featured in the November 2016 print issue of Professional Security magazine, the UK’s authority on cyber security, a part of GCHQ; and Action Fraud, the police’s centre for taking reports of frauds, which generally have gone online. But where should the small business or consumer turn?
The Met Police has brought out a ‘Little Book of Cyber Scams’ – visit http://www.met.police.uk/docs/little-book-cyber-scams.pdf. The 40-page document covers the business risks, the most common cyber scams around, what you can do to protect yourself from hacking, and denial of service attacks; what malware is, and how to protect yourself against that; and what to do in case of social engineering attacks, whereby people seek to steal valuable details about your and your business, to use towards crimes, such as sending a phishing email in the hope of defrauding.
The document also covers where to look for more advice, such as the Met’s own ‘Fraud Alert’ pages, and where to report cyber-crimes. As for what the future holds, the guide says that cyber criminals have used internet bandwidth linked to IoT (Internet of Things) devices (such as fridges, and TV sets) to conduct large scale DDoS attacks. And we have to expect more ransomware (malware with a ransom demand attached) and larger ransom demands against victims, for instance for a denial of service attack to stop, or if critical data is stolen from your network.
On wi-fi hotspots, the document warns that cyber criminals might set up their own wi-Fi network; or the wi-fi at a coffee shop or hotel might be insecure. If intercepted, hackers could steal passwords and online banking and other login details and then use it to commit offences, or sell that data for others to use against you, whether for corporate espionage or fraud. Instead, the advice is to log into public wi-fi using a Virtual Private Network (VPN). Don’t do anything on public Wi-Fi that you wouldn’t want other people to see.
As for the risk of ‘data leakage’ the guide points out: “In the same way a criminal may see from a social media post you are on holiday and burgle your house, a cyber criminal
may use a work contact email address or something you have posted online, such as an event you are attending, to assist in a cyber attack against you.” As an example, a tweet about a visit to a restaurant could be used to create a spearphishing email that appears to come from the restaurant. This email may offer you the opportunity to enter a competition or claim a discount on your next visit by completing a form attached to the email. This form may contain malicious software and on opening it the malware can infect your computer.
Likewise the guidance suggests that you take care over privacy settings on social media sites; and posting direct business contact email addresses online, as they could be used to create authentic-looking emails to trick others into giving up data, or unwittingly aiding a fraud or denial of service attack.