First of its kind charity formed to support people through cyber and fraud crime
A new national charity has been launched to support members of the Scottish public who find themselves victims of a cyber or fraud crime.
The Cyber and Fraud Hub was formed by Cyber and Fraud Centre – Scotland in response to a rapid increase in calls from concerned members of the public to its incident response helpline a collaboration between leading Scottish cybersecurity organisation the Cyber and Fraud Centre – Scotland, Police Scotland and the Scottish Government, which was originally set up to support businesses through a cyberattack.
Last year, calls to the Cyber and Fraud Centre incident response helpline doubled, with
60% of calls coming from concerned members of the public seeking advice following a suspected cyber or fraud crime.
Businesses will continue to be supported through the Cyber and Fraud Centre – Scotland with advice, intelligence and training, while the newly launched Cyber and Fraud Hub will offer tailored support through reporting and legal guidance, victim assistance, and recovering funds as well as improving the public’s understanding of cyber and fraud crime.
The Cyber and Fraud Hub will be the first charity in Scotland to offer this level of bespoke victim and advice support to individuals and will allow a greater number of people to access wraparound support at a time when they are most vulnerable.
The Cyber and Fraud Hub was spearheaded by a dedicated team who gave up their spare time to make the charity a reality. The team includes; Angie Lees, Declan Doyle, John Callagy, Jude McCorry, Alex Dowall and chair, Paul Atkinson.
Jude McCorry, CEO of Cyber and Fraud Centre – Scotland, said: “I recently saw a quote saying “The Fight against fraud is everyone’s problem, but no one’s priority” and we have seen this play out over the last year.
“In launching the Cyber and Fraud Hub, we have now made it our priority, but we need others, including senior figures in financial services and government, to make it their priority too.
“The Cyber and Fraud Hub will meet a vital need for support for individuals who find themselves in the daunting situation of being a victim of a cyber or fraud crime, the impact of which can be immense, mentally and financially.
“We’ve built strong relationships with our colleagues at Police Scotland and the banking sector to support our business community to be more resilient and we wanted to extend this support to the growing number of individuals who find themselves personally compromised as a result of this growing threat.
“Members of the public require a different type of support to get them through a cyberattack, where they are supported as victims of a crime as well as going through formal criminal proceedings.
“The Cyber and Fraud Hub team have the knowledge, skills and expertise to allow them to listen and provide reassurance as well as the tools to get people back on their feet.”
Assistant Chief Constable Andy Freeburn said: “I am delighted to be appointed as a Trustee of the Cyber and Fraud Hub and have seen at first hand the success of collaborative working to combat fraud and keep people safe in the digital world.
“The Hub will be an invaluable resource and complement the support available from Police Scotland. It will deliver first-class education and partnership programmes to help communities and individuals build resilience against cybercrime and fraud and offer specialised support to those who have become a victim of cybercrime.”
If you, or someone you know, has been a victim of cyber or fraud crime, you can call the Cyber and Fraud Hub on 0800 1670 623, or visit www.cyberfraudcentre.com.
From today, regulations enforcing consumer protections against hacking and cyber-attacks will take effect, mandating that internet-connected smart devices meet minimum-security standards by law.
World-first laws protecting UK consumers and businesses from hacking and cyber-attacks take effect today
manufacturers of products such as phones, TVs and smart doorbells are now required to implement minimum security standards against cyber threats
consumers will benefit from banning of easily guessable default passwords, marking a significant leap in protecting individuals, society and the economy from cyber criminals
Consumer protections against hacking and cyber-attacks will come into force today, as all internet connected smart devices will be required by law to meet minimum-security standards.
Manufacturers will be legally required to protect consumers from hackers and cyber criminals from accessing devices with internet or network connectivity – from smartphones to games consoles and connected fridges – as the UK becomes the first country in the world to introduce these laws.
