Category: Fight Back

Cyber First

CyberFirst is a programme of opportunities to help young people explore their passion for tech by introducing them to the fast paced world of cyber security.

https://www.ncsc.gov.uk/cyberfirst/overview

CyberFirst covers a broad range of activities: a comprehensive bursary scheme to financially support undergraduates through university and a degree apprenticeship scheme; a girls’ only competition, thousands of free places on CyberFirst courses at UK universities and colleges and our new initiative CyberFirst Schools and Colleges. Each activity is designed to seek out diverse people with potential, offering the support, skills, experience and exposure needed to be the future first line of defence in our CyberFirst world.

CyberFirst say they were setup by the National Cyber Security Centre (NCSC), part of GCHQ to find diverse young– not just programmers but entrepreneurs, public speakers, analysts and more – who’ll become the next generation of cyber security specialists.

Cyberfirst say that their bursary and degree apprenticeship programmes are designed for a new generation of future cyber security professionals. Even if you don’t know how to code yet, these programmes are open to you. The key thing they look for in applicants isn’t genius programming skills – it’s curiosity.

Is this going to be successful?

Nobody knows but it is likely to help some people, but probably not as many as they hope it will reach.

If you’ve signed up for CyberFirst, let us know, by email.

Cathy Deals with Scam Callers

Scammers call you trying to steal your money or your identity or both.

So, why not waste their time, drive them mad and get your own back.

Plus while you’re keeping them busy they cannot be scamming someone else.

Cathy Simpson came up with an unusual way to have a bit of fun while deflecting cold callers, although it needs a little preparation to really work well.

“I used to be plagued with them, sometimes as many as six in a day, so I applied serious thought to the problem. My life changed forever when I discovered that you can download MP3 clips of various sounds, which I saved in iTunes.

“So… a scammer would call, and I’d tell them I’d need to transfer them to my husband, then play a clip of someone snoring REALLY loudly for a few minutes or a chorus of screaming chimpanzees.

“Sometimes I’d tell them my computer was in the other room, and I’d need to go down there to turn it on. So they could accompany me on my journey, they were treated to the sound of someone walking along an interminably long echoey corridor, followed by the sound of wading through water. These guys have no staying power, you know. When I asked if they were still there, they’d already rung off.

“My favourite, though, was the time they phoned to tell me my IP address had been hacked. They told me to turn on my computer. I played a clip of artillery fire, followed by an explosion. I expressed dismay that my computer had just blown up.

“I told them I couldn’t tell, as the computer was now in small pieces all over the floor and the room was full of smoke. They told me not to worry, that they were working on it. I thanked them, of course. It was only polite.”

Have fun.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

Cybersecurity Best Practice for Entrepreneurs

A post by Lindsey Weiss

At Fightback Ninja Blog, we know that cyber threats are more common than most people think. While many aspiring entrepreneurs think they don’t have to worry about cybersecurity until their businesses really take off, no one is immune to these threats. In fact, hackers often single out small companies because they’re easier to infiltrate. Small businesses tend to lack the sophisticated cybersecurity systems employed by large companies, and cyber criminals have a better shot at success by targeting weak systems. To ensure your new business is safe from cyber threats, we’re here to share a few essential tips!

Understand Your Vulnerability

Why should you care about cybersecurity? A cyber-attack or data breach at your business can lead to significant losses. A cyber-attack can destroy your reputation and erode your customers’ trust in your brand, leading to loss of customers and loss of sales. Beyond this, a cyber-attack can directly result in financial losses arising from theft of financial information, ransomware demands, and website downtime. Not to mention the costs associated with repairing systems and devices as well as the legal consequences that follow a data breach.

Clearly, there’s a lot at stake. Let’s discuss some ways to prevent these losses and ensure your business is safe from threats.

Save Sensitive Email Information in PDFs

Businesses all over the world send countless emails every day, many of which contain sensitive information like financial data that cybercriminals would love to get their hands on. Email security is essential. To reduce the risk that a criminal can exploit information shared in a business email, try to convert emails to PDF files. Keeping sensitive information in your inbox leaves it vulnerable and prone to data loss. By converting emails to PDFs, you can save important information on your local computer and protect documents with passwords to ensure an additional level of security.

Follow Password Best Practices

We all know that it’s important to create strong passwords, but what does this really mean? Small Business Trends explains that password best practices go beyond the creation of strong passwords through a mix of letters, numbers, symbols, and upper and lowercase characters. While this is an important first line of defence against hackers, there’s more you can do. Use two-factor authentication to ensure you have to verify long-in attempts involving your username and password. This will keep criminals out of your accounts, even if they gain access to your log-in information.

