Tag Archives: NFIB

Top 10 online-enabled frauds hitting British wallets to the tune of £670 million

Organisers of Get Safe Online – the joint public-private sector Internet safety initiative – have revealed the financial and emotional cost of cyber crime. In a specially commissioned poll of 2,000 people by Vision Critical for Get Safe Online Week 2014 (running from 20 to 26 October), half (50%) of those who have been a victim of cyber crime (including online fraud or cases resulting in economic loss, ID theft, hacking or deliberate distribution of viruses and online abuse) said they felt either ‘very’ or ‘extremely’ violated by their ordeal.

Separate figures prepared by the National Fraud Intelligence Bureau (NFIB) for Get Safe Online Week offer an indication as to the sheer scale of online crime, with over £670 million lost nationwide to the Top 10 Internet-enabled frauds reported between 1 September 2013 and 31 August this year. The £670 million statistic emanates from reported instances of fraud, calculated when the first contact with victims was via an online function.

Given that a significant number of Internet-enabled fraud cases still pass by unreported, the true economic cost to the UK is likely to be significantly higher.

The Get Safe Online survey also reveals that over half (53%) of the population now views online crime just as seriously as they do ‘physical world’ crimes, destroying the notion that online crime is ‘faceless’ and less important than other crimes. As a result, more cyber crime victims (54%) wish to unmask a perpetrator but only 14% have succeeded in doing so.

Get Safe Online Week 2014 is focused on awareness around individuals not becoming the victim of cyber fraud

Get Safe Online Week 2014 is focused on awareness around individuals not becoming the victim of cyber fraud

As stated, half (50%) of those individuals surveyed for Get Safe Online Week have been a victim of online crime although only 32% of these people reported the fact. Around half (47%) of victims did not know to whom they should report an online crime, although this figure is expected to drop due to the ongoing work of Action Fraud (the UK’s national fraud reporting centre) and the considerable Government resources now dedicated to fighting cyber crime.

On a more positive note, victims in the Get Safe Online poll said that their experiences have shocked them into changing their behaviour for the better, with nearly half (45%) opting for stronger passwords and 42% now being extra vigilant when shopping online. Over a third (37%) always log out of accounts when they go offline and nearly a fifth (18%) have changed their security settings on their social media accounts.

In stark contrast, however, most people still don’t have the most basic protection in place. More than half (54%) of mobile phone users and around a third (37%) of laptop owners do not have a password or PIN number for their device. That figure rises to over half (59%) for PC users and two thirds (67%) when it comes to tablet owners.

The 'Don't Be A Victim' Infographic produced by the team at Get Safe Online

The ‘Don’t Be A Victim’ Infographic produced by the team at Get Safe Online

Supporting law enforcement’s response to cyber crime

Commenting on the survey results, Francis Maude (Minister for the Cabinet Office) stated: “The UK cyber market is worth over £80 billion a year and rising. The Internet is undoubtedly a force for good, but we simply cannot stand still in the face of these threats which already cost our economy billions every year.”

Maude continued: “As part of this Government’s long-term economic plan, we want to make the UK one of the most secure places in which to do business in cyberspace. We have an £860 million Cyber Security Programme in place which supports law enforcement’s response to cyber crime, and we’re also working with the private sector to help all businesses protect their vital information assets.”

Francis Maude MP: Minister for the Cabinet Office

Francis Maude MP: Minister for the Cabinet Office

In conclusion, the Cabinet Office leader added: “Our Get Safe Online and Cyber Streetwise campaigns provide easy to understand information for the public on how and why they should protect themselves. Cyber security is not an issue for Government alone. We must all take action to defend ourselves against the threats now being posed.”

Tony Neate, CEO at Get Safe Online, explained: “Our research shows just how serious a toll cyber crime can take, both on the wallet and on well-being. This has been no more apparent than in the last few weeks with various large-scale personal photo hacks of celebrities and members of the general public. Unfortunately, this is becoming more common now that we live a greater percentage of our lives in the online space.”

