Category: information

Santander Scam Avoidance School

Santander launched ‘Scam Avoidance School’ (SAS) for over 60s at all 806 branches across the UK in 2018.

Their research shows 82% of over 60s want more to be done to help them avoid scammers – Age UK stats suggest that 53 per cent of people aged 65+ have been targeted.

Former Strictly Come Dancing Head Judge, Len Goodman, 73, became the first graduate of the Scam Avoidance School

Following research among the over 60s to understand what really worries them about scams and fraud, alongside input from Dr Paul Seager, Psychology Professor at Lancashire University, a bespoke lesson plan was created for Santander branch staff to deliver to tens of thousands of over 60s.

The lesson, which includes interactive activities and a handout to take away, covers the tricks scammers use to reel people in, how to spot email and text scams as well as covering contactless fraud and cashpoint fraud – areas that the research highlighted as being a real concern to Over 60s.

Statistics

  • Two thirds of the Over 60s are worried about the threat of fraud and scams with 82 per cent thinking more should be done to educate them
  • More than 20% of Over 60s believe they have been approached more than 10 times by scammers in the last year
  • The average lost by Over 60s to scammers who had fallen victim was £401. Previous research from Santander revealed that older victims of scams will, on average, lose more than double that of younger age groups
  • While 95 % of Over 60s own a mobile phone and 96 per cent have a computer, around one in five avoid online banking for fear of being targeted by scammers

Among the 64 per cent of older people who are worried about the threat of scams, a range of factors were highlighted as making them particularly susceptible. The biggest of these were: being vulnerable because of illness or disability (74 per cent); being financially unaware (57 per cent) or simply being on their own (37 per cent).

Chris Ainsley, Head of Fraud Strategy at Santander’s UK, commented “We believe that education and public awareness is absolutely key to tackling what is currently one of the biggest threats to the security of people’s finances. We hope that with a little bit of scam-avoidance knowledge, our Over 60 pupils can feel empowered to stop scammers in their tracks.”

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature

The Phone-Paid Services Authority

https://psauthority.org.uk/

The Phone-Paid Services Authority is the UK regulator for content, goods and services charged to a phone bill.

Phone-paid services are the goods and services that you can buy by charging the cost to your phone bill or pre-pay account. They include directory enquiries, voting on TV talent shows, donating to charity by text, joke lines, chat lines, games or downloading apps on your mobile phone. They are referred to as premium rate services in law.

UK regulation is open, fair and robust, underpinned by a Code of Practice approved by OFCOM.

Ofcom. As the telecoms, internet and payments sectors continue to grow globally at an unprecedented rate, the Phone-paid Services Authority takes action to safeguard consumers and help cutting-edge providers of digital content and services to thrive.

Their vision is a healthy and innovative market in which consumers can charge content, goods and services to their phone bill with confidence.

The Mission of the Phone Pre-Paid Services Authority

To protect consumers from harm in the market, including where necessary through robust enforcement of our Code of Practice and to further their interests through encouraging competition, innovation and growth in the market.

They seek to do this through:

  • Providing clarity about the market for content, goods and services charged to a phone bill
  • Applying an outcomes-based Code of Practice
  • Delivering a balanced approach to regulation
  • Working in partnership with Government and other regulators
  • Delivering high standards of organisational support.

What are Phone-Paid Services and How Do They Charge You?

Phone-paid services is a generic name for goods and services that you purchase and are charged to your telephone bill or pay-as-you-go credit. Here are some examples of phone-paid services:-

  • Quizzes and competitions
  • Voting (e.g. X-Factor, Britain’s Got Talent, Strictly Come Dancing)
  • Charity donations (one-off donations or subscriptions)
  • Digital content (e.g. apps, in-app purchases, digital media,
  • one-off purchases or subscriptions)
  • Directory enquiries (e.g. 118 numbers)
  • Adult services (e.g. chat, dating)
  • Gambling

The job of the Phone Pre-Paid Services Authority is to look after the industry and ensure people are not cheated. But it’s everyone’s responsibility to behave sensibly and that includes not downloading unsafe APPS, checking all payments and not handing over confidential information to unknown people or APPS.

If you’ve enjoyed this post or found it useful then do share – click on the post title then scroll down to the social media share buttons.

Fightback Ninja Signature

UK Government Cyber Essentials Scheme

https://www.cyberessentials.ncsc.gov.uk/

The government says Cyber Essentials helps your business to guard against the most common cyber threats and demonstrate your commitment to cyber security

Self-Help for Cyber Essentials

The guide explains how to:

  • Secure your Internet connection
  • Secure your devices and software
  • Control access to your data and services
  • Protect from viruses and other malware
  • Keep your devices and software up to date

The Three levels of Engagement

Not everyone has the time or resources needed to develop a full-on cyber security system. So we’ve designed Cyber Essentials has been designed to fit with whatever level of commitment you are able to sustain. There are three levels of engagement:

  1. The simplest is to familiarise yourself with cyber security terminology, gaining enough knowledge to begin securing your IT.
  2. Basic Cyber Essentials certification.
  3. Cyber Essentials Plus certification.

