How to Deal With a Data Breach

If your business suffers a data breach i.e. hackers access your system and steal confidential information then you have a lot to do to deal with the breach, communicate with all affected parties and put in place better security to prevent another breach.

How well you deal with the breach often affects the total cost and the level of damage to your business reputation.

These four steps can help:-

1. Investigate the Breach

How did it happen?
What was stolen?
Can the hackers regain entry to your systems?
Have the hackers left any malware on your systems?

You’ll need to know exactly what information was lost in the data breach.

Less sensitive information includes name, address. phone number etc. This can be used by scammers and cold callers but that information is readily available for most people through the phone directory, social media and the Electoral register.

More sensitive information includes date of birth, name, financial details, payment card details etc. Combined with the less sensitive information this can be used for identity fraud.

If the stolen data includes names with login and passwords then you need to act fast to warn people to change their passwords.

2. Determine the Possible Damage

Once you know what data has been stolen, you need to understand how this can affect people i.e. how this data can be used by criminals. Will they likely sell the information to a competitor or to other scammers or ransom it back to you?

3. Communicate with All Interested Parties

You need to inform all affected parties ASAP. This may be customers, partners, staff, suppliers etc. If the breach is serious then you should inform the Information Commissioners Office. If relevant inform the Police.

4. Increase Your Security

Unless you have security experts, you may need to hire experts to assess your systems and see how security can be improved. Start enacting those improvements straightaway and of course close off whatever method the hackers used to get into your systems.

A data breach can be very serious and must be dealt with quickly and efficiently to minimise damage to your reputation.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

March 20, 2022

Stupidest Scam or Spam of the Week 163.com

You may receive messages from 163.com and wonder why that number.

It comes from the fact that ages ago to access the Internet in China, citizens had to dial 163.

Email addresses at 163.com are used by many scammers pretending to be from a company in China but it’s real use is in providing free personal email addresses for Chinese people.

The email from this scammer is about cold metal rolling machinery which the scammer claims to provide.

Such machines cost from maybe $50,00 up to millions of dollars so sending out spam messages trying to find customers would seem very stupid.

But it’s all just a scam – trying to get replies that tell the scammers that the email address is active and hence they can charge more for it when selling tother scammers.

There is also a surprisingly complicated scam where these scammers track people who are searching for information on large machines then offer exactly those machines at a bargain price.

If you get any kind of messages from 163.com delete them as scams and if you get messages from anyone claiming to represent a Chinese company that you haven’t dealt with previously then also delete them as scams.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

March 19, 2022

Time-Wasters Update

Ronald Scott’s email is more professional than most from scammers. It’s actually from sales @o-sites.online (which is a fake website) but claims to be from an angel investor looking for projects and businesses to invest in. Real investors do not send out emails in bulk to people they have no idea about – only scammers and morons do that.

Most scam messages received at the radio station are in English or Russian. This latest one is in Spanish. Claiming to be from Anitha Selverage and tells a story of her being childless and having advanced cancer leading to why she has contacted me (doesn’t know my name of course) to entrust me with her legacy of $6.5 million for orphans, schools and churches and I get to keep a big cut for my effort. Just standard rubbish from a desperate scammer looking for idiots to reply.

Another email claiming to be from Amazon. This lazy spammer could only be bothered writing one line (“We lock your account and hold all your last orders”) and expects people to open the attached PDF file which is no doubt riddled with malware. No thanks.

DollyX says she still likes me and remembers me well and wants to meet up again. But her email address is actually Iziahswhitney at king-cobby2322.com and I have never met her so wont be offering to meeting up.

“Attention Dear,” as the start of an email, pegs it as from a scammer as he doesn’t know my name. Turns out to be a typical 419 scam email. It continues with “I’m pleased to inform you that the asset valued at the sum of $75,000.000.00 was nabbed and recuperated by the FSSD-IMF surveillance unit.” No explanation of why some fake government body wants to give me $75 million just that I need to send in a scan of my passport so they can release the non-existent money. No thanks – I’ll have better luck with the lottery.

Do click on the Facebook or Twitter icons on top right to follow Fight Back Ninja.

March 18, 2022

Don’t Give In to Ransomware Attackers

Ransomware is an attack that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless perhaps by paying a ransom.

Paying the ransom is never recommended, mainly because it does not guarantee you will be able to decrypt your files plus it encourages the criminals and gives them funding for further criminal activities.

There are also a number of issues that can go wrong accidentally. For example, there could be bugs in the malware that makes the encrypted data unrecoverable even with the right key.

A ransomware attack is typically as a spam email attachment. Opening the attached file releases the malware onto the user’s system and it goes about it’s business of encrypting the files and deleting the originals. When complete, it puts up warning messages or screens demanding payment or the files will be lost forever.

The Nomoreransom Website

The website is at https://www.nomoreransom.org

“No More Ransom” is a public-private cooperation to tackle serious action cybercrime. The main aim is to share knowledge and educate users across the world on how to prevent ransomware attacks.

Plus, they believe that by restoring access to their systems where possible, it will empower users to take action and avoid rewarding criminals with a ransom payment.

The website contains four decryption tools for different types of malware. These are freely available and will work for any user infected with the threats listed on the website.

Nomoreransom is associated with and works with various law enforcement agencies and anti-virus companies including Kaspersky, McAfee, Avast and Bitdefender

If you have any experiences with these scams do let me know, by email.

March 17, 2022

Fake Fraud Investigations

These scams usually start as phone calls warning you of something criminal going on. Of course, the scam caller doesn’t tell you she is the criminal.

The scammers intent is to convince you to move your money to an account of their choosing and there’s usually a complicated story to get to that point.

e.g. “I am a Police officer working in the fraud department and we are tracking a criminal team working with an insider at your bank. This insider has been trying to take money from your account and other people’s and we must catch him before he takes any more. We need your help to catch him out”.

So, that’s the setup phase, then comes the reason to move your money.

“To protect your money, we need to move it to a safe location that the criminals cannot access. Please move your money to the following sort code and account code and we’ll keep it safe for you and do remember not to contact your bank as they may tip off the criminals.”

Once the scammer has your money then it will be moved again to somewhere offshore where it cannot be traced and your money is gone.

Some people who have fallen for this scam or something similar blame the bank for moving their money, but if they are not told there is a problem and you request the move then why shouldn’t they do as asked.

Banks are aware of this scam and usually ask people trying to move their money out of the bank if they are under any duress or need advice.

Do not take instructions from a cold caller on the phone.

Just because someone claims to be from your bank or the Police doesn’t make it true.

Take care.

If you have any experiences with these scams do let me know, by email.