Neate went on to state: “This year, Get Safe Online Week is all about ‘Don’t Be A Victim’. We can all take simple steps to protect ourselves, including putting a password on our computers and mobile devices, never clicking on a link sent by a stranger, using strong passwords and always logging off from an account or website when we’re finished. The more the public do this, the more criminals will not be able to hide behind a cloak of anonymity.”

Tony Neate: CEO at Get Safe Online

Tony Neate: CEO at Get Safe Online

Detective Superintendent Pete O’Doherty, head of the NFIB at the City of London Police, said: “Cheap and easy access to the Internet is changing the world and transforming our lives. What many of us may be less aware of is the fact that financial crime has moved online and poses a major threat to people of all ages and from all walks of life. Men and women, young and old, rich and poor. It matters little who you are, where you live or what you do.”

O’Doherty continued: “It’s vitally important people are fully aware of the dangers around fraud and Internet-enabled fraud which is why the City of London Police, in its role as the National Policing Lead for Fraud and home to the National Fraud Intelligence Bureau, is fully supportive of Get Safe Online’s week of action.”

Importantly, O’Doherty added: “I would also call on anyone who has fallen victim to an online fraud to report this to Action Fraud. It’s only then that local police forces will be able to track down the main offenders and ensure victims receive the best possible support as they try to recover from what can be an extremely difficult and upsetting experience.”

Have you been a victim of cyber-enabled fraud?

George Anderson, director of product marketing at Internet security specialist Webroot, has also offered his views on the survey results.

“It’s sad but not surprising that 53% of British people have fallen victim to cyber crime,” asserted Anderson. “The Internet has been assimilated into our daily lives to the point where it’s easy to forget how hazardous it is if the proper security measures are not taken.”

Anderson continued: “The key to making the UK a safe Internet user zone is education. As a country, as communities and as individuals we should be actively promoting awareness of Internet safety and security issues. The Government’s research should not scare people away from online activities, but rather start the process of serious and continuous conversations whereby we evaluate the online precautions we take both at home and at work. Education should start at an early age, with parents and education bodies working to ensure future generations populated by ‘security savvy’ individuals.”

Adding to that message, Anderson said: “Understanding what preventative measures we can take ranges from a rudimentary awareness through to in-depth technical knowledge. However, far too many people have become too complacent with modern technology to even practice the basics. The modern person should by now know that computers ought to be protected by updated, Best-of-Breed anti-spyware and anti-virus software. They should practice safe surfing habits and harbour a full comprehension of online activities that would place their information at more risk than others. Also, they ought to be able to identify and understand website privacy policies and know when or when not to impart information regarding personal data.”

*If you think you may have been the victim of cyber-enabled economic fraud (ie where you have lost money), you should report the occurrence to Action Fraud and include as much detail as possible. Telephone: 0300 123 2040. Alternatively, visit: http://www.actionfraud.police.uk

**If you have been the victim of online abuse or harassment, you should report it to your local police force

***For general advice on how to stay safe online visit: http://www.GetSafeOnline.org

Leave a comment

Filed under Risk UK News

FALCON will be “an important addition to the national economic crime prevention capability”

City of London Police Commissioner Adrian Leppard has welcomed the Metropolitan Police Service’s announcement concerning the creation of a new fraud and cyber crime team dedicated to protecting Londoners vulnerable to the threat of economic criminality.

Metropolitan Police Service Commissioner Sir Bernard Hogan-Howe QPM officially launched FALCON – Fraud and Linked Crime Online – at the QEII Conference Centre in London’s Westminster. The new team will consist of up to 500 officers dedicated to tackling cyber crime, acquisitive crime with an online aspect and fraud that does not have an online element attached to it.

