• +44 7503 218 152
  • ronna@xtrabyte.co.uk

Category >Online Securities

EasyJet Cyber Breach

No business however big, however good they perceive their IT security to be, cyber criminals can reach out from anywhere in the world.
 
In the last hour, the Financial Times and Sky newsfeed has announced a huge data breach involving EasyJet. 9 million customers data, 2000 credit cards stolen. News report at:
https://www.ft.com/content/b22deb69-2be7-4611-b7b9-6ec3adc45465
 
If you have ever been an EasyJet customer, be alert to phishing emails. Do not click on links or open attachments unless you are confident the sender is genuine. Phishing emails will not necessarily be titled from EasyJet, criminals will just use stolen data to send phishing emails that appear to have come from any recognisable company, organisation etc.

Be wary of emails attempting to blackmail you accusing you of having viewed unlawful images on the internet, the email may contain a password you may recognise, but they may just being using stolen passwords from a data breach.
 
Report phishing email to report@phishing.gov.uk
 
Be alert to telephone calls, remember just because someone knows your name does not make them genuine. They may just may have access to all your private information.

Always use strong unique passwords. If you don’t, once they know one password they will try their luck on the top 100 websites in the hope that you use the same combination of email and password and if they are lucky, they can login to your other accounts.

Use 2FA on all accounts where supported, this means that even if they have your password, they will not be able to access your account unless they have access to your mobile phone.
 
At this time, I only have access to the same media reports as the public. I do not know exactly what data they have stolen. The news article on Sky states that EasyJet will be contacting 9 million customers, just remember don’t click on any links or open an attachment unless you are sure the sender is genuine, if in doubt don’t do it.
 
For further advice on cyber security whether a business, charity, organisation or individual visit the National Cyber Security Centre. www.ncsc.gov.uk
 
Consider visiting www.haveibeenpwned.com where you can enter an email address and it will give details as to whether it has been compromised by cyber criminals. I don’t know how long it will be before the EasyJet breach is on the site.

This message was circulated by: Mr Nigel Sutton 8517
Cyber Protect Officer
Serious & Organised Crime (Intelligence and Specialist Crime Department)
Ext: 01480 422773
Cambridgeshire Constabulary
Hinchingbrooke Park,
Huntingdon, PE29 6NP

Netflix_scam

Netflix Possible Scam

Do not fall prey to the phishing email scam to generic warning signs that the email is not genuine!

Never to click on a link or open an attachment unless you are satisfied the sender is genuine and are who they purport to be. But we live in a computer age where criminals can spoof their telephone numbers, email addresses and social media profile names which means they can make their communications look genuine.

If in doubt, don’t click on the link and login to your account using a tried, tested and trusted way. So, in the case of Netflix, if you don’t have an account I would like to think that people will just smell a rat and delete it. If you do have an account, exit the email account and go to the genuine website and login as you would normally. Links in text messages, emails and instant message services are nothing more than shortcuts and humans like shortcuts if it saves effort and time which is why criminals put them in their messages.

This is a follow-up reminder of phishing messages concerning the likes of Netflix, Paypal, Amazon, eBay, HMRC, DVLA, TV Licencing, DPD and others that may not be mentioned here. But. the principlals I shared here applies to all suspicious emails.

Have you come across the website www.haveibeenpwned.com? If not, have a look put your email address where prompted and it will tell you if your email address is in the hands of cyber criminals.

Message from: Mr Nigel Sutton 8517, Cyber Protect Officer.

To report fraud or cyber crime, and for advice on how to avoid it visit www.actionfraud.police.uk

online_network

Cloud Services

For organisations whose hardware, software and data where the centre is located on site and directly under their control, organisations are free to determine their own security posture and policies. However, much of this oversight is lost when migrating to the Cloud. Most Cloud providers share a pool of resources between hundreds, if not thousands of other users.

  • How does an organisation guarantee their data remains separate and secure?
  • What sort of assurance should be sought before committing to cloud services?

Organisations may use the hardware and software provided – Software as a Service (SaaS). Other organisations want hardware and IT infrastructure – Infrastructure as a Service (IaaS). Some want something in between – Platform as a Service (PaaS). Each model places different levels of responsibility on the customer. Organisations must be clear what security measures they are expected to take and where the responsibilities lie.

The following points to take note when checking your security responsibilities:

1. Does the cloud encrypt stored data? Who has control of the encryption keys, if it’s the cloud provider how do you know that they will be kept secure?

2. When your data travels over the internet, will it be encrypted? A VPN gives a high degree of privacy when communicating with cloud applications.

3. When changing providers, or leaving the cloud environment, organisations need to know that data will be removed from all hard drives. In the cloud these resources will be reallocated to other users. Check how the provider intends to make data inaccessible to others and what guarantee they offer.