Under the new regime, manufacturers will be banned from having weak, easily guessable default passwords like ‘admin’ or ‘12345’ and if there is a common password the user will be promoted to change it on start-up.
This will help prevent threats like the damaging Mirai attack in 2016 which saw 300,000 smart products compromised due to weak security features and used to attack major internet platforms and services, leaving much of the US East Coast without internet. Since then, similar attacks have occurred on UK banks including Lloyds and RBS leading to disruption to customers.
The move marks a significant step towards boosting the UK’s resilience towards cyber-crime, as recent figures show 99% of UK adults own at least one smart device and UK households own an average of nine connected devices. The new regime will also help give customers confidence in buying and using products, which will in turn help grow businesses and the economy.
An investigation conducted by Which? showed that a home filled with smart devices could be exposed to more than 12,000 hacking attacks from across the world in a single week, with a total of 2,684 attempts to guess weak default passwords on just five devices.
Minister for Cyber, Viscount Camrose said: “As every-day life becomes increasingly dependent on connected devices, the threats generated by the internet multiply and become even greater.
“From today, consumers will have greater peace of mind that their smart devices are protected from cyber criminals, as we introduce world first laws that will make sure their personal privacy, data and finances are safe.
“We are committed to making the UK the safest place in the world to be online and these new regulations mark a significant leap towards a more secure digital world.”
Data and Digital Infrastructure Minister, Julia Lopez, said: “Today marks a new era where consumers can have greater confidence that their smart devices, such as phones and broadband routers, are shielded from cyber threats, and the integrity of personal privacy, data and finances better protected.
“Our pledge to establish the UK as the global standard for online safety takes a big step forward with these regulations, moving us closer to our goal of a digitally secure future.”
OPSS Chief Executive, Graham Russell said: “The use and ownership of consumer products that can connect to the internet or a network is growing rapidly. UK consumers should be able to trust that these products are designed and built with security in mind, protecting them from the increasing cyber threats to connectable devices.
“As the UK’s product regulator, OPSS will be ensuring consumers can have that confidence by working with the industry to encourage innovation and compliance with these new laws.”
NCSC Deputy Director for Economy and Society, Sarah Lyons said: “Smart devices have become an important part of our daily lives, improving our connectivity at home and at work; however, we know this dependency also presents an opportunity for cyber criminals.
“Businesses have a major role to play in protecting the public by ensuring the smart products they manufacture, import or distribute provide ongoing protection against cyber-attacks and this landmark Act will help consumers to make informed decisions about the security of products they buy.
“I encourage all businesses and consumers to read the NCSC’s point of sale leaflet, which explains how the new Product Security and Telecommunications Infrastructure (PSTI) regulation affects them and how smart devices can be used securely.”
With 57% of households owning a smart TV, 53% owning a voice assistant and 49% owning a smart watch or fitness wristband, this new regime reinforces the government’s commitments to addressing these threats to society and the economy head on.
The laws are coming into force as part of the Product Security and Telecommunications Infrastructure (PSTI) regime, which has been designed to improve the UK’s resilience from cyber-attacks and ensure malign interference does not impact the wider UK and global economy.
The new measures will also introduce a series of improved security protections to tackle the threat of cyber-crime:
Common or easily guessable passwords like ‘admin’ or ‘12345’ will be banned to prevent vulnerabilities and hacking
Manufacturers will have to publish contact details so bugs and issues can be reported and dealt with
Manufacturers and retailers will have to be open with consumers on the minimum time they can expect to receive important security updates
Rocio Concha, Which? Director of Policy and Advocacy, said: “Which? has been instrumental in pushing for these new laws which will give consumers using smart products vital protections against cyber criminals looking to launch hacking attacks and steal their personal information.
“The OPSS must provide industry with clear guidance and be prepared to take strong enforcement action against manufacturers if they flout the law, but we also expect smart device brands to do right by their customers from day one and ensure shoppers can easily find information on how long their devices will be supported and make informed purchases.