The overall aim is to create a new operating model for the investigation and prevention of fraud and cyber crime in London that will deliver seven key services. These are as follows:

(1) Volume and cyber-enabled investigations
A centralised capability that will remove the onus of investigation of fraud and cyber-enabled acquisitive crime from local policing Boroughs and provide a consistent approach towards investigations

(2) Complex and proactive fraud investigations
A centralised investigations service that proactively targets individual criminals and organised crime groups causing the most harm to individuals and businesses

(3) Pure cyber investigations
An increased capacity to undertake proactive and reactive investigations in response to intelligence or referral (from the national body)

(4) Problem solving, prevention and industry liaison
A capacity to work in partnership alongside businesses with a common purpose of preventing fraud and cyber-enabled fraud. This will enable the Metropolitan Police Service to link more regularly and effectively with business forums and, in turn, encourage the reporting of crime

(5) Victim care
Provision of a service to ensure that all London-based crime victims are recorded and contacted. This will enable the gathering of intelligence to improve future investigative outcomes and also identify enablers designed to support ongoing prevention and enforcement activity

(6) Performance, training and marketing
To provide accurate performance and information to internal and external stakeholders with data relating to both threats and trends

(7) Intelligence
The creation of a fraud and cyber crime intelligence capability

Sir Bernard Hogan-Howe: Commissioner of the Metropolitan Police Service

Sir Bernard Hogan-Howe: Commissioner of the Metropolitan Police Service

In summary, Project FALCON is being developed in response to the significant growth in cyber-enabled acquisitive crime. Borough-based police officers will continue to be responsible for investigating cyber crimes involving malicious communications, harassment or cyber stalking.

Speaking at the launch event, Metropolitan Police Service Commissioner Sir Bernard Hogan-Howe QPM explained: “FALCON sees a more focused and joined-up approach by the Met, the business sector and other law enforcement agencies to ensure that we’re protecting the public, designing out crime and arresting the culprits. We will be more powerful if the three of us can work together – the police, the public and businesses.”

Cyber crime challenges faced by Londoners

As the national policing lead for economic crime with responsibility for the National Fraud Intelligence Bureau (NFIB) and Action Fraud, the City of London Police has been an active supporter of the Met in addressing the fraud and cyber crime challenges faced by Londoners.

Those challenges are evidenced by the high proportion of reported economic crime assessed by the NFIB that results in disseminations to the Met for consideration of London-based investigations.

City of London Police Commissioner Adrian Leppard said: “I welcome the creation of FALCON and the priority this type of crime is being given by the Metropolitan Police Commissioner and the London Mayor’s Office. These London-based teams will be an important addition to the national capability being developed by the City of London Police, the National Crime Agency and police forces across the rest of the country.”

City of London Police Commissioner Adrian Leppard

City of London Police Commissioner Adrian Leppard

Karen Bradley, Minister for Modern Slavery and Organised Crime, added: “The threat from cyber crime is ranked as ‘Major’ in our National Security Strategy and the Government is investing £860 million over five years to tackle this issue. We’re also increasing knowledge throughout local police forces with specialist training. I’m very pleased to see the Metropolitan Police Service’s commitment to dealing with fraud and cyber crime, and I look forward to hearing about the vital contribution FALCON will make to this work.”

*Further detail is available in a Metropolitan Police Service Briefing Note on Cyber Crime. Access: http://www.met.police.uk/docs/cyber-crime.pdf

Leave a comment

Filed under Risk UK News

Banks team up with Government to combat cyber criminals and fraudsters

A pioneering financial crime alert system will see 12 Government and law enforcement agencies warn banks of the latest threats in a bid to safeguard the accounts of millions of customers.

Working with preferred technology partner BAE Systems Applied Intelligence, the British Bankers Association (BBA) will launch the Financial Crime Alerts Service as part of a new approach towards combating a wide range of financial crime threats.

The new alerts service will allow the sector to react more swiftly than ever to major incidents and permit industry financial crime professionals to spot emerging problems and threatening criminal trends.

