Cyber Threat Weekly

Usernames and Passwords

August 21, 2020 WMRCCU Season 1 Episode 14
Cyber Threat Weekly
Usernames and Passwords
Show Notes Transcript

This episode talks about the Credential Stuffing, PayPal Scam, Scammers targeting the Ritz and Ransomware attack on Jack Daniels. 

After listening to this podcast please visit Action Fraud, Take Five, National Cyber Security Centre and the West Midlands Cyber Protect Websites for more guidance on all things relating to online Security.


Our host today is Patrick, a Detective and Cyber Protect officer for the Regional Cyber Team part of the Regional Organised Crime Unit for the West Midlands.


Also covering the West Midlands is Sean Long – WMPDigitalPCSO, Warwickshire and West Mercia is James Squire - cyberpcso and Staffordshire Police area is Mathew Hough-Clews and can be found at sp_digitalpcso.


To contact us please email us at

Hello, my name is Patrick and I'm a detective and cyber protect officer from the West Midlands Regional Cybercrime Team.

Today's date is Friday the 21st of August 2020, and these are your Cyber Threat Weekly headlines. 

Credential stuffing is our main talking point this week. This is a technique used by criminals to take advantage of the fact people often reuse the same password and username combinations over a variety of accounts. 

Also in the news, 44,000 pound stalling and PayPal scam is occurred due to the fact a number of Facebook accounts were hacked, and there access was used to lure victims into this scam. Tea at the Ritz soured by credit card scammers and the makers of Jack Daniels targetted in ransomware attack. 

Credential stuffing, is a common tactic employed by Cyber Criminals to take advantage of a very common practice online, which is reusing password and username combinations over multiple accounts. Once an account has been taken over, a number of actions can be carried out by the person who has obtained this access. One of the most common being simply straightforward, draining of financial accounts also using the access to the initial account to access others within a network and also potentially accessing social media accounts, causing reputational damage and on an individual personal basis, emotion psychological harm.

What can you do to mitigate the fallout from a credential stuffing event? The best approach prior to any incident or sadly, after, recovery from an incident would be to ensure all your accounts have different passwords. I understand how difficult this is the way we live our lives these days online and we have so many different accounts. But unfortunately, it's pretty essential that you have a different password for every account to help with this, if not in use already a password manager which can assist with creating a different password for all your accounts. 

From a business perspective, it is worth bearing in mind your company policy as to using company credentials or accessing non work websites and accounts because if one of these websites or applications that account was created for using company credentials suffered a data breach, it could possibly put your company in danger of a follow up attack. 

If you have been notified or suspect your password has been compromised, it's worth changing it immediately. The advice from the National Cyber Security Centre (NCSC) is the best password structure is to create a password using three random words also, if needs be, special character capital letters or numbers can also be added. The core structure ideally, should be three random words. Another thing you can do here is you can sign up to an alert service such as Have I been Pwned. This website is quite useful, in that it can alert you to the fact that your details have been potentially compromised in a data breach. The details of which for this site I shall put into the show notes of this episode. One further, very important technique to apply when securing accounts is to enable where possible multi factor authentication, also known as two factor authentication. 

Also in the news is read Action Fraud have reported it has been a surge in Facebook accounts being hacked and used to contact the friends and family of those who've been hacked, requesting payment via PayPal for items purchased via eBay.  To help protect yourself from such fraud. There are a number of things you can do. 

Firstly, if contacted by Facebook Messenger requesting any sort of payment for or from anyone, this would be considered highly usual and you certainly should question this method of requesting payment. Again, secure your accounts with good strong passwords and multi factor authentication. And if you have made a payment all is not necessarily lost, but you should immediately contact PayPal, eBay, whoever is involved along with your bank. In addition to reporting to these organisations, please don't forget if you've been a victim of fraud, then you need to report it to Action Fraud.

Unfortunately, diners at the luxury Ritz Hotel in London, have been targeted by extremely convincing scammers pretending to be members of staff of the hotel. Scammer contacted customers who had made an official booking and we're calling to confirm payment card details. One injured party was contacted by scammers or after obtaining card details attempted to make 1000 pound transaction online. This was declined by the injured parties bank, which then resulted in this scammers calling back the injured party pretending to be from their bank. The Ritz are working closely with law enforcement and private sector security specialists to identify how the data breach occurred.  All Ritz hotel customers have been contacted who may have been caught up in this data breach. Please bear in mind a future reference anyone who makes a booking, online or over the phone with any restaurant they will not be contacted afterwards to verify card details. 

Lastly, US Wine and Spirits giant Brown and Foreman has become the latest big name brand to suffer a serious ransomware related data breach cyber criminals themselves have claimed Jack Daniels makers has released few details about the incident but claimed it successfully prevented attackers from encrypting its files and holding them to ransom. 

For additional guidance, please visit the National Cyber Security Centre (NCSC), Action Fraud and the Take Five campaign websites. Also please do not hesitate to contact us with regard to training, advice and guidance on how to protect and prepare yourself or your business online. 

Thank you