David Rogers, CEO of Copper Horse, said: “We started this work many years ago so that people would not have to understand lots about the security of connected product in order to be secure. Getting rid of things like default passwords that are set to ‘admin’ or ‘12345’ are fundamental basics.
“Manufacturers should not be providing anyone with products like webcams that are so weak and insecure that they are trivial to hack into and takeover. This stops now and people can have greater confidence that the internet connected products that they buy have better security measures built-in to protect them.”
The UK government has collaborated with industry leaders to introduce this raft of transformative protections, which also include manufacturers having to publish information on how to report security issues to increase the speed at which they can address these problems.
In addition, consumers and cyber security experts can play an active role in protecting themselves and society from cyber criminals by reporting any products which don’t comply to the Office for Product Safety and Standards (OPSS).
The government is beginning the legislative process for certain automotive vehicles to be exempt from the product security regulatory regime, as they will be covered by alternative legislation.
This new regime intends to increase consumer confidence in the security of the products they buy and use, delivering on one of the government’s five priorities to grow the economy.
The new laws are part of the government’s £2.6 billion National Cyber Strategy to protect and promote the UK online.
Navigating the world of online dating can be tricky and it’s important not to lose sight of the potential dangers and scams that you may encounter whilst engaging with other potential matches.
That’s why security expert Nathan Daniels from VPNOverview.com has outlined 7 steps you can take to protect yourself when dating online to ensure you don’t have a negative experience.
Turn off location tracking
Many dating apps require that you turn on location tracking. This means you have to allow these apps to view your location. Dating apps use this information to get you into contact with people who are close to you geographically.
Of course, this is a very useful feature. Nevertheless, it’s understandable you might not want to share your exact location with a dating app, or with any service for that matter.
It is strongly recommended to turn off geo-tracking once you’re no longer actively using your dating app. That way, at the very least, you prevent the app from tracking you constantly.
Request a video chat (before your first date)
Another great safe online dating tip is to filter out fake dating profiles by requesting a video call. In fact, it can be a regular call as well, although video chatting is definitely better. Most people with fake profiles will be very reluctant to have a call, especially if a video is involved.
Obviously, it’s much easier for scammers to deceive their victims through text messages and sending someone else’s pictures. If they were to agree to a call, they would most likely just be discovered as fraudsters. As such, if someone refuses to have a (video) call, you might just be dealing with a fake profile.
Of course, you might be dealing with someone who is serious about meeting up at some point. In that case, a video call or a regular call is very useful as well. It will help you to gauge the other user’s intentions and character a little bit. This could help you avoid some dangerous scenarios.
Don’t connect your dating profiles to other social media or platforms
It might be tempting, for convenience reasons, to just log in on a dating app with your Facebook account or your main Google account. However, it is strongly recommend to not do this, as it’s a potential privacy hazard. Just think about it – you’re connecting a profile that’s intended for friends and family to a platform where you’ll be contacting tons of people you don’t know. Instead try using another way to log in, that can’t be traced back to you. One method, for instance, would be to create a Google account with random information that doesn’t contain any of your personal data.
Choose pictures you don’t use elsewhere
By using a reverse image search, someone can easily use your dating profile pictures against you. They can simply use this Google tool to find other pages where the images appear. This way, they’ll easily find out your personal information, even if you didn’t include it on your dating profile.
As such, it is recommended to only use pictures on your dating profile that you’re not using anywhere else. This also means it’s a bad idea to allow Tinder or other dating apps to simply pull pictures from Facebook or other social media accounts.
Report suspicious activity and inappropriate behaviour
Many dating apps have ways to report profiles and/or inappropriate behaviour. This comes in handy when you come across a (potentially) fake profile or behaviour that makes you uncomfortable. By reporting the profile involved, you will make your own and others’ dating experiences safer.
After you report an account, the respective dating app will generally launch an investigation. If someone’s profile is found to be fake or they are found guilty of inappropriate behaviour, their account will be deleted.