Anthony Browne, CEO of the BBA, said: “This alerts system is a powerful new weapon against fraudsters, cyber criminals and other crooks intent on stealing our customers’ money. Receiving real-time alerts from both domestic and international bodies, including the National Crime Agency (NCA) and 11 other Government and law enforcement agencies, will provide vital intelligence for the army of staff banks have already hired to combat these threats. This service is a shining example of how banks and Government can work together to benefit all customers.”

Anthony Browne: CEO of the BBA

Anthony Browne: CEO of the BBA

Real-time intelligence pooled from partner agencies and Government bodies will be shared with expert banking officials in place to tackle fraud, financial crime and other violations.

This work builds on the successful arrangement already in place between banks and the National Fraud Intelligence Bureau that has prevented over £100 million of fraud losses through successful and targeted information sharing.

When the initiative goes live (which is planned for early 2015), the BBA Financial Crime Alerts Service will include warnings on terrorist financing, money laundering, bribery and corruption, cyber and e-crime, fraud and emergent, thematic and strategic reports.

Donald Toon, director of the Economic Crime Command at the NCA, commented: “Collaboration between law enforcement and the private sector is key to reducing the impact of economic crime. Alerts to industry are a key part of this, and I very much welcome the BBA’s work in this area.”

Leave a comment

Filed under Risk UK News

London Mayor’s Office for Policing and Crime launches new Business Crime Strategy

The London Mayor’s Office for Policing and Crime (MOPAC) has launched a new 48-page Business Crime Strategy designed specifically to help protect London-based companies from acts of criminality.

The crime threat in the UK is changing. Criminals are becoming more sophisticated and more crime has moved off the streets and into the online world. MOPAC’s Business Crime Strategy – endorsed by the Metropolitan Police Service, the National Crime Agency and the City of London Police – outlines how each provider will build their capability to tackle fraud and economic crimes.

This is the first strategy of its kind. It represents a ‘Call to Arms’ for the police, businesses, local authorities and others to work together to build confidence and prevent and cut business crime. More than this, it sets out clear, deliverable plans to achieve end goals, with commitments from MOPAC and law enforcement alongside a challenge to businesses themselves.

Read the document in full

London's Mayor Boris Johnson: tackling crime in the capital

London’s Mayor Boris Johnson: tackling crime in the capital

On the Business Crime Strategy, Stephen Head (Commander and National Police Co-ordinator for Economic Crime at the City of London Police) said: “The threat from fraud, particularly cyber-enabled fraud, continues to grow and every section of society is now at risk. It’s therefore increasingly important that the police and businesses work even more closely together to counter this threat. The collaborative approach advocated by MOPAC and highlighted in this strategy is absolutely right if we’re to be successful in continuing to meet this challenge.”

He continued: “As the National Policing Lead for Fraud, the City of London Police will continue to work with MOPAC and others to ensure that London remains one of the safest and most business-friendly cities in the world, with a policing approach that’s fit and appropriate for tackling 21st Century crimes.”

Affording context to the Business Crime Strategy

Further to this, the following information is designed to give context to information included in the Business Crime Strategy…

Since taking responsibility for Action Fraud in April this year, the City of London Police has instigated a programme of work designed to offer an enhanced service for the victims of fraud and cyber crime. Since the end of May 2014, all victims who report to Action Fraud now receive a written update on the status of their report after 28 days, if not before. Action Fraud also provides expert advice and guidance to concerned individuals or businesses.

Action Fraud and the National Fraud Intelligence Bureau (NFIB), hosted and run by the City of London Police, is funded by Government to receive reports of fraud and cyber crimes from individuals, SMEs and large corporations. Outside Action Fraud, it also accepts reports of business fraud through a number of organisations including the UK Payments Council and CIFAS.

The combined Action Fraud and NFIB services do not investigate reported crimes of itself. The NFIB uses cutting-edge technology to automatically identify links between crimes and, in quick time, develops and disseminates crime packages for investigation by UK law enforcement agencies. It also proactively disrupts criminality and enriches the UK fraud and cyber threat picture.