Use Reliable Cybersecurity Software

Antivirus software is crucial for protecting your business from threats. TechForce recommends strongly against relying on the software that came with your computer as this is likely designed to protect consumers rather than businesses. Invest in an antivirus solution that offers the level of protection required for your business. Do your research and read online reviews from other entrepreneurs to make sure the software you choose will meet your needs.

Establish a Recovery Plan

Even if you implement strong safeguards to shield your business from cyber attacks, it’s important to establish a recovery plan so you know what to do in a worst-case scenario. The faster you act after an attack, the more you’ll be able to minimize your losses. First and foremost, be sure to maintain regular backups of your business data so you can get back up and running as soon as possible after a data loss event.

Once you establish a reliable backup and data recovery plan, make note of all the other steps you’ll need to take in the event of an attack. For example, plan how you’re going to identify those affected by the breach and notify your customers. You may also want to consider investing in cyber liability insurance to help you recover from a cyber security attack.

If you plan on launching your own business in the near future, take the time to learn about cybersecurity. Implementing good cybersecurity practices like using two-factor authentication, converting emails to password-protected PDF files, and purchasing robust anti-virus software will ensure your business will withstand anything cyber criminals throw at it!

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature

How to End Scam Calls

Most people just put the phone down when they receive a call from a scammer.

Others may say or shout rude things then slam the phone down and some try to convince the scammer to stop their illegal activities.

It doesn’t matter really what you do but you may as well have some fun at the scammer’s expense – after all – she phoned you to steal your money

George suggests – One good way I found was to say “you need to talk to the boss, I’ll just get him” put the phone down and carry in with your work. Come back 10 minutes later and hang up, the line will be dead.  Also, you could say “there’s someone at the door, I’ll just let them in”, put the phone down and hang up 10 minutes later.

Repetition, repetition, repetition.  brush with the law. What I say to scammers (and it works every time) is “can you please hold on for a second?” which they do… then I say “sorry about the wait just had to connect your call with the police… so carry on! What were you saying to me?” Straight away they will put the phone down on you!!!

Stanley says When I can be bothered to answer them, I usually say something along the lines: “How interesting, my husband/son/daughter works for the same company, they can sort it out in the morning. If they have not hung up on me, I’ll carry on with “not knowing what they actually do but it’s something secret which could be to do with investigations”.

It seems work quite well I don’t usually get very far into my tale! I have fun and hopefully they have a few moments of worry.

Ellie said A simple question is the answer. I find that responding to cold callers with “Did l ask you to call me?” has a 90 per cent good result. The phone goes dead or sometimes they respond “no”. One even managed to express his anger with a rather rude expletive.

Harry prefers to Play the easy target. If I am in a playful mood my first comment after their initial spiel is to ask if they would like my bank details? You would be surprised how many reply, “Yes please”!

Take on a new identity. I answered: “City Morgue, please supply number of corpse and date of death.” That worked, no problem.

Anne prefers silence. Once you have picked up the phone, wait for the caller to speak. Normally automated systems kick in on a voice activation which then gets picked up by a person from the calling centre. If you don’t like what you hear just hang up without saying anything. If it’s a genuine caller, they will call you back.

Paul goes for the polite response. With call centres now presenting me with calls several times a week appearing to be from various parts of the UK (and even appearing to be from personal mobiles) I am always polite if I happen, rarely, to answer the call. I realise many of these people are probably working for peanuts under terrible conditions so if they are not scammers, I can tolerate them long enough to say “No thank you. Goodbye.”

David is more confrontational and tries to poke holes in their offer.

Some years ago I was informed that I had won a large amount of money in a competition, but before they could send me the money, I would have to transfer a sum to them to cover transfer and administration costs. I told them how pleased I was and would be happy to pay them – this would be very simple, just deduct the amount from my winnings. They put the phone down.

Andrew Warren, Arundel says Does your mother know?

I once had a scammer call me who seemed really nice but I wasn’t fooled. I asked him if his mother knew what he did for a living and when he replied yes I asked if his mother was proud of him. He told me that his mother was very proud of him, my response to that was that if I were his mother I would be very, very ashamed of him. With that I said goodbye and disconnected the call.

Julie Farr suggests Too much information is a good answer.

Play the scammers at their own game and have a bit of amusement as well. When the opening try-on was “how are you today”, I treated it as a ‘polite’ enquiry.

