News Old

Cybercrime, in the form of high-profile ransomware campaigns, have grown significantly in the last year, according to The National Crime Agency UK (NCA).

The NCA says this type of online crime continues to rise in complexity and scales, affecting essential services, businesses and individuals. This is costing the UK billions of pounds every year, causing damage and even posing a threat to national security.

Cybercrime continues to rise in scale and complexity, affecting essential services, businesses and private individuals alike. Cybercrime costs the UK billions of pounds, causes untold damage, and threatens national security.

Increase in teen cybercrime

More young people, the NCA reports, are getting involved with cybercrime as they use their computer literacy to develop ways of committing personal identity theft. Gone are the days when teenagers committed petty crime like stealing sweets from the corner store. The NCA appeals to parents to have a conversation with our children to help them make the right choices. It says that although young cybercrime is often driven by peer pressure than financial reward.

The NCA’s recent #CyberChoices campaign encouraged parents of young people with cyber skills to talk to them about their ambitions and the opportunities to use their skills positively.

Threat from cybercrime

Data breaches are on a “massive scale”, the NCA says, creating thousands of UK victims of personal identity theft. These breaches aren’t fraud-exclusive, they can put lives at risk and damage services.

It uses the WannaCry ransomware that struck the NHS as an example. It targeted 16 NHS trusts one by one, encrypting crucial data on infected computers, demanding a ransom paid by Bitcoin to re-instate user-access. It was the largest cyberattack the NHS had ever experienced, resulting in doctors being locked out of patient records and forcing emergency rooms to send patients to other hospitals.

The NCA warns that although many cybercrimes threatening UK interests come from abroad, “homegrown” cyber offences are increasing.

NCA names top cyberthreats

• Hacking. This is common through social media and hacking into computers through obtaining email passwords.
• Phishing. This is the name for email scams asking for security information like the three-digit number on the back of debit and credit cards and other sensitive personal data to plunder bank accounts or go on an online buying spree, using your details. bogus emails asking for security information and personal details
• Malicious software. This includes ransomware through which criminals hijack files and hold them to ransom until payment is received
• Distributed denial of service (DDOS) attacks against websites. WannaCry is an example of this type of cyber extortion.

Under-reporting of cybercrime

Cyber-attacks are financially devastating and disrupting and upsetting to businesses and individuals alike, but just a small percentage is reported to the relevant authorities, according to the NCA. It is thought that companies fear reporting a crime because it might disrupt their business even further as the incident undergoes investigation.

The NCA urges businesses and individuals to seek advice and support from Cyber Aware, Get Safe Online or the National Cyber Security Centre. If you are a victim of cybercrime report it to Action Fraud, the UK’s fraud and cybercrime reporting centre.

Fake virus alerts are especially nasty forms of adware because they play on our fears and by exploiting these fears, put us at greater risk of what we were worried about in the first place.

Fake virus alerts are paid for by cybercriminals who hope you will take the bait and download their malware onto your computer.

Where you can encounter fake virus alerts

They usually come in the form of pop-windows that appear when you visit certain websites. The best way to avoid these pop-ups s not to visit these websites again. Websites to avoid are sites offering free access to a service you would normally have to pay for. These sites include those offering streaming versions of the latest episodes of television series or current movies.

These usually appear as pop-up messages on your computer screen or any mobile device including your phone. This pop-up pretends to be an antivirus cybersecurity product that has detected malware infections on your computer.

Unfortunately, there is not why of gauging the risks before you visit a site. Fake virus alert removals can only be carried out by those who own the website’s domain name.

Use common sense

Through years of online experience most of us can identify risky sites before we click on a link to them. If you see a site may be risky or you receive an alert from your browser warning that it might be unsecured, don’t click on the link.

If you have an anti-virus programme on your device, you should never receive a virus alert and if so, you must come to the conclusion immediately that this is a fake notification and should be ignored at all costs.