4. Many cloud providers offer self-service portals where you can access reports, logs. Check with the provider what these show and whether they give you adequate visibility of security incidents.

5. Check that any software used has been developed with security in mind.

6. Using the cloud is often seen as a way to provide business continuity and recovery. What if your cloud provider has problems? Check what redundancy and resilience the Cloud Provider has.

Staff Training

What is sensitive, private and confidential? Employees need to understand how valuable or sensitive data is, then it is more likely to be handled with the care and attention it deserves.
Most security incidents occur because of poor security policies. If employees are using poor passwords to connect to systems, or have access beyond that actually needed to do their job, then invest time and effort educating users.
Check that employee are trained to use applications correctly.

Hot topics

We are seeing a growing trend of so called ‘sextortion’ phishing emails. This is where the sender claims to have compromising images of the recipient and often the email will include a password that the victim has previously used, to add authenticity. Advice from Action Fraud.
These are fundamentally different to actual sextortion attempts where the sender does possess compromising images of the victim. The advice for this remains the same; anyone who is sent an email which includes compromising images and/or a request for payment should contact their local police force.
The free vouchers scam has moved to a new variant with phishing emails being sent to recipients claiming to be from Tesco, offering free vouchers. The email features a link for recipients to register and claim their free voucher which provides an opportunity for criminals to steal email logins, passwords and personal details.
A recent fraud involved the sale of a car where the suspect used the Covid19 lock down as a reason the victim could not see the vehicle and persuaded the victim to pay by bank transfer.

Reporting

Reporting to Action Fraud can be done online or by calling 0300 123 2040. To report offers of financial assistance from HMRC, contact phishing@hmrc.gov.uk.

This advice has been collated by the East Midlands Regional Organised Crime Unit (ROCU) and is intended for wider distribution to raise awareness among businesses and the public.Advice and information is changing daily as we navigate our way through the COVID-19 pandemic, so please ensure you only take information from reputable sources.

If you require any further information, assistance or guidance please contact the ERSOU Protect Team CyberProtect@ERSOU.pnn.police.uk or your local Force protect team.

Message from: Mr Nigel Sutton 8517, Cyber Protect Officer.

Working together to deliver an inclusive and professional policing service with: Fairness, Integrity, Diligence and Impartiality

Online_Scams

Free School Meals Scam Email

Please be aware of the current scam email circulating to be from the Department of Education or catering providers asking parents for their bank details to allow them access to Free School Meal vouchers. If you receive one, please do not reply to it or give out any bank details.

To report fraud or cyber crime, and for advice on how to avoid it visit www.actionfraud.police.uk

2FA or MFA authentication

This is an important information on the use of Two-factor (2FA) or Multi-factor (MFA) authentication on business and private online accounts.
 
Using 2FA and MFA means that even if criminals compromise an account password, they will be prevented or disrupted from gaining access, because they will not know the code generated by your account and sent to your mobile phone, or whatever option you have used in the MFA setup.
 
A quick example of its importance. The person has a Gmail account with 2FA set up on it, a couple of days ago the person received a text message from Google that stated an attempt had been made to access their account from Taiwan. If that person had not have 2FA setup, the cyber criminal would have been in the account quietly stealing private data, and possibly sending out phishing emails to all his contacts which would have appeared to have come from him.
 
For businesses and individuals using Office 365, please bear in mind the following fact:
 
Microsoft has reported that 1.2 million Office 365 accounts are compromised every month, which could be cut by 99.9 per cent if organisations enforced multi-factor authentication.
 
For advice about setting up 2FA and MFA, please visit:
https://www.ncsc.gov.uk/guidance/setting-two-factor-authentication-2fa
 
The National Cyber Security Centre. (NCSC) Helping to make the UK the safest place to live and work online. www.ncsc.gov.uk

Message from Mr Nigel Sutton 8517, Cyber Protect Officer

Smishing Scam

Action Fraud are aware of a rumour currently circulating via WhatsApp, SMS and social media which references the City of London Police Fraud Team and claims that Danske Bank customers are being targeted by a particular text message (smishing) scam. The content of this message is false.

However, smishing scams are common. Don’t click on the links or attachments in any suspicious emails or texts, and never respond to messages that ask for your personal or financial details. It’s important to remember that your bank would never ask you to move money out of your account, or contact you out of the blue and ask for details such as your full banking password or PIN number.

Anyone who has divulged information after receiving this type of message should contact their bank immediately.Fraudulent websites are also being set-up, which offers an antivirus program to protect users against the coronavirus. Fraudsters trick users into downloading a remote access Trojan and install malware that could infect the user’s device. Once access has been obtained, the fraudster could act as a legitimate user but use this access to steal data and seek financial gain.