Types of suspicious or inappropriate activity you might encounter on dating apps include the following:
Fake profiles. Always be wary if you see a profile that’s unverified, offers little information, or seems too good to be true.
Money demands. If someone asks you for money, there’s a good chance they’re a catfish.
Requests for explicit pictures. The person requesting these pictures might plan on sextorting you.
Inappropriate messages, such as messages containing threats or sexual intimidation.
Unacceptable behaviour during a physical meeting exhibited by the people you meet.
Messages where people try to sell you something or get you to do something unrelated to dating (spam).
Rejection of video calls, even after chatting with someone for a long time. This might indicate you’re dealing with a fake account.
Many dating platforms also offer the possibility of blocking a specific user. This is a great option if someone is bothering you and you don’t want to have them contact you while you’re awaiting the results of the dating app’s investigation after reporting them.
Be wary of malicious files and pages
Some catfish operate by infecting their victims’ devices with malware. Rather than asking you for money, they might attempt to infect your system with a keylogger, in the hope. of getting their hands on your financial data.
That’s why it’s recommended to not download or click on any files that a new chat partner might send you. It’s best to wait until you know them a bit better and trust the,. The same goes for visiting links they send you – both can contain dangerous malware.
Apart from always being vigilant, we recommend getting a solid antivirus solution to protect yourself from malware.
Delete your account when you’re done dating
Have you finally met your soul mater? Or have you had your fill of casual dating fun? Either way, consider another valuable safe online dating tip, and make sure to delete your online dating account once you’re done dating.
Deleting your dating profile will erase (most of) your personal information on the dating platform in question. As a result, it will be much more difficult for others to abuse your personal information.
CYBER criminals will be looking to exploit shoppers during the Black Friday and Cyber Monday sales – an expert from cyber security firm CSS Assure has warned.
With UK consumers planning to spend an estimated £5.6bn on Black Friday (24 November) and Cyber Monday (27 November) purchases this year, Charlotte Riley, director of information security at technology at CSS Assure, said bargain hunters lowering their guards during the rush to bag the best deals are at greater risk of malicious threats.
Charlotte said: “In the run-up to and during Black Friday and Cyber Monday, many outlets will run promotional offers to encourage spending. This is a potentially lucrative time of year for cyber criminals as they know shoppers are less vigilant as they rush to snap up the best deals.
“Cyber criminals will no doubt be looking to take advantage of the vast amount of transactions taking place and the financial information being shared as a result. There is also an increase in promotional email traffic, which makes it hard to differentiate the real bargains from scams – presenting a heightened risk of phishing attacks.
“With this in mind, it is important consumers take steps to protect themselves and their families during two of the biggest shopping days of the year.”
Password management
“Firstly, shoppers should think about the last time they changed their passwords, especially on important accounts. If their passwords are dated then strongly consider changing them, and, if possible, use a password management solution to ensure they are unique and appropriately complex.
“While this is a faff, it is the single greatest defence you can make to protect yourself against a cyber attack and will instantly make you much safer online. Adding an extra layer of security like two-factor authentication can prevent unauthorised access even if someone gets hold of your password.
“Currently, there are millions of emails and passwords for sale on the dark web, which have been breached by companies that have not protected people’s personal data sufficiently. Cyber criminals can buy this data for minimal amounts of money and gain access to your emails.
“They will look for social media accounts and online high street accounts and test your combination to gain access. From this, they can gather more personal data until they have enough to conduct identity theft, which could result in credit being taken out in your name or using your saved payment cards to make online purchases, for example.”
Personal data breach identification
“It is a good idea to understand whether your data has been breached so you can put in place other necessary measures to protect yourself. To do this you can use a free service provided by Have I Been Pwned. All you need to do is enter your email address and the site will tell you whether it is associated with a breach and if so, what other data has been stolen.
“If you have been breached, it is even more important that you change your password to break the chain. Next, you need to understand whether you have been entered into any spambots – as the name suggests, these are bots that send spam to you.