Reasons not to click the bogus link

There is a chance your system has already been comprised if you have clicked on the link. This means these message have found a a way to lock your browser disabling your ability to leave the fake message unless you restart your browser. If you can’t close the browser tab and can’t select another tab you will have to force quit your browser and then open it without reloading all the tabs open from the previous session.

You might be able to close the tab and restart the browser and the bogus alert will disappear. Sadly, this is rarely the case and you will have to uninstall and install your browser all over again.

In the worst-case scenario, the malware compromising your system calls for a total system reset. This is why it is essential to back up your files on a USB stick or save them to the Cloud.

How to spot a fake alert

• Fake-sounding product names that you have never heard of before
• Vague promises such as commitments to keeping your computer virus free if you cough up the sizable fee
• High frequency of alerts. If you are receiving these alerts more than once daily, then the alert is likely to be fake
• Poor English and spelling mistakes. Reputable companies very rarely publicly send out messages that are riddled with errors.

If you play a popular online game, keep your wits about you because you could be fair game for fraudsters who take advantage of the fact that this cyber sector is a money mecca ripe for the picking.

When your online gaming account is compromised it is critical that you act fast. If you suspect that all’s not right, don’t wait until it is too late and you can’t get back into your game or, worse still, you can’t even turn on your device.

Change your password

If you can still log into your account, then go to the game’s settings and change your password immediately. Don’t make it one you have used before and even one that has similarities to your old one. This password should be strong, making it difficult for the cybercriminals to infiltrate your device.

Turn on two-factor authentication

Most online gaming account provide this option for the very reason that cyber crooks are lurking on every turn. A lot of us avoid the two-factor authentication because it is a bit of a schlepp, but it is worth getting used to because it will protect you against the fraudsters.

Change all log in details

If you have any online accounts with similar log in details as your gaming account, these need to be changed too. Cybercriminals aim to be one step of the game and will probably be checking other popular sites as soon as they gain access to your gaming portal.

Tell the gaming provider

As soon as you have secured your end, it is crucial for you to let your game provider know that your account has been compromised. Reputable providers will have an evidence gathering procedure in place. This report by you is essential, especially if you need it in a legal case further down the line.

Check your security settings

Once you have altered your password and the two-factor authentication is in place you need to check the gaming account’s security settings. You will have to go into the security settings part of your account. See what devices and applications are connected and if there is any you don’t recognise, then disconnect them. Also, check recent log-in activity and if you are suspicious, then screenshot the info of these unwelcome guests. You should then have the time, date, IP address, browser and device type on an image, which you can send over to the gaming provider.

While on your settings, check your account activity to get a clearer picture of how the cyber thief managed to gain access to your account. Purchase and download history could provide some clues.

Check for malware

There are a number of ways the cyber crook might have gain access to your log in details. They may have taken advantage of a past data breach on the site, have guessed it or seen you type it in. If they have been able to have installed malware on your device, then this will give them access to all your data and you could become a victim of personal identity theft.

HMRC (Her Majesty’s Revenue and Customs) warns tax payers to stay vigilant when it comes to fake emails and phone texts claiming that you are in receipt of a refund.

This type of crime surges at the end of the tax year when the HMRC is actually processing tax refunds. Fraudsters will take advantage of this and will compose fake correspondence designed to trick you into believing you have received a tax rebate and convincing you to part with your bank account and personal details.

Don’t be Fooled

These HMRC hoaxes often take the form of an email and have pulled the wool over thousands of people’s eyes. The email will carry a realistic HMRC logo at the top and most of the time the wording will be professional. The email might contain information like your NI number that will make you think that it is for real.

The Real Rebate Process

HMRC will only inform you of a tax refund via a letter sent directly to the address they hold for you or they will pay you directly through your employer. They will never send you an email, text or voice mail messages. If you receive this type of notification it is imperative you don’t click on the links that usually accompany this correspondence.

Remember that the tax year is from April to April and calculations will be formulated at the end of each tax year and any rebates will be ready for recipients between June and October. Real rebates generally won’t be ready in the months before June and won’t be processed after October.