1.     Self Help

The self-assessment option gives you protection against a wide variety of the most common cyber attacks. This is important because vulnerability to simple attacks can mark you out as target for more in-depth unwanted attention from cyber criminals and others.

2.     Certified Cyber Security

Cyber Essentials Certificate £300 approx. (+VAT)

Certification gives you peace of mind that your defences will protect against the vast majority of common cyber attacks simply because these attacks are looking for targets which do not have the Cyber Essentials technical controls in place.

In the process of obtaining Cyber Essentials Certification is simple, you can opt to buy as much or as little help as you need from the company you choose to certify you.

Cyber Essentials shows you how to address those basics and prevent the most common attacks.

  • Reassure customers that you are working to secure your IT against cyber attack
  • Attract new business with the promise you have cyber security measures in place
  • You have a clear picture of your organisation’s cyber security level
  • Some Government contracts require Cyber Essentials certification

3.     Cyber Essentials Plus Certificate

The cost for this is only available on application.

It has all the benefits of Cyber Essentials PLUS your cyber security is verified by independent experts.

Cyber attacks come in many shapes and sizes, but the vast majority are very basic in nature, carried out by relatively unskilled individuals. They’re the digital equivalent of a thief trying your front door to see if it’s unlocked. The advice is designed to prevent these attacks.

Cyber Essentials Plus still has the Cyber Essentials trademark simplicity of approach, and the protections you need to put in place are the same, but this time the verification of your cyber security is carried out independently by your Certification Body.

The more rigorous nature of the certification may mean you need to buy additional support from your Certification Body.

Cyber Essentials and Government Contracts

If you would like to bid for central government contracts which involve handling sensitive and personal information or the provision of certain technical products and services, you will require Cyber Essentials Certification.

Fightback Ninja Signature

 

Are Your Phone APPS Tracking You

A surprising number of smartphone APPS ask on installation for permission to access your location.  For APPS such as the Automobile Association or Google Maps or Local weather or Find a Restaurant this makes sense but many APPS want to track your location for their own benefit – not yours.

Carnegie Mellon University carried out a study on Android phones. The researchers followed 23 Android phone owners for three weeks. In the first week, they were asked to use their apps as they normally would. In the second week, the participants used an app called App Ops to monitor and manage the data those apps were using. In the third week, the research team introduced a “privacy nudge” alert that would ping the participants each time an app requested location data.

The title of the study is: Your Location Has Been Shared 5,398 Times! A Field Study on Mobile App Privacy Nudging.

You can see what level of problem there is.

Why do APPS access your location so often? Quite often, the answer is Marketing – the APP transmits your location regularly back to base where it’s sent to one or more advert networks so they can track where you visit and try to fashion appropriate adverts to be shown on your device.

Apparently, the free APPS are the worst for this behaviour. You can see they need to make money and one way is to sell that user data including location.

Take Control of Your Device

If you want to know exactly what an app is allowed to track on your Android phone, open the Settings app then go to Apps & notifications, choose an app, and select Permissions. Over on iOS, launch the Settings app then pick an app to see the permissions it has. Most of these permissions can be revoked with a toggle switch on both Android and iOS.

On both Android and IOS you can disable location altogether, but that may be overkill as it is useful in some APPS.

Be aware of which APPS track your location and if you cannot see why one needs your location then consider deleting the APP and replacing it.

Fightback Ninja Signature

 

Regulator to Protect Victims of Payment Scams

Authorised Push Payment (APP) scams are where people are conned into authorising their bank to make payment to a fraudster.

The Payments Systems Regulator (PSR) is planning for new protections for consumers, from APP scams, to be in place from September 2018, as an industry code.

The Regulator ran a consultation from November 2017 to January 2018, to give people the opportunity to provide feedback on the regulator’s plans. It gathered opinions from the payments industry, consumer groups and individuals to make sure the PSR could understand how best to protect people from APP scams.

The Changes

Once the industry code is in place, it will be publicly consulted on, for refinement in early 2019 and the regulator expects that it will continue to evolve to ensure preventative measures are kept up to date.

The PSR is also bringing consumer and industry representatives together to establish a dedicated steering group. Led by an independent chair appointed by the PSR, the group will ensure the contingent reimbursement model is designed in the best way to minimise the number of scams in the future and protect victims of scams.

Paul Smith, Head of Policy at the PSR, said:

“This is about making a positive difference for people to protect them from APP scams – where people are tricked into sending money to a fraudster. The banks have already made some changes but, from September 2018, this industry code will see better protections available to everyone.  We expect the code to evolve over time to make sure methods of preventing APP scams are up to date.”