“While some spam is laughable, others are highly credible. If you’re rushing, there’s a higher change you will click a link in a spam email, which could execute malware or ransomware on your device.
“A blended strategy is best for rectifying and avoiding your exposure to spam – and, in turn, the chances of clicking on a malicious link.
“Start by enabling and customising your email provider’s spam filters to automatically detect and redirect suspicious emails to the spam folder. These settings – as well as your security and privacy options – should also be regularly reviewed or adjusted. Unsubscribe from unwanted newsletters or promotional emails, and make spam emails as junk within your email platform.
“Some email services offer the option to create disposable or temporary email addresses for specific purposes. This way if the address gets compromised or spammed, you can easily discard it without affecting your primary email. You should also be cautious about sharing your email address on public forums, social media, or unfamiliar websites to minimise exposure to potential spammers.
“While these may seem to be arduous tasks, they are effective and vital ways to protect yourself.”
Check your anti-virus protection
“Finally, make sure your anti-virus protection is installed, activated with a valid licence and updated. While free anti-virus software is available, in life you get what you pay for and it may not protect you sufficiently. Competition to provide the best anti-virus changes year on year between the main vendors as they achieve technology breakthroughs in response to the evolution in cyber threats.
“The best thing to do is check reputable tech websites for reviews of the best current anti-virus software. We recommend buying a one-year licence, and then when it comes to renew, assess which company has moved to the forefront of anti-malware protection. There will always be new customer deals to be had.”
Edinburgh Napier project LastingAsset has been awarded £220k
An Edinburgh Napier University cyber project has been backed by new funding to explore ways of combatting phone-based impersonation and imposter scams – which cause substantial financial losses, privacy breaches and distress to people around the world.
LastingAsset, which began as a crypto asset security concept, has secured £200,000 in funding from Scottish Enterprise’s High Growth Spinout Programme and £20,000 from The Data Lab.
The LastingAsset team at ENU’s School of Computing, Engineering and the Built Environment (SCEBE) will now use the technology behind that original idea and spend the next year working with pilot customers to refine their anti-fraud product, before taking it to market.
Among other privacy features, it uses encryption technology to prevent rogue actors from impersonating an organisation’s phone number to dupe victims.
According to the UK Government’s latest fraud strategy, unsuspecting individuals and organisations lost £2.35bn through fraud in 2021, with the banking and finance industry losing £1.3bn.
Project leader Dr Zakwan Jaroucheh said: “Our research team were initially working on a custodial solution for crypto assets. While this remains a problem that needs addressing, we wanted to provide a solution to a more pressing societal challenge. This is when we pivoted to using the same underlying technologies to address the problem of impersonation phone call scams.
“In today’s modern digital world, businesses often find themselves unable to effectively protect their customers from cyber fraud, which tarnishes their reputation and their ability to use the voice calls effectively.
“The LastingAsset solution uses blockchain and homomorphic encryption technologies to effectively combat phone number spoofing, voice-based impersonation and cloning scams, without requiring the organisation to build a new security infrastructure.
“With this, any organisation that communicates with their customers by voice can assure customers that they are speaking with a genuine representative and not a scammer.”
Nanik Ramchandani of Imagine Ventures, who leads the project’s commercial team, said:“We are beginning trials with two pilot customers and opening our waiting list for additional pilots.
“It is going to be an incredibly exciting and rewarding journey over the coming months, as we translate our proof of concept and vision into a valuable offering to clients and stop scammers from defrauding fellow citizens.”
Recently named one of the top 10 universities in the UK for spin-out activity, ENU has supported the creation of many cyber spin-out businesses over the last 10 years, including Cyacomb, MemCrypt, Symphonic Software and ZoneFox. Four years ago, the university created the first identity lab in the world, the Blockpass ID Lab, which has focused on creating more trustworthy systems.