Sound the Alarm

If you receive either an email, text or automated message be vigilant. HMRC only informs you about tax refunds through the post or through your pay via your employer. All emails, text messages, or voicemail messages saying you have a tax refund are a scam. Do not click on any links or, better still, don’t open the email or message. HMRC advises you forward it to: [email protected] and then delete it.

How HMRC Handles Hoaxes

HMRC is constantly taking action to protect the public from scams, including:

• Taking down malicious websites claiming to be HMRC-related. In 2018 the HMRC took down nearly 15,000 of these sites by reporting them to the relevant authorities.
• Recording and removing almost 800,000 phishing email or text message referrals.
• Implements the latest firewalling for text messages. The HMRC continually works with firewall experts to reduce this type of text message abuse and, as a result, there was a 90 per cent decrease in reports of abuse of protected HMRC SMS tags.

Here is what the HMRC advises

• recognise the signs – HMRC will never contact you to ask for your PIN, password or bank details
• stay safe – if you receive an email or text that you were not expecting don’t reply, download attachments or click on links.
• take action – forward suspicious emails claiming to be from HMRC to [email protected] and texts to 60599, or contact Action Fraud on 0300 123 2040 to report any suspicious calls. You can also report it on the online fraud report tool: www.actionfraud.police.uk.

Cyberbullying has caused devastation to people’s lives and there have even been cases of teen suicide due to this form of online harassment.

Unfortunately, cyberbullying is not a crime in itself and is not covered by law in the UK. This can be frustrating to those of us who have had our children or even ourselves falling victim to cyberbullying.

This is not only internet intimidation, but it has also found its way onto every digital device like cell phones and gaming consoles. It is usually carried out using texts and social media apps such as Facebook, Instagram, Snapchat and Tik Tok. It includes sending, posting or sharing harmful content on these public platforms about someone. Reddit’s online forums and chatrooms and even online gaming communities are other ways to virtual bully victims.

All is not lost though because cyberbullying can be put to rights through a number of other laws that make it illegal to cause a person fear or distress via acts that don’t involve actual physical violence.

Communications Act

Passed in 2003 this act makes it an offence to send grossly offensive electronic communication that is deemed “indecent, obscene or menacing”. If the cyberbully is found to have caused anxiety and distress to their victim with an onslaught of messages via email or social media, they can receive a custodial sentence of up to six months and a fine or both.

Protect from Harassment Act

Even though it is not recognised as a crime, there are other laws in place that do make it unlawful such as the Protection from Harassment Act that was passed in 1997. This law makes it a criminal offence for anyone to knowingly to victimise through sending multiple abusive emails with the full intention of causing distress and alarm. If found guilty of this offence, the bully could receive up to six months in prison and receive a fine. The act also gives the judicial system the power to grant restraining orders against those found guilty of an offence that threatens the victim. It goes one step further and if the perpetrator is found guilty of causing fear of violence on at least two occasions they could go to prison for up to five years.

Malicious Communications

The Malicious Communications Act goes back more than 30 years. This act makes it an offence to send someone a communication that is “indecent or grossly offense. If it is proved that this has caused distress or anxiety to a victim the offender can receive a fine of up to £5,000, six months in prison or both.

Public Order Act

Passed in 1986 it became an offence to use “threatening, abusive or insulting word, behaviour, writing or any visual representations likely to cause harassment, alarm or distress within the hearing or sight of a person”. This act is helpful when cyberbullying comes in the form of camera or video functions found on most Smartphones. The defendant can face a jail sentence of up to six months and a fine or both.

Workplace cyberbullying

It is important to know that, although indirectly, cyber bullies can have their day in court if they make their victim’s life a misery. Cyber bullying is not confined to young children and teenagers, workplace bullying is rife. It is estimated that bullying at work cost UK companies about £2bn annually is lost productivity and sick pay.

New types of fraud are emerging all the time and it is not surprising that most of it is conducted online. Cyber criminals are able to be not seen or heard and can carry on their illegal operations undetected.