“This is a complex piece of work and we have set a challenging timeline, but it is essential we see, as soon as possible, a model that is effective in protecting people.”

Good progress by the regulator.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

The Society of Citizens Against Romance Scams

https://againstromancescams.org/

The Society of Citizens Against Romance Scams (SCARS) claim to represent more than 25,000 people, dedicated to changing the world of online fraud for the sake of everyone.

SCARS aspires to be the global organization to coordinate political advocacy, public education and avoidance programs, have an enforcement focus, support victims and promote recovery programs, and establish best practices and standards throughout the world. “A Beacon In The Darkness”.

That’s quite a mission.

SCARS

The focus of the Society is to:

  • Consolidate the voices of many into a single voice.
  • Work for the creation and implementation of universal standards and practices that provide effective and ethical anti-scam activities
  • Engage government, law enforcement, and victims globally in new methods to aggressively combat online fraud.
  • Create the first worldwide Anti-Scam Data Reporting Network with industry partners for real time exposure of fraudsters
  • Develop support and recovery solutions for traumatized victims based upon the best methods employed in the private and public sectors.

SCARS Membership:

For Individuals: join in the transformation that will begin to bring an end to the uncontrolled reign of online fraud. As additional benefits are added you will automatically be eligible.

For Professionals: you will be able to take advantage of numerous committees and their work product to improve your skills. In the future we will develop accredited continuing educational courses. Additionally you will become a part of a network of professional practitioners in victim’s support, investigation, and related practices available for certification.

For Groups and Organizations: you will have access to accreditation and certification processes to improve your services and offerings, and demonstrate to the public your degree of superior practices.

Professional Links

SCARS claims to be the only anti-online fraud non-governmental organization recognized by governments around the world and partners with a various important authorities, including:-

  • The United States Department of Homeland Security
  • Recognized Victims Assistance Organization
  • S. Department of Justice Office of Victims of Crime
  • S. DoJ OVC National Census Of Victim Service Providers
  • NCVC Victim Connect Program
  • NOVA – National Organization for Victim Assistance
  • SCARS Is a member of The European Union’s Council Of Europe Octopus Cybercrime Organization

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

The Virus Checker Website

The website VirusTotal at https://www.virustotal.com was created to help people identify computer viruses. It does this by analysing infected files or URLs supplied to it and it’s a free service.

VirusTotal inspects items by using 70+ antivirus scanners and URL/domain blacklisting services, plus a range of tools to extract signals from the studied content.

How to use the Website

You can select a file on your computer and upload it to VirusTotal in your browser.

There is also the option of desktop uploaders, browser extensions and a programmatic API if this is to become a regular practice.

As with files, URLs can be submitted via several different means including the VirusTotal webpage, browser extensions and the API.

How Does the Virus Checker Work?

A submitted file or URL is scanned and the results shown on screen. The data and results are shared with VirusTotal partners who use the results to improve their own systems. As a result, by submitting files, URLs, domains, etc. to VirusTotal you are contributing to raise the global IT security level.

Scanning reports produced by VirusTotal are shared with the public VirusTotal community. Users can contribute comments and vote on whether particular content is harmful. In this way, users help to deepen the community’s collective understanding of potentially harmful content and identify false positives (i.e. harmless items detected as malicious by one or more scanners).

Commercial Service

The service provides qualified customers and anti-virus partners with tools to perform complex criteria-based searches to identify and access harmful files samples for further study. This helps organizations discover and analyse new threats and fashion new mitigations and defences.

VirusTotal not only tells you whether a given antivirus solution detected a submitted file as malicious, but also displays each engine’s detection label (e.g., I-Worm.Allaple.gen).

This is a valuable resource in the fight against computer viruses.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

How Common are Ransomware Attacks

“Ransomware threat on the rise as almost 40% of businesses are attacked”.

Security firm Malwarebytes surveyed companies and found one-third of victims lost revenue as a result of a ransomware attack.

The downtime caused by the ransomware rather than the cost of paying the ransom is what can kill a business.

Malwarebytes™ (software company selling anti-malware products) released its “Second Annual State of Ransomware Report”. The multi-country study surveyed 1,054 companies with no more than 1,000 employees across North America, France, U.K., Germany, Australia, and Singapore. More than one-third of businesses have experienced a ransomware attack in the last year. Twenty-two percent of these impacted businesses had to cease operations immediately.

Key Findings

“Businesses of all sizes are increasingly at risk for ransomware attacks,” said Marcin Kleczynski, CEO, Malwarebytes. “However, the stakes of a single attack for a small business are far different from the stakes of a single attack for a large enterprise.

