Police say they are tackling cyber crime as a ‘priority’ but it is not just a policing matter. How are our businesses at risk and what can we do to prevent cyber crime and online fraud?
I attended a cyber crime conference in Cambridge last week held by Cambridgeshire Police. The event outlined what the police are doing to tackle cyber crime and what we can do to avoid it in the first place. They said 80% of cyber crime is preventable. It was stressed at the conference that not only can you be hit with financial losses, but cyber crime can have significant impact on wellbeing.
Some stats for Cambridgeshire to get us started:
*Denial of service attack, basically unable to use your network
Here is a quick bullet point take-away from the conference before we delve a bit deeper:
We heard that without reporting of hacks and attacks, funds will not be given to fighting cyber crime as the extent of the issue would not be known.
As soon as you are aware…
Mandate fraud is the most prolific crime seen by cambs police. Mandate fraud is when someone is convinced to update a suppliers banking details, therefore sending funds to the wrong bank account.
Mandate fraud will be carried out by phone, email, letters, etc. Essentially the scammers are looking to make staff believe them. This may be with an official looking letter, or by frequently calling them, building up a rapport, and then asking them to please update to our new details.
Double check account number changes, do not automatically use a contact number given on a letter and seek further authentication before responding to an email exchange (see more on two step authentication in this blog post).
We were told about two simple ways for someone to gain access to a bank.They may pretend to be a BT engineer, or someone enquiring about a mortgage or new bank account.
So the scammer can say they are from BT, and then have access to the servers while they “do their repairs”. Alternatively, they can pretend to be applying for a mortgage and then use distraction tactics to gain access to hardware.
This is in relation to the bank itself, but can be applied to an office. If you have information stored on computers or servers, someone could still seek to gain physical access to that by pretending to be a customer or service personnel.
How this works is that a scammer will send an email pretending to be the CEO. It may appear to be from the CEO’s address (or one so close they hope you won’t notice).
Even if you have payment processes in place, a request from the boss will often take precedence. If a boss asks you to expedite a payment, staff will want to help out and maybe even not want to bother their boss.
CEO spoofing relies on helpful staff not double checking, or not wanting to disturb their CEO.
Often scammers will take a small amount from many accounts, hoping people won’t report it. Keep an eye on all transactions.
Put a pin on your mobile.
Apparently thing is a thing. It is when memory sticks are deliberately left outside a business, so helpful/curious people will collect them up and plug into their computer to check the content/find an owner.
In the next blog post we will look at creating an IT policy to help protect your business and make staff aware of the dangers (ETA: Link to new post).
Action Fraud website and contact: http://www.actionfraud.police.uk/