To report fraud or cyber crime, and for advice on how to avoid it visit www.actionfraud.police.uk

email_scam

Mandate Fraud

How does a typical Mandate Fraud occur?

Businesses are contacted by someone pretending to be one of their suppliers and told they have changed their bank, requesting they amend the direct debit to reflect this. The genuine supplier then gets in touch to ask what happened to the monthly payments.

  • Individuals are contacted by someone pretending to be from an organisation you have a mandate with and they ask you change it as they are changing their banking. Next month your products or services fail to arrive, as they did not receive their payment.
  • Online bank accounts are hacked into by fraudsters and monthly payment details are altered so that the money is transferred to the fraudster’s account.

Advice to avoid Mandate Fraud

Verify all invoices, as well as requests to change bank account details. To check a request is legitimate, contact the supplier directly using established contact details you have on file.

  • Access to sensitive financial information should be carefully controlled. Don’t dispose of confidential documents without shredding them first.
  • Check your bank statements regularly for any suspicious transactions. If you notice anything unusual, notify your bank immediately.

To report fraud or cyber crime, and for advice on how to avoid it visit www.actionfraud.police.uk

covid19-scam

Coronavirus Scams

If you receive an electronic communication, be suspicious. Emails, text messages, instant messages such as the one below are a scam. Do not click on blue or any colour links within electronic messages unless you have verified who the sender is. If in doubt, don’t click. Links are just a shortcut to a website. Instead, you could consider logging into your account the message refers to, using your tried, tested and trusted way.

So, if the message appears to be from HMRC and you do actually have a HMRC account, then come out of your email account and visit www.gov.uk and login that way rather than clicking on a link. If you don’t have a HMRC account then be very suspicious and ignore it.

If the message purports to be from Amazon, eBay, Netflix, DVLA, the list is endless, the same applies don’t click on the link but login to your account using a tried, tested and trusted way.

If you want information about coronavirus and COVID-19 visit www.nhs.uk or Public Health England via www.gov.uk. Please don’t go searching the internet because you may just read something untrue, or your device will get infected with malware because you visited a website controlled by a cyber criminal.

Just because a web address contains HTTPS it does not mean it is a genuine site. Criminals can use HTTPS in their web/link address. HTTPS just means that the connection between you and the website is secure. Ensure you are visiting a genuine website, if you have anti-virus/malware installed and updated, a Firewall installed and updated they may warn you if you are about to visit an untrusted website but what if they don’t? Be careful when clicking on the results of a search and ensure you are visiting a genuine site.
If you know the address of the website such as www.gov.uk then type it direct into the address bar at the top of your browser rather than searching for it in the search box in the middle of your screen.

Here is one way of assessing whether a website is unsafe. Google offer a service called Google Transparency Report at: www.transparencyreport.google.com/safe-browsing/search
You will then be asked to enter the suspect web address (URL) into the search box and press return. It will then make an assessment based on data it holds (and that is a lot) and give you an indication as to whether the website can be trusted or not as the case maybe. For those of you curious enough, Google offer a lot of advice on this subject which can easily be found using the transparency report website.

To report fraud or cyber crime, and for advice on how to avoid it visit www.actionfraud.police.uk

NHS England? Beware

Emails have been sent purporting to be from NHS England, asking the recipients to pay into a bank account to support the NHS.

Hackers are sending a new COVID 19 email titled “You are infected”. Recipients are asked to download an infected Excel document attached to the email and proceed to the nearest emergency health clinic for testing.

Locally we have been made aware of the below email that shows that even the least sophisticated of the scammers are jumping on the Covid19 bandwagon.

covid-19-nhs

Reporting is CRUCIAL. If you think you’ve been a victim of fraud report this to Action Fraud either onlineat or by calling 0300 123 2040.

Zoom Video Security

The video conferencing application ZOOM has rapidly gainedpopularity during the current situation. It’s easy and free –it is a popular way to stay in touch.

There are several reports in the media, both mainstream and Cyber, raising doubts about the security of ZOOM.

In the current unprecedented circumstances the need for effective channels of communication are vital. NCSC guidance shows there is no security reason for Zoom not to be used for conversations below a certain classification. The NCSC recommends following vendor best practice advice in the mitigation of vulnerabilities. In this case, the most important aspect is to use the latest version of the application and follow vendor security advice. More information can be found at: https://zoom.us/security

Top tips for video users:

• Think about location -what can be seen in the background?
• Do you have Alexa, Siri or Google Assistant listening in the background?
• Sharing your screen –think about what else can be seen when you “share”

Reporting is CRUCIAL. If you think you’ve been a victim of fraud report this to Action Fraud either onlineat or by calling 0300 123 2040.