Supporting LastingAsset’s progression from research project to a spin-out business is ENU’s Professor Bill Buchanan, alongside Dr Cathy Higginson, Business Development and Relationship Manager at the University’s Research, Innovation and Enterprise department.
This latest funding received from Scottish Enterprise and The Data Lab will help the LastingAsset project team to integrate their solution with multiple early pilot customers.
Over the next eight to 12 months, they expect to work with more than 30 initial pilot customers in securing their voice communication. This process will allow the team to refine the architecture of their product; test their solution and increase its credibility. At the end of this period, they anticipate product-market fit and the ability to rapidly scale their offering.
Leah Pape, Head of High Growth Services at Scottish Enterprise, said: “Edinburgh Napier University has an enviable track record of producing companies whose products and platforms direct cutting-edge technological advancements into efforts to combat increasingly sophisticated fraudsters.
“Our grant builds on the funding and advice provided previously to LastingAsset at its earliest stages and underlines Scottish Enterprise’s commitment to supporting the development of the high-growth industries of the future.”
The Data Lab, Scotland’s innovation centre for data and AI, also recently funded £20k to help LastingAsset develop their proof of concept.
Brian Hills, CEO of The Data Lab, said:“Online scamming can have devastating impacts on unsuspecting victims’ finances and mental wellbeing, with recent advances in AI exacerbating the problem.
“Preventing people from falling victim to these crimes in the first place is key. The Data Lab were delighted to support the LastingAsset team at Edinburgh Napier University to develop their groundbreaking technology further to tackle online scamming and reduce the number of victims and financial losses.”
Dodge online banking fraudsters with these 12 cybersecurity tips
A recent Which? study tested the security of 13 of the UK’s most popular online banking sites between September and November 2022. The study found that Virgin Money, TSB and Nationwide were the worst at protecting their customers from online scammers.
With so many well known banking sites falling short when it comes to blocking fraudsters, cybersecurity experts at VPNOverview have compiled a list of 12 safety tips to keep your money safe from malware and phishing scams.
What are the possible dangers of online banking?
Financially motivated cybercrime, using malware and phishing, is growing at a rapid pace. In fact, by 2023, the number of internet users is set to increase by 275%, creating more targets for online banking fraudsters. Banks worldwide are doing all they can to protect their customers from banking fraud by raising awareness and utilising new technology to make online banking safer.
Malware
Cybercriminals can use malware like spyware to break into your phone or computer and potentially steal your banking details. Cybercriminals can use a keylogger to track your keystrokes and steal your banking login details as you are typing them. In the worst-case scenario, a hacker can infect your computer with a virus, allowing them to gain total control of your computer and possibly transfer your money straight into their account.
Phishing
Phishing is where a cybercriminal attempts to obtain someone’s sensitive information by pretending to be a party this person trusts, such as a bank. This imposter would contact the victim via email or phone to trick them into surrendering login information. The scammer will often produce a plausible reason why they are asking for this sensitive information. It is essential to stay vigilant and remember: it is highly unlikely that your bank will ask you for login details, PIN codes or confidential information.
12 online banking safety tips
1. Be wary of transfers: Only transfer money to parties you trust. Money transfers cannot usually be reversed without the explicit permission of the receiving party.
2. Use a unique password and login details: Make sure your banking login details are different from your other online portals or services; it is much safer to have a different password for your bank if a hacker gains access to your device. The most secure password you can create will be at least ten characters long, containing a minimum of one uppercase letter, one lowercase letter, one number, and one symbol. It would be best if you considered changing your password to a new unique password every six months.
3. Keep login details safe: Do not give your online banking login details to anyone. If you receive a phone call or an email asking for you to enter your banking login details, sensitive information or PIN codes, this could be a phishing scam.
4. Use fingerprint and face ID: Make use of the newest technology when it comes to signing into your online banking apps. Using a fingerprint or Face ID login is much safer than the traditional username and password. Another security measure to consider is using two-factor authentication, essentially providing two methods of logging in to ensure that the right person is logging in.