During the 2013-2014 financial year, of the totality of fraud and cyber crimes reported into the NFIB no less than 53,556 packages were identified as having viable lines of enquiry and disseminated to UK law enforcement for investigation or intelligence purposes. In the same time period, some 118,000 additional crimes were targeted for disruption while over 805 alerts were disseminated for prevention purposes.

As the MOPAC Business Crime Strategy demonstrates, CIFAS reports on fraud against businesses. These reports often add value to the thousands of Action Fraud packages disseminated for investigation by UK law enforcement.

It’s important to note that police forces accept crimes for investigation based on the availability of viable lines of enquiry. In the past, forces have prioritised Action Fraud reports over CIFAS because of the quality of the data. However, the NFIB is working with forces and CIFAS to improve the quality of all data to create more opportunities for UK law enforcement to accept and investigate reports.

Informing Government and UK law enforcement

Action Fraud and the NFIB use the large number of reported fraud and cyber crimes to help inform Government and UK law enforcement about the scale of the threat that exists at a local, regional and national level in order to help drive their response to the benefit of victims. This has resulted in some police forces committing considerable additional resources to address these emerging threats.

For example, the Metropolitan Police Service is adding further capability to accept fraud and cyber crime packages for investigation which will then provide an enhanced service to victims.

The City of London Police proactively aims to improve the policing response to fraud and cyber crime and ensure that all business victims receive an efficient and effective service, particularly as reporting continues to increase. For instance, the force is creating a system whereby businesses can easily report multiple instances of fraud and cyber crime to Action Fraud.

Additionally, the force plays host to a number of fraud teams and specialist units that service business victims of fraud and cyber crime including the insurance industry, the credit and payment industry and intellectual property rights holders. ​​​​​

Leave a comment

Filed under Risk UK News

Over £21 million lost to social engineering scams since the beginning of 2014

Get Safe Online, the UK Government and private sector-backed information service on Internet safety and security, is raising awareness of ‘social engineering’ scams through a new series of informative videos offering advice and tips.

A type of confidence trick, ‘social engineering’ is the use of deceit to manipulate or trick victims into certain actions including divulging personal or financial information. Examples include phishing e-mails and fraudulent phone calls asking for personal or financial information – known as ‘vishing’ – or phone calls from fraudsters impersonating computer technical support agents.

According to FFA UK, approximately 23% of people in the UK have received a cold call requesting personal or financial information, potentially putting them at risk of becoming a victim.

In the first five months of this year alone, some of the UK’s main High Street banks have reported losses of over £21 million from vishing attacks on their customers, with over 2,000 vishing attacks resulting in an average loss of over £10,000 per victim.

Social engineering exploits human nature and plays on victims’ emotions such as protecting themselves, their family and finances, gaining something of advantage or willingness to please others. It’s a factor in many types of fraud.

Schemes may be elaborate and highly convincing

Tony Neate, CEO of Get Safe Online, commented: “It’s important that the public are aware of what social engineering actually is, as there are so many types which can lead to the theft of your money or identity. It can be easy to fall prey to social engineering because schemes can be elaborate and highly convincing, with approaches usually made by somebody you think you should trust or appears to be in authority. It’s not just individuals who are likely victims, it’s also businesses.”

Get Safe Online – the UK Government and private sector-backed information service on Internet safety and security – is raising awareness of ‘social engineering’ scams through a new series of informative videos offering advice and tips

Get Safe Online – the UK Government and private sector-backed information service on Internet safety and security – is raising awareness of ‘social engineering’ scams through a new series of informative videos offering advice and tips

Neate added: “We hope that by raising awareness of how to avoid becoming a victim of social engineering through our online videos and activity with our partners, we can help prevent it from happening to others.”

Alasdair MacFarlane, head of customer security at NatWest, said: “NatWest is committed to providing safe and secure banking alongside an excellent level of customer service. Fraudsters are always looking for new ways to gain access to money which is why we offer our customers a Secure Banking Promise, as well as lots of advice on our website to help them avoid falling victim to a scam. We’re delighted to be working with Get Safe Online in raising awareness on this important issue.”

