The Account Approved Phishing Scam

You receive an email from Customer Service that says “Your Account Has Been Approved”.

Sounds good.

Hang on a minute – an account at which business?

The email doesn’t specify – there is no business name.

There is loads of stuff about IDs and passwords and congratulations etc. and the link they want you to click seems to be to www.account-uk.ga/UK/account

The suffix .ga means the website is registered in Gabon, West Africa.

The lack of a business name and the registration in West Africa point to the email being a scam. Plus the simple fact that I haven’t applied for any new accounts and hence cannot have been approved for an account I actually want, makes this abundantly clear.

The temptation with these emails is to click to find out what the account is – but don’t be tempted – it’s just a simple phishing scam whereby the website link takes you to a page that asks for more personal information. Plus, clicking the link will mark you as a gullible person suitable to be targeted for future scams.

These emails often name a well-known bank or other financial organization, large retailer, APPLE, Microsoft etc.

All scams.

Do not click the link.

Do leave a comment on this post – click on the post title then scroll down to leave your comment.

Fightback Ninja Signature

Fightback Ninja Signature

Stupidest Scam of the Week – Magic Bacteria

An email complete with pictures and a video clip tries to sell the idea that swallowing a lot of newly discovered bacteria will solve all of your teeth problems.

It supposedly fixes dental decay, cavities, bad breath, bleeding gums, teeth rot and anything you can think of to do with your teeth.

Something new that can help with one problem may be interesting but so many scammers feel they have to keep going – inventing more and more things their fantasy magic can fix.

Makes your teeth 20x stronger than before’ but also says that the bacteria help to reconstruct the original enamel on your teeth which would make them as strong as before, so a big difference there between as strong as before and 20x stronger than before.

‘Like a titanium shield against cavities and root infection’

‘some say their teeth are stronger than a dental implant’

Quite ridiculous.

There is no such bacteria and even if bacteria were discovered that can help to regrow the enamel layer on your teeth, swallowing them would be pretty stupid, as described in the email, as your teeth are in your mouth and not your stomach.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

Fightback Ninja Signature

4 Common Mistakes – Safeguard Your Business From Cyber Attacks

A post by Carla Lopez

Small and mid-size businesses are primary targets of cyber-attacks as unlike large corporations, they often do not have sophisticated security systems in place. Additionally, by attacking a small/midsize business, hackers can gain access to a large network of data which includes personal information, bank details, and passwords of suppliers, clients, and partners of the business. As reported by GOV.UK, two out of five businesses in the country were impacted by a cyberattack in the last 12 months. To tackle the increased risk of cyberattacks, this post by Fight Back Ninja explores four common security mistakes to avoid and the best practices to safeguard your business.

Mistake 1: Not Having Trained Cybersecurity Professionals

Cybersecurity for your personal device is entirely different compared to a business. While an antivirus plus malware protection software will suffice for your laptop, business machines and servers need multiple layers of security. This can include a firewall, anti-malware software, backup services, data encryption, system monitoring, and more.

As with any important business function, the responsibility of cybersecurity should be delegated to professionals. You can either hire professionals in-house or outsource it to an agency. Hiring multiple professionals can be costly compared to an agency but will make supervision easier. Regardless of your choice, the business will be in much safer hands with the involvement of professionals.

Mistake 2: Not Keeping Software Up To Date

Whether it be third-party software used for marketing, finance, sales-related activities, or the operating system, developers periodically release new versions that should be installed promptly. Updates are often released to patch security bugs and include new features. Using older versions of software exposes you to the risk of cyberattacks. By exploiting security bugs hackers can gain easy access to your data and reduce the chances of detection by the security system.

While hacking a third-party software may not compromise your entire system, hackers can still steal valuable customer and supplier data. To avoid this predicament, enable the option of auto-update for all software. Additionally, periodically check for newer versions of your operating system and ensure it is applied to all machines in the office.

Mistake 3: Not Password Protecting Documents

Daily, various stakeholders of your business will share documents through email, messaging applications, or other online mediums. As mentioned in the previous point, hackers can steal your data by targeting third-party software (including email as well). However, you can safeguard documents with sensitive information by converting them into password-protected documents.

For instance, if you’ve created a PowerPoint regarding the company’s financials, performance, and supplier partnerships, before sharing it digitally, convert your PPT to a PDF that can be password protected. This way only individuals who know the password can view the document.

Oftentimes, only the owner retains the right to make alterations to the PDF, reducing the risk of important documents being tampered with. As a best practice, instruct all employees to always convert documents into password-protected PDFs before sharing.

Mistake 4: Not Having Data Back-Ups

As reported by Data Bacisx, the average remediation cost of a cyberattack in the UK is $840,000. This can include the ransom companies deciding to pay hackers and the costs of rebuilding the business. However, paying the ransom never guarantees that you’ll get your data back. Hackers do not work on goodwill and use ransomware attacks to trap businesses in a vicious system of extorting money. One of the reasons businesses may agree to pay a ransom is because they do not have a backup.

Not having a backup puts your business at grave risk. Along with cyberattacks, natural disasters, server malfunctions, human error, and other foreseen events can lead to data loss, causing major financial damage to a business. Hence, it is important to create a data backup policy on priority. This can include creating a secure server not connected to primary servers used by the business, having a weekly automatic backup schedule, periodically running recovery exercises to check data integrity, and having a recovery plan for cyber attacks.

Avoiding these four mistakes will significantly reduce the threat of cyberattacks, and safeguard the long-term health of your business.

Fightback Ninja Signature

How to Report a Data Breach to the Information Commissioner

Not all organisation data breaches need to be reported to the Information Commissioner’s Office (ICO).

ICO do recommend that any serious breach is reported to them, but it isn’t mandatory and ‘serious breaches’ are not defined. However, the following should assist data controllers in considering whether breaches should be reported:

  1. The potential detriment to individuals is the overriding consideration in deciding whether a breach of data security should be reported to the ICO. Detriment includes emotional distress as well as both physical and financial damage.

Ways in which detriment can occur include:

  1. exposure to identity theft through the release of non-public identifiers, eg passport number
  2. information about the private aspects of a person’s life becoming known to others, eg financial circumstances

The extent of detriment likely to occur is dependent on both the volume of personal data involved and the sensitivity of the data where there is significant actual or potential detriment as a result of the breach.

Where there is little risk that individuals would suffer significant detriment, for example because a stolen laptop is properly encrypted or the information that is the subject of the breach is publicly-available information, there is no need to report.

  1. The volume of personal data lost / released / corrupted: There should be a presumption to report to the ICO where a large volume of personal data is concerned and there is a real risk of individuals suffering some harm.
  2. The sensitivity of the data lost / released / corrupted:

How to Report a Breach

Serious breaches should be reported to the ICO using the DPA security breach helpline on 0303 123 1113 (open Monday to Friday, 9am to 5pm). Select option 3 to speak to staff that will record the breach and give you advice about what to do next or report in writing using the  DPA security breach notification form, which should be sent to the email address [email protected] or by post to the office address at:- Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

When a breach is reported, the nature and seriousness of the breach and the adequacy of any remedial action taken will be assessed and a course of action determined.

ICO may:

  • Record the breach and take no further action, or  Investigate the circumstances of the breach and any
  • remedial action, which could lead to further action;
  • Set a requirement on the data controller to undertake a course of action to prevent further breaches;
  • Start formal enforcement action which could lead to a fine of up to £500,000

For further information see https://ico.org.uk

Do enter your email address and click on the subscribe button on top right to keep up to date with new posts.

Fightback Ninja Signature