My response was: “nice of you to ask but I am having a terrible day my haemorrhoids are really causing me a lot of pain and the diarrhoea is dreadful. I haven’t been able to get out for days so it is lovely to get your phone call and I can really talk to someone…”

The conversation ended suddenly as he rang off and never called again.

Have fun

If you have any experiences with these scams do let me know, by email.

NCSC Early Warning Service

The National Cyber Security Centre (NCSC) has set up an early warning service to help organisations investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds.

Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.

https://www.ncsc.gov.uk/information/early-warning-service

Early Warning is open to all UK organisations who hold a static IP address or domain name.

Organisations will receive the following high level types of alerts:

Incident Notifications – This is activity that suggests an active compromise of your system.
For example: A host on your network has most likely been infected with a strain of malware.

Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity.
For example: A client on your network has been detected scanning the internet.

Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet.
For example: You have a vulnerable application, or you have an exposed Elasticsearch service.

Early Warning does not conduct any active scanning of your networks itself, however some of the feeds may use scan derived data, for example from commercial feeds.

How Early Warning works

Cyber security researchers will often uncover malicious activity on the internet or discover weaknesses in organisations security controls, and release this information in information feeds. In addition, the NCSC or its partners may uncover information that is indicative of a cyber security compromise on a network. The NCSC will collate this information and use this data to alert your organisation about potential attacks on your network.

Your organisation can then use the information passed on by Early Warning to investigate the issue and implement appropriate mitigation solutions where required. The NCSC’s website provides advice and guidance on how to deal with most cyber security concerns.

Sign up for early warnings – it’s free.

Fightback Ninja Signature

 

Avoid Pension Scams with FCA Advice

The Financial Conduct Authority (FCA) warn that scanners are targeting people’s pensions and offer advice on how to stay safe.

Scammers usually contact people out of the blue via phone, email or text, or even advertise online. Or they may be introduced to you by a friend or family member who is also unknowingly being scammed.

They may claim they are authorised by the FCA or that they don’t have to be FCA authorised because they aren’t providing the advice themselves. Some even claim to be acting on the behalf of the FCA or MoneyHelper’s Pension Wise.

The Warning Signs of Scams

  • free pension reviews
  • higher returns – guarantees they can get you better returns on your pension savings
  • help to release cash from your pension even though you’re under 55 (an offer to release funds before age 55 is highly likely to be a scam)
  • high-pressure sales tactics – the scammers may try to pressure you with ‘time-limited offers’ or even send a courier to your door to wait while you sign documents
  • unusual investments – which tend to be unregulated and high risk, and may be difficult to sell if you need access to your money
  • arrangements where there are several parties involved (some of which may be based overseas) all taking a fee, which means the total amount deducted from your pension is significant
  • long-term pension investments – which mean it could be several years before you realise something is wrong

How to protect yourself from pension scams

1. – Reject unexpected offers

If you get a cold call about your pension, the safest thing to do is to hang up – it’s illegal and probably a scam. Report pension cold calls to the Information Commissioner’s Office (ICO).

If you get unsolicited offers via email or text, you should simply ignore them.

Don’t be talked into something by someone you know, even a friend or family member. They could be getting scammed. Check everything yourself.

2. Check who you’re dealing with

Check our Financial Services Register to make sure that anyone offering you advice or other financial services is FCA authorised, and that they are permitted to provide you with those services.

If you need any help checking, call the Consumer Helpline on 0800 111 6768.

Check the FS Register

If you use an unauthorised firm, you won’t have access to the Financial Ombudsman Service or Financial Services Compensation Scheme (FSCS) so you’re unlikely to get your money back if things go wrong.

Check the directors’ names and whether the firm is registered with Companies House. Search the company name and the directors’ names online to see if others have posted any concerns.

You can also check the FCA Warning List to find out if there are any risks of a potential pension or investment opportunity. This will allow you to see if the firm is known to be operating without our authorisation.

3. Don’t be rushed or pressured

Take your time to make all the checks you need – even if this means turning down an ‘amazing deal’. Be wary of promised returns that sound too good to be true and don’t be rushed or pressured into making a decision.

4. Get impartial information or advice

You should seriously consider seeking financial guidance or advice before changing your pension arrangements.

  • MoneyHelper provides free independent and impartial information and guidance.
  • If you’re over 50 and have a defined contribution pension, MoneyHelper’s Pension Wise offers pre-booked appointments to talk through your retirement options.
  • You can also use a financial adviser to help you make the best decision for your own personal circumstances. If you do opt for an adviser, make sure they are regulated by the FCA and never take investment advice from the company that contacted you, as this may be part of the scam.

If you have any experiences with these scams do let me know, by email.

Fightback Ninja Signature