The impact of ransomware on SMBs can be devastating. For roughly one in six impacted organizations, a ransomware infection caused 25 or more hours of downtime, with some organizations reporting that it caused systems to be down for more than 100 hours. Further, among SMBs that experienced a ransomware attack, 22 percent reported that they had to cease business operations immediately, and 15 percent lost revenue.

For many, the source of ransomware is unknown and infections spread quickly. For 27 percent of organizations that suffered a ransomware infection, decision makers could not identify how the endpoint(s) became infected. Further, more than one-third of ransomware infections spread to other devices.

The most common source of ransomware infections in U.S.-based organizations was related to email use. Thirty-seven percent of attacks on SMBs in the U.S. were reported as coming from a malicious email attachment and 27 percent were from a malicious link in an email.

Seventy-two percent of respondents believe that ransomware demands should never be paid. Most of the remaining organizations believe that demands should only be paid if the encrypted data is of value to the organization. Among organizations that chose not to pay cybercriminals’ ransom demands, about one-third lost files as a result.

“It’s clear from these findings that there is widespread awareness of the threat of ransomware among businesses, but many are not yet confident in their ability to deal with it,” said Adam Kujawa, Director of Malware Intelligence, Malwarebytes. “Companies of all sizes need to remain vigilant and continue to place a higher priority on protecting themselves against ransomware.”

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

UK Government Phishing Attacks

A phishing attack is when criminals create fake websites that look like well-known websites such as Marks and Spencer or HMRC or British Gas etc.  They use the fake websites to get your confidential information.

The statistics below refer to sites that pretend to be government.

Top 10 Government ‘Brands’

Brand                                                  No of phishing sites     No of attack groups    Availability hours

HM Revenue & Customs                     16,064                         2,466                           10

Gov.uk                                                   1,541                           241                            15

TV Licensing                                             172                            93                               5

DVLA                                                        107                             53                            11

Government Gateway                                46                              22                              6

Crown Prosecution Service                        43                               26                           15

Student Loans Company                           19                               11                            17

Student Finance Direct                              13                                 3                              3

British Broadcasting Corporation                8                                 7                             35

The availability (in hours) of an attack is the total amount of time the phishing site is available from when the Netcraft service  first becomes aware of the attack through to when it is  finally taken down.

Phishing

When a phishing site is identified that is pretending to be a UK government brand, the hosting provider is asked  to take the site down.

For example:-  a fraudster using an email address onlinehmrctax @ gov.co.uk. and a matching website. That is intended to deceive the user into thinking this is a real HMRC site. Not all phishing sites use domains like this and many are hosted in areas of legitimate sites that have been compromised by the criminal.

A single attack can involve multiple spoof sites, hosted on the same server. If there are many phishing URLs in a single attack, they can easily skew statistics through the responsiveness or otherwise of the hosting provider.

Over the last calendar year, 18, 067 HMG-related phishing sites have been removed.

For comparison, in the previous 6 months , the volume was 19,443 sites.. It’s clear that here are fewer HMG-related phishing takedowns in 2017 and the trend is generally downward. Given how the service is driven, it’s reasonable to assume that it sees a relatively constant percentage of the global phishing and so this strongly suggests that there has been less HMG-related phishing this year than last.

However, it is very likely that this work has had a direct impact on the viability of criminal phishing targeting HMG brands, making them less lucrative and therefore less likely to be used.

It’s obvious from the table that the vast majority of HMG-related phishing attacks continue to use the HMRC brand. That’s unsurprising given that most adults have a relationship with them and everyone would welcome a tax refund.

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature

 

How Common Are Data Breaches

The Proportion of Businesses That Have Had Breaches in 2017

  Overall Micro Firms Small Firms Medium Firms Large Firms Admin/ Real Estate
% experiencing a cyber security breach or attack in 2017 24 17 33 51 65 39

 

Businesses that invest more in cyber security have more breaches than businesses that invest less. This may seem counter intuitive but it’s partly due to businesses that realise they are more at risk such as finance operations then investing more whereas businesses where the online presence is minimal feel less at risk and invest less. There is also the assumption that businesses that invest more in cyber security will be better at identifying such breaches.

Types of Breaches/Attacks

Viruses, spyware or malware 68%
Other impersonating organisation in emails or online 32%
Denial of service attacks 15%
Hacking 13%
Money stolen electronically 13%
Breaches from personally owned devices 8
Personal information stolen 8
Breaches from externally hosted web services 8
Unlicensed or stolen software downloaded 8
Money stolen via fraud emails or websites 6
Software damaged or stolen 5
Breaches on social media 3
Intellectual property theft 1

 

You can see that attacks of various kinds are very common. All businesses must take steps to protect against data breaches and all common forms of cyber-attack

Do you have an opinion on this matter? Please comment in the box below.

Fightback Ninja Signature