Law enforcers in most countries have special teams dedicated to cybercrime, but it is a long and tedious process and is very often not worth their while pursuing.

Prevention is therefore better than cure and making yourself aware of the different methods these criminals implement can help stop it happening to you.

There are five main types of internet fraud:

Identity Theft

This is otherwise known as payment fraud and is the major type of e-commerce deception. This type of scam doesn’t deal with stolen cards per se. Instead it uses IP addresses, email accounts, postal addresses and the devices you use.

Fraudulent online purchases are just the start of it. This type of scammer can create fake accounts and manipulate traffic through if they manage to hack into a major

Friendly fraud

This might seem strange using “friendly” and “fraud” in the same sentence. This can happen purposefully or by mistake. It means that the buyer pays for a service or product and then claims they have never received it or that it arrived damaged. If you are selling something on one of the major online sites such as eBay, you could fall victim to this type of scam.

If you own a small business and rely on the internet for your bread and butter, then you might have to go as far as going down the chargeback route. This can be extremely time consuming and frustrating. To avoid this, make sure you use a reputable courier service and have each delivery signed for. Make sure you see if the buyer’s star rating before going ahead with the transaction. Friendly fraud can occur by design or by mistake.

Clean fraud

Once again using these two words together seems paradoxical. Unfortunately this is happening more and more as scammers take on this type of illegal online activity with great success.

Clean fraud means that the cyber crook is using a stolen credit card and the transaction isn’t flagged up. This is because the scammer will have all your personal details on hand, including the three-digit security number on the back of the card.

If your card is stolen and you haven’t reported it then it can be used with wild abandon by the thief. Convincing a retailer to issue a chargeback can be challenging as the onus is with you to have the card blocked.

Fake Sites

It is so easy to create a website these days and fraudsters have been quick on the uptake. Fake sites entail the con-artists enticing people to buy a service or product, which doesn’t exist.

This way they are able to obtain all your details, which they then either use themselves or sell your information on the dark web. When you buy anything on the internet do your homework on the merchant before clicking the checkout button. A reputable online merchant will have contact details such as address and a telephone number. If you are in doubt, call first to make sure that it is a bona fid company.

Phishing

Phishing is a cybercrime targeting you through emails, phone calls and text messages. On the face of it these appear to be from a legitimate company or organisation. It is aimed at getting you to part with sensitive data such as your personally identifiable information, passwords and banking or credit card details.

Think twice before responding to or clicking on any link that could leave you vulnerable to a phishing attack.

Among the noise and hubbub which 2020 has brought, one positive step towards reliable online identification use has sneaked through almost unnoticed. Before the global health crisis enveloped all of civil society as well as much else of the world’s attention, the UK government revealed a considered approach to the issue of secure digital ID and documentation use.

Although this important issue has indeed been highlighted by some of the consequences of the Covid pandemic, subsequent lockdown and economic affairs, the underlying need for clarification of the future of this potentially vital part of modern life going forward has maintained an underlying momentum. When the country regains some kind of calm, its citizens may at last see progress towards widespread digital online verification.

Replies to Call for Evidence

What seems a long time ago, in 2019, the Department for Digital, Culture, Media & Sport (DCMS) issued a country-wide survey entitled a “digital identity Call for Evidence”. This went out to any and every potentially interested party, which had strong feelings of any kind relating to the importance or otherwise of digital documentary and identity verification. The response was deafening; if the Minister for Digital Infrastructure (MDI) had an inkling that progress was wanted, he is now in absolutely no doubt.

Indeed, on 1st September 2020, the DCMS issued a statement that it had heard the Call, and plans to do something about it. It has begun a consultation process with a broad range of stakeholders, with a view to finally nailing down exactly how the government, in conjunction with private organizations, the legal profession, and individuals, can best create a robust system of online verification which is fit for purpose in the UK in the 21st century and beyond.

Specifically, the consultation will seek to clarify issues of individual rights, sources of redress, oversight responsibilities, privacy and technical standards.