Dawn Cornwall, fraud and security manager at Lloyds Banking Group, explained: “At Lloyds Banking Group we are committed to making sure our customers’ Internet banking experience is as safe as possible. We use cutting-edge technology to protect their personal information and privacy. We also have our online guarantee in place if a customer experiences fraud in Internet banking and a wealth of advice and guidance on our websites. We’re really pleased to be working with Get Safe Online on the Social Engineering campaign.”

Alex Grant, Barclays’ managing director of fraud prevention, stated: “We’ve seen from our own interaction with customers who have fallen victim to social engineering frauds that the loss of hard-earned savings causes great emotional distress, as well as having a significant financial impact. This is why raising awareness about social engineering scams and protecting customers from fraud is one of our highest priorities. Barclays fully endorses this awareness campaign and we’re pleased that our sponsorship of Get Safe Online is helping provide consumer education and promote awareness of scams such as these.”

Detective Superintendent Peter O’Doherty is the head of the NFIB and Action Fraud. Speaking about the Get Safe Online initiative, he said: “The face of crime has significantly changed in recent years, with much of today’s offending being conducted not on a face-to-face basis but over the phone and through a computer. People need to be aware there are ruthless, calculating criminals using social engineering scams to obtain personal and financial information that makes them a profit and individuals and businesses the victims of crime. This multi-media Get Safe Online campaign will shine a light on these practices and help the public know when they are being targeted and the best ways in which to protect themselves.”

How to avoid becoming the victim of social engineering

Getsafeonline.org offers a number of tips on how to avoid becoming a victim of social engineering:

• Always be wary of people requesting confidential or personal information by whatever means, however convincing they may seem
• Never reveal personal or financial data including usernames, passwords, PINs or other forms of ID
• Be very careful that people or organisations to whom you are supplying payment card information are genuine, and then never reveal passwords. Remember that a bank or other reputable organisation will never ask you for your password via e-mail or a phone call
• If you receive a phone call requesting confidential information, verify that it’s authentic by asking for a full and correct spelling of the person’s name and a call back number
• Check the number matches the contact number on the relevant website. Even then, the criminal may have used special software to display the authentic number
• If you are asked by a caller to end the call and phone your bank or card provider, call the number on your bank statement or other document from your bank – or on the back of your card. However, be sure to use another phone from the one you received the call on to ensure that a fraudster is not on the line by having kept the call open. If you cannot access another phone, be sure to hang up for at least five minutes before you dial out, or call a friend (whose voice you recognise) before making another call
• Do not open e-mail attachments from unknown sources
• Do not readily click on links in e-mails from unknown sources. Instead, roll your mouse pointer over the link to reveal its true destination, displayed in the bottom left corner of your screen. Beware if this is different from what is displayed in the text of the link from the email
• Do not attach external storage devices or insert CD-ROMs/DVD-ROMs into your computer if you are not certain of the source, or just because you are curious about their contents

*For more advice on how to avoid this type of fraud visit: http://www.getsafeonline.org/socialengineering to watch the online advice videos

About Get Safe Online

Now entering its eighth year of operation, Get Safe Online (www.getsafeonline.org) is the UK’s national Internet security awareness initiative.

A joint partnership between the UK Government, the National Crime Agency (NCA), Ofcom, law enforcement bodies and private sector sponsors from the worlds of technology, communication, retail and finance, the initiative continues to educate, inform and raise awareness of online security issues to encourage confident and safe use of the Internet.

