How To Increase Cyber Security During COVID-1916th Apr 2020
In the midst of the Covid-19 pandemic, more people find themselves needing to turn to technology in order to complete everyday tasks such as shopping and meeting with friends.
Scammers see this as an opportunity to take advantage of people unfamiliar with new systems and lacking both the knowledge and experience to spot an untrustworthy email or phone call.
At Coles Miller, we have excellent security measures in place to ensure that we are Cyber-Essentials compliant and therefore able to provide the most risk-free services possible to our clients. We ensure that our staff are aware of the different approaches that scammers take to trick people.
With cyber-crime on the rise - and more people depending on technology - we thought it would be a good idea to provide some security tips, so that readers of this blog can feel well-informed and safer online.
In the current climate likely attacks can be split into three types:
Vishing - Voice Elicitation
This is where a phone call is used to scam someone. A good example of this is when someone calls you saying they are a Microsoft engineer and they have received a report that shows your computer is running slowly. They will talk you through a remote connection process which will allow them to access your computer and “fix it”. They can then plant illicit software and ask for payment to oversee its removal.
The advice here is to simply hang up the phone if you were not expecting the call.
Using a text message. Some scammers are able to send messages that appear to have come from your bank. These alerts may even appear as part of existing conversations. Our advice is never reply if you don’t recognise the number. Similarly, refrain from following any links included within an untrusted or unexpected SMS. Simply delete the message.
This is where an email is sent containing a dodgy link or attachment that will infect your PC. Occasionally an email will contain no links or attachments whatsoever. Instead they may propose something like a business opportunity. Others are worded simply as a threat.
A scam email will try to get you into a vulnerable state of mind by using the “6 Principals of persuasion”. These are:
1) Authority - Consciously, people may follow the direction of an authority figure. At a non-conscious level, they will tend to weight the opinion of an authority figure more highly than that of others. A scammer might be able to spoof an email so that it appears to have come from someone high up in an organisation and this can lead to complicity with a scammer’s demands.
2) Commitment/Consistency - People unconsciously want to behave in a manner that is consistent with past behaviour. A scammer might mention a friend or colleague who they claim to have dealt with in the past and this will again lead to complicity with their demands.
3) Social Proof - People pay attention to what others are doing, both consciously and unconsciously. They will choose the crowded restaurant over the nearly empty one, even though they’ll be served more slowly. A scammer might use this to persuade you that lots of people are already doing what they are saying.
4) Reciprocity – Social norms compel us to respond to a favour with another favour to avoid the appearance of being ungrateful. A scammer might be able to persuade you that they have helped you out, meaning you owe them a good turn. This is not the case.
5) Liking / Similarity – We are more easily persuaded by someone we like. While some “liking” feelings are conscious, as with a friend, they are often so subtle we aren’t even aware of them.
6) Scarcity/Urgency - The fewer there are of something, the more people like and want them. “Offer expires at midnight!” is a powerful motivator.
Tips to avoid Phishing:
Delete anything unexpected
If you were not expecting the email, there’s a high probability it’s a scam.
Checking links are real
If you receive a link in an email, always hover your mouse over it without clicking. If you hover your mouse over the link, you will see a box appear that shows where the link directs to. If they fail to match up the likelihood is something untoward is at play.
Do not log in to anything that you are not 100% sure about
Many scams will appear to come from legitimate email addresses (that may even be in your contacts) and will contain a link or attachment that requires a login. If you follow this link to a login page, as soon as you type in your email address and password the scammer will have those details. They can then take over your account and any other accounts that are mentioned in your email folders containing the same password.
Check the “From” field
A common scam involves spoofing someone’s address, where a scammer can make an email appear to have come from elsewhere. The best way to check this is to select ‘reply’ and check the address that it will send back to. This often reveals the sender’s true email address and identity.
Scammers are known to replace characters to trick the recipient. For example, they might send from @mlcros0ft – where they have replaced the “i” with an “l” and the “o” with a “0”. This is a very common trick and not immediately obvious.
Use a secure password
It has been known for scammers to crack passwords simply by looking at an individual’s social media posts. Someone who posts regularly about their favourite football team is likely to have that team name make up a portion of their password. Scammers can use password cracking software to enter keywords that are likely to be in the password, and the password can be easily guessed by the software.
The current advice to create a secure password is to use completely random words, separated by symbols and numbers. Like£this$for%Example! It is also recommended that you change your password regularly.
Sometimes, a company will go out of business and sell their database as a last-minute cash grab. These databases can contain customer login information. Having made the purchase and accessed sensitive information, scammers can add a scary sense of legitimacy to an email by quoting an old password of yours.
Know what they know about you
A scammer can add legitimacy to an email, SMS or phone call by mentioning something personal about you. You might think that they could only know that information by being who they say they are, but remember that what you post online can be easily read, even if it is on a secure platform. A friend’s account may have been compromised, and they can use this to find out things about you that can make you believe that they are legitimate. Always be mindful of what you post online and who can read it. A social media “friends cull” is a very worthwhile exercise.
Another common scam is for a fake job advert to be posted online and the applicant’s CVs can then be sold to scammers. This information can then be used in the same way.
If you are unfortunate enough to fall victim to a cyber-attack, it is recommended to report this to Action Fraud.
Another key online safety tip is to ensure you are using good Anti-Virus software and moreover that it is kept up to date. Also ensure that you keep up with Windows Updates whenever recommended.
There are many good online resources that provide further reading. These include:
We hope you found this information useful and now feel both readily prepared and safe online. There are many wonderful things that can be achieved using technology, but it is very important to stay vigilant. Thanks for reading.
This blog was written by Tim Sque, IT Manager at Coles Miller