5. Update apps: Ensure your device’s operating system is up-to-date. The same goes for your online banking app if you use one. The best practice is to configure your settings to update all updates automatically.
6. Never click on suspicious hyperlinks: If you receive an email or a text from a number or address you don’t recognise that contains a hyperlink, don’t click on it. Do not download any files they may contain.
7. Be wary of suspicious emails: Cybercriminals may send you a convincing-looking email with your bank’s logo and a professional-looking layout. If this email asks for sensitive information, including your password, login details or PIN code, delete this email.
8. Check HTTPS connection: Always ensure the website you visit has a secure HTTPS connection before you log in to your online banking account. Many browsers, such as Google Chrome, Mozilla Firefox and Internet Explorer, show whether your connection to a certain website is secure. Some of these browsers may display a padlock symbol inside the address bar indicating the safety of a website’s connection. If not, you can check the URL:
If the URL you visit contains “https://”, this is secure as the ‘s’ stands for secure. If you see “http://” the connection isn’t secure. You may have to click on the URL in the search bar to see the “https://” appear. If the connection isn’t secure, do not share any personal details with that page.
9. Install antivirus software: Install antivirus software on your device to protect yourself from malware and viruses. The best antivirus programs will offer a built-in firewall, essentially a network security device that provides a barrier between a trusted network and an untrusted network.
10. Be wary of phishing: If you suspect you have come across a potential phishing email or call that claims to have been sent by your bank, contact your bank immediately to notify them. If they do not know about this request, you were likely almost a victim of a phishing scam.
11. Check your banking app frequently: Frequently check your online bank for peculiar activities and alert your bank of any transactions that you don’t recognise.
12. Trust your gut: Ultimately, if something doesn’t feel quite right as you’re transferring a payment or entering sensitive details, trust your gut and don’t continue.
A spokesperson from VPNOverview commented: “Although banks around the world are working hard to make online banking as safe as possible, it is still a good idea to take some safety measures yourself when managing your finances.
“By taking charge of your own online safety, you can prove to your bank that you are not negligent and are more likely to be reimbursed by your bank if something bad happens. By following these tips to protect yourself while online banking, managing, paying and receiving money will become a lot safer.”
On Valentine’s Day, words like “Valentine,” “chocolate,” and “date” are the perfect camouflage to entice potential victims into clicking on a malicious link, downloading malware, or saying “Yes” to a date with a shady online character. Cybersecurity experts at VPNOverview warn of potential Valentine’s Day scams and how to prevent them.
Types of Valentine’s Day scams
Seasonally themed online scams are not uncommon. Black Friday, Cyber Monday, and Christmas are notorious for ramping up cyber criminals’ efforts to lure people with money to spend or romantics with a soft heart into their online traps. Valentine’s Day especially makes people more susceptible than usual.
Cyber-related Valentine scams range from:
Romance scams
Malicious malware to spoofing websites.
Romance scams
Valentine’s Day can be exciting, but it can also lead to heartbreak, embarrassment, and financial loss. The Guardian recently revealed Victim Support data indicating a 38% increase in romance fraud victims needing support. Criminals will search dating sites, apps, chat rooms, and other social media networking sites attempting to build relationships to get your personal information or your money.
Once the scammer has established trust with their target, they quickly unveil a “money problem.” Common scam angles – and giveaways – are a sick relative, a medical emergency, a stolen wallet, passport or visa, or a last-minute plane ticket price hike, asking the victim to cough up the money to cover replacement or the unexpected expense.
Unfortunately, most victims of romance scams or catphishing are hesitant to report being taken advantage of due to embarrassment, shame, or humiliation. Nonetheless, it is essential to report online scams to the platform you are using and file a complaint with the relevant authorities in your country of residence.