GetSafeOnline.org is supported by Barclays, Bob’s Business, Creative Virtual, the Department for Business, Innovation and Skills, HM Government, HSBC, Kaspersky Lab, Lloyds Banking Group, the National Crime Agency, Symantec, the National Fraud Authority and Action Fraud, Ofcom, HSBC, Microsoft, PayPal, Symantec, Standard Life, Gumtree, Camelot, Detica, StubHub, Nominet, PurchaseSeal, ValidSoft, Business Link, the Charity Commission, Citizens Advice, the Association of Chief Police Officers, the Information Systems Security Association, e-Crime Wales, Information Risk Management plc, the Institute of Information Security Professionals, RG (Interactive Media in Retail Group), the International Association of Accountants Innovation and Technology Consultants, the Internet Services Providers’ Association, Neighbourhood and Home Watch, PTA-UK, SafeBuy, Safer Jobs, the Scottish Crime and Drug Enforcement Agency, Scottish Police College, the Scottish Business Crime Centre and UK Online Centres.

Leave a comment

Filed under IFSECGlobal.com News

SIA and NFIB work to raise awareness of online security recruitment scam

The Security Industry Authority is working in conjunction with the City of London Police’s National Fraud Intelligence Bureau to raise awareness of an online recruitment scam.

The scam involves a series of phony online adverts offering training or jobs within the private security industry, using the names of real employees within genuine recruitment agencies.

After submitting a CV, the individual is offered a job and requested to pay an upfront fee of around £50 through an online money transfer to carry out a criminal records check or uniform fitting.

After paying the fee, the ‘recruitment agent’ may then claim that the e-money payment has failed and that the victim must submit a further e-money voucher code to continue with the application. This additional step is purely to maximise the fraudsters gain after establishing the victim’s interest.

The victim is then asked to attend an interview or induction/training session taking place at a multi-purpose business venue such as a conference centre.

The company offering employment is later found not to exist or the genuine recruiter has no knowledge of the contact details used by the suspects.

Don’t be a victim!

There are steps individuals can take to ensure that offers for training or jobs are real. These include the following:

• Research the company offering the service, check their website for contact details and make contact with them
• Be aware of advertisements with free e-mail addresses such as gmail or Hotmail
• Be aware of any advertisement requesting payment upfront, especially through online methods using e-money payments
• Research the training company using the SIA’s training provider search tool on the SIA website.

Also, please note the following:

• The cost of a criminal records check is included in the SIA licence application fee.

For further advice on these issues please visit the NFIB’s website: http://www.cityoflondon.police.uk/advice-and-support/fraud-and-economic-crime/nfib/Pages/default.aspx

Leave a comment

Filed under IFSECGlobal.com News

National Fraud Intelligence Bureau issues warning over Cryptolocker attacks

The National Fraud Intelligence Bureau is warning about the damage being caused by Cryptolocker, a destructive malware that installs itself on computers and effectively holds peoples’ files to ransom.

So far, the National Fraud Intelligence Bureau (NFIB) has received reports from almost 100 victims, with an average loss of £460.

Affected businesses and individuals will also incur losses, such as wasted time, lost revenue and additional IT costs, in addition to further implications for files that are not separately backed up.

The malware is predominantly deployed via zip files in e-mail attachments and web links exploiting legitimate public sector organisations’ branding.

How does the threat get in?

Process
1. An e-mail attachment or Internet link that contains the malware is opened on your computer, which installs the malware, or your computer is already infected with malware (ie a Botnet) and the criminal uses this to further infect your computer with CryptoLocker.
2. The malware runs and installs CrytpoLocker.
3. The malware encrypts all the files it can find including images, documents and spreadsheets.
4. The malware then pops up a page giving you limited time, usually 72 hours, to buy back the private key, typically $300, to regain access to your data.
5. It’s unclear as to whether access is regained after paying the ransom.

How can you reduce the risk of becoming a victim?
1. Do not click on attachments unless you can verify the source, particularly if you are not expecting correspondence from the source.
2. Install and run security software and set to update automatically.
3. Set your computer’s security settings to update automatically.
4. Make regular back-ups, storing them safely and preferably offline.
5. Increase security settings on your browser.

Leave a comment

Filed under IFSECGlobal.com News