Economic drivers

In taking this action, the MDI and the Cabinet Office are responding to the loudest reply of all; digital identity can and should play a massive part in developing and securing the health of the British economy. As such, it is widely felt that only the government itself has the power and tools to take the lead in pushing this agenda.

One example quoted in responses is house buying. This signifier of economic health can be greatly facilitated by the use of digital identity checks. Traditionally, the process of finding and securing a property is notoriously slow, and stories of people falling foul of “the chain” are very well known; documentary and ID checking being the main hindrances.

Commitment to progress

Speeding up house buying is one concrete example of the economic benefits of effective digital verification; there are many others, at both micro and macro level. As the UK strives to find its place in the world post Brexit, the digital economy is acknowledged as being one of the strengths to which it should play. The DCMS says it is committed to ensuring that digital identity is central to this strategy.

Although the actual act of cyberbullying is not a crime there are other laws that can tackle these cruel cyberattacks that can cause mental anguish to young children and teenagers and adults, costing the UK economy £2bn every year due to loss of productivity and sick pay leave.

Rather than wait for it to reach the stage of having the offender persecuted, there are ways to nip this abhorrent behaviour in the bud.

Don’t take the bait

Don’t respond to teasing or online name calling. If this is via text, block the sender and if it is on a social media platform like Facebook or Instagram unfriend them or block them as a follower. If they find other ways of communicating with you such as texts and voicemail, delete the texts, don’t open them and delete the voicemail without listening to it.

Instagram is where most young people will experience cyberbullying. A recent survey found that 42 per cent of those surveyed experienced harassment via Instagram. Cyberbullying is often a symptom of someone looking for attention, even if it’s negative.

Keep the proof, save the evidence

As easy as bullying has become thanks to cyberspace, it is also easier to prove that you have been a victim of bullying. Record all the acrimonious activity by taking screenshots of the abuse you receive. Young children and teenagers should take this evidence to their parents or teachers immediately. If you are being bullied by an ex or a co-worker, this evidence is vital if you have to take it down the prosecution route.

Don’t suffer in silence

It doesn’t matter how old you are, cyberbullying can have a devastating effect on your mental health and you shouldn’t keep this anxiety to yourself. There are online support groups for victims of cyberbullying. Choose one that is right for you and many offer one-to-one advice. Confide in a parent, teacher, friend, co-worker or immediate boss. Schools have rules against cyberbullying and the Health and Safety Act protects employees from being bullied. www.dosomething.org is an international online support service that gives you advice on how to deal with cyberbullying.

Don’t get gaslighted

Gaslighting is common type of bullying, often done online through an intranet in a place of work. It is when someone or a group of people gang up against the victim with the deliberate intent to control and manipulate them.

Persistent negative public comment, especially online, is a form of gaslighting where a group of an individual embarks on a smear campaign usually through social media or via internal group emails. These proclamations are often based on lies or exaggerations of the truth and is aimed at damaging your credibility or personal reputation.

Use websites’ safety centres

If the bullying is taking place via a website the perpetrator is going against the site’s terms and conditions. You should report the bully to the website administrator and if the proof is there, they will be expelled from the site. Many sites have safety centres where you can go and report any incident of bullying. The administrators will be able to take down the offensive posts and if the bully is anonymous, they will be able to uncover their real identity.

You might have heard about it in the news or even got wind of it in the office, but the only thing most of us know is that it is one of the arch enemies of our computers or operating systems.

Ransomware is as malevolent as it sounds. This malware method of cybercrime stops you accessing your files unless you stump up the cash. Of course, it’s not hard cash, but payment via credit card or cryptocurrency that’s going to release you from these fraudster’s grip.

This type of fraud stalks the cyber highways and byways and can catch you off-guard to successfully infect your computer. There are varying degrees of this cybercrime, you should take heed of all of it.

Not so scary scareware

This is rogue security software, and you may receive a malware alert claiming this can only be eradicated if you pay for a cybersecurity software programme. Ignoring it means you will continue to be assailed with constant alerts, but your files are unlikely to be under threat.