Valentine’s Day malware
In the lead-up to Valentine’s Day, cybersecurity company Kaspersky analysed malware using the names of over 20 popular dating apps. The keyword “dating” alone revealed 1,963 unique malicious files disguised as legitimate applications. Two-thirds were masked as Tinder, and one-third of the files were linked to Badoo.
“The danger these malicious files present varies from file to file, ranging from Trojans that can download other malware to ones that send expensive SMS messages to adware, making it likely that every ping a user gets is some sort of annoying ad notification rather than a message from a potential date,” Kaspersky explains.
For example, one of the applications that looks like Tinder is, in fact, a banking Trojan that attempts to gain all rights necessary to steal money from the user. Another application declares itself as “Settings” right after installation. Next, it shows a fake error message and disappears, but there is a high likelihood that it will return with unwanted ads a few days later.
How to avoid these scams
Criminals follow money and soft hearts. Fortunately, there are various steps users can take to avoid falling victim to Valentine’s Day online threats and scams:
When online, be as anonymous as possible. Avoid sharing personal information, shop as a guest, and use a VPN for extra privacy.
Do not install apps from untrusted sources, even if they seem to be actively advertised or “recommended.”
Get familiar with the privacy controls on dating websites or dating apps such as Tinder or Grinder.
Be aware of what you click on.
Take note of giveaways such as email spelling errors or an unfamiliar sender.
Type in a website’s URL into your browser window yourself instead of clicking through from a link you’ve received or a message that popped up on social media or in a text message.
Choose unique and strong passwords for all of your accounts.
Install the latest software, patches, and app updates. They are important to your digital safety and cybersecurity and help protect your data.
Ahead of National Computer Security Day tomorrow (November 30th), Business Gateway has announced a new webinar with Scottish Business Resilience Centre (SBRC), to empower business owners to be cyber-aware and take control of their online security.
Taking place virtually on Wednesday, 30th November at 1pm, the webinar will be hosted by Sarah Johnson, Director at Scottish growth marketing company, IndigoLeap. She will be joined by SBRC experts Mike Smith, Cyber Incident Response & Threat Intelligence Manager and Kristie Steele, Cyber Community Lead.
The hour-long session will offer insights on the security landscape in Scotland, outlining how to recognise potential threats and what to do to ensure businesses are secure. The panel will explore the most common threats currently online, the impact of being victim to an attack and top tips for monitoring digital channels.
He approached Business Gateway in spring 2022 for help with search engine optimisation (SEO), after identifying a drop in website traffic and enquiries. He received 1:1 support from an expert consultant via Business Gateway’s Digital Boost programme, where it was discovered that the Celsius website had been hacked.
Although there was no breach in data, the website, which had previously hosted approximately 40 pages, now had over 10,000 pages on the website URL, meaning Google deemed it untrustworthy reducing its visibility to potential customers.
In addition to the webinar, Business Gateway also offers cyber resilience toolkits and an online tutorial which provides the basics to cyber security, building business resilience, and signposts tips on how to avoid data breaches.
Mike Smith, Cyber Incident Response & Threat Intelligence Manager, SBRC, said:“For many small businesses across Scotland, protecting their business from cyber-attacks may not be a priority due to expertise or resource.
“However, being cyber aware is crucial for all businesses, and it is important that steps are taken to safeguard all types of data against loss.”
“We hope that this webinar provides a valuable platform to understand how cyber-attacks can occur, and why it is so important for businesses to protect their business in the current climate.”
Michael Cairns, Director at Celsius Plumbing, said: “After operating without a website for a number of years, we spent the last two years building our digital channels and could not understand why we were experiencing issues.
“We had worked with Business Gateway in the past, so it was our first port of call. Our DigitalBoost consultant, John Taylor, went above and beyond for us in identifying our issue and in helping us rectify it.
“We had placed a lot of trust in our web developers, but John helped us access our website and helped us understand the importance of Google Search Console, which we now know is vitally important to our online presence as it identifies vulnerabilities to our