After listening to this podcast please visit National Cyber Security Centre, Action Fraud, Take Five and the West Midlands Cyber Protect Websites for more guidance on all things relating to online Security.
Our host today is Patrick, a Detective and Cyber Protect officer for the Regional Cyber Team part of the Regional Organised Crime Unit for the West Midlands.
Also covering the West Midlands is Sean Long – WMPDigitalPCSO, Warwickshire and West Mercia is James Squire - cyberpcso and Staffordshire Police area is Mathew Hough-Clews and can be found at sp_digitalpcso.
To contact us please email us at [email protected].
Hello and welcome my name is Patrick and I'm a detective and cyber protect officer from the West Midlands Regional Cybercrime Unit.
Today's date is Monday the 14th of September 2020.
We have three topics this week. First of all, we're going to look at sextortion scams, what it is, what to do, what to always remember. Second of all, we'll look at the cyberattack on Newcastle University and the fallout from that. And lastly, we'll consider the Bank of England's recent announcement on their focus when tackling cybercrime.
So what is Sextortion? Sextortion is a scam. It's a type of phishing attack, whereby people are coerced into paying money, often Bitcoin, but sometimes there's bank transfers involved. And what normally happens is an email is received, which appears very genuine, and sometimes can even contain the recipients password for an individual site. It threatens to share a video or images or data that shows that recipient has visited adult websites.
Phishing is designed to play on people's emotions so that they will behave in a way which is out of character scams such as these are no different. The Phisher is gambling that enough people respond so that the scam is profitable. So they'll send out lots of emails to lots of different people, and they just sadly playing the numbers game. People who carry out these types of offences are, to a large extent, totally guessing. You've been on this website or that website, and they say you've done this, and you've done that, some of which will be totally made up and will be totally incorrect. Some of it may relate to some activity. And some of it may in fact, be correct. But of course, it doesn't mean for one moment that the person receiving these phishing emails, demanding money have actually done anything illegal.
So what can you do, as with all phishing emails, of whatever type, the first and foremost bit of advice is not to engage, and then to report by forwarding it on to [email protected] I'll put this email address into the show notes for this podcast afterwards. If you do pay money, it is worth bearing in mind the advice is of course, not to pay any money not to engage and have to pay any money. However, if you do pay money, you have to unfortunately, be aware that you may appear on a list, for people who do similar things, you are a winning customer. As I mentioned at the beginning, don't worry if the phishing email includes your password. In all likelihood, this has been obtained from historic breaches of personal data. A good way to check if your email address has been connected to any data breaches is to have a look at the Have I been pwned.com website, which again, I'll put the link in the show notes. If the phish does include a password you use and change it immediately, and wherever possible, my suggestion would be to instigate Multi Factor Authentication, which we spoke about on our previous podcast. It's worth visiting cyberaware.gov.uk/passwords to gain more information.
If you have been subjected to a sextortion offence and have paid money, it's definitely worth reporting this to Action Fraud if a person needed emotional support, this is available from a number of charities such as victim support, and by calling 08081 689 111 or visiting their website.
Related but definitely different to sextortion offences is something which is known as romance scams. It's basically where you are convinced to make a payment to a person you've met either on a social media or a dating website, who has unfortunately created a fake profile. This is regularly done by criminals in attempt to build relationships and then carry out what is known as catfishing. Criminals use information found on social media websites to create fake identities as target people in these types of scams. Unfortunately, profiles are searched for which suggests singles sometimes single parents and or widowed or divorced.
Always remember, avoid sending money to someone you've never met in person and always consider the possibility of the scam details you've got a better person do some research as a profile photo, or often faked. Look out for spelling and grammar mistakes and in consistencies in stories, continue communication on these websites and never meet until you are certain that they are who they say they are, and even then the suggestion is definitely public places.
Only accept friend requests from people that you've learned to know and trust online. The Take Five campaign is brilliant, in that it highlights three things that you need to consider.
Stop, take a moment to stop and think before parting with your money or information.
Challenge, could it be fake, it's okay to reject, refuse or ignore any requests. Only criminals will try and rush or panick you.
And protect contact your bank immediately if you think you've fallen for a scam and reported to Action Fraud.
Newcastle University has reported they've been subjected to a cyber attack. This comes after a recent hack on Northumbria University, which severely affected exams and it's clearing hotline. Newcastle University said unfortunately, there is ongoing disruption there is likely to be an effect on new students arriving due to start on the 20th of September. The data breach has been reported to the Information Commissioner's Office and the Police after the problem came to light a week ago.
University said it has teams working with a number of agencies including the Police University has been quoted as saying we did the security of our systems extremely seriously, and we were able to respond quickly to situation but unfortunately will take a number of weeks before they can get back to normal. The nature of the problem means this is an ongoing situation which they anticipate will take a number of weeks to address a number of their IT systems are not operating and will remain that way for the duration.
The Bank of England a 326 year old institution has announced this we're going to focus more on cybersecurity and digital payments. It has been said one of the driving factors to focus more on cybersecurity and online payments was in fact COVID pandemic and the increased dominance of online activity and online requirements. The Bank of England has stated that the Covid 19 pandemic and its effect on the financial system was key in driving the decision to focus further on cyber issues.
For additional guidance, please visit the National Cyber Security Centre (NCSC), Action Fraud and the Take Five campaign websites. Also please do not hesitate to contact us with regard to training, advice and guidance on how to protect and prepare yourself or your business online.