A reputable security software company won’t solicit you in this way. If you don’t have the software on your system, then there would be no reason for them to monitor your ransomware infection. If your system already has cybersecurity then there is no need for you to top this up.

Malspam alert

Malicious spam or malspam in cyber-speak, is when an unsolicited email delivers malware. The email is likely to include booby-traps in the form of attachments such as Word documents or PDFs. It could also present links to malicious websites. This type of virtual villainy relies on social engineering to trick us into opening attachments or clicking links that appear legit. This cybercrime knows no bounds, sometimes posing as the HMRC or the police to scare you into paying up to unlock your files.

Malvertising attack

Just by browsing trusted websites, you can be directed to criminal servers. They will swiftly catalogue your personal details and then pick the malicious ware best suited to sting you. Malvertising or malicious advertising is the abuse of online advertising to dish out malware with an advanced approach that involves an invisible webpage component to do its dastardly deed. This is likely to happen without your knowledge and you won’t be aware of it until it’s too late. It’s often called a “drive-by-download” for good reason.

Screen lock shock

This is almost as nasty as ransomware gets. When screen-lock scams infiltrate your system, it means you are frozen out of it completely. When you start it up, a window will appear usually with a government or law enforcement seal claiming you have committed a crime and will have to pay a spot fine to have it unfrozen.

Evil encryption

Encryption has to be the king of the ransomware pile though. This cyber crookery highjacks your files and encrypts them. Unless you pay up there is no chance of the files being decrypted and even if you do pay the ransom, there is no guarantee you’ll get your information back. This type of attack emphasises the importance of saving everything to the cloud.

Many high streets and other physical retail spaces have seen their businesses decimated by Covid 19 pandemic lockdowns, in most places around the world. Very few countries have escaped this phenomenon, which came on top of an already struggling retail sector in some major world economies. Perhaps ironically, some of the retailers hardest hit by this loss in business are mobile telecoms providers.

In March 2020, major provider T-Mobile announced that it was to close up to 80% of its retail outlets, as footfall had already dropped to unacceptably low levels globally; this at the very start of the pandemic and subsequent lockdowns. Meanwhile, in the same months, Verizon announced the closure of its outlets on Sundays, and reduction of both hours and employees for the rest of the week.

SIM registration and ID verification

One of several ironies in this situation is the great upsurge in the use of mobile devices caused by the pandemic. Not only were millions of people urged to work from home, but many millions more simultaneously looked to mobile devices to stay in touch with friends and family they could suddenly no longer meet with physically. For telecoms providers (also known as telcos), this situation has proved to be extremely frustrating.

Extra demand for mobile services should have been good news for telcos, but they were having to close the only means at their disposal of onboarding new customers. This is because of the need for customers to purchase and register SIMs.

In many countries, buying a new SIM requires the purchaser to provide an approved photograph in order to verify their identity; some countries’ governments issue these photos. For this form of ID verification to work, however, the customer has to be physically present when making the purchase. As of March 2020, this was no longer possible for millions of potential consumers.

Wider distribution and remote onboarding

The solution to this problem of demand and supply seems to be twofold. Firstly, telcos have already spread their supply chains into physical spaces where they previously did not reach. These include unmanned kiosks, where customers can by a SIM and register it later. Similarly, telcos are increasingly renting space at airports, so that passengers can take a SIM with them, either to use in-flight or at their new destination.

In both cases, final registration is achieved after purchase using online verification. Photographic ID is still necessary, but this can also be in the form of video or interactive engagement, which are already being rolled out throughout the digital verification industry. In fact, by making use of these latest techniques, registering a new SIM will in some cases be made more secure than before.

The coming of the eSIM

Another step forward in the remote onboarding of new telecoms customers is the eSIM. Google and Apple now produce devices which come with a non-removable SIM. Once the customer has verified their ID securely online, they can make use of the device’s eSIM functionality on the move. This can be to change service providers, or to use local networks in different countries, thus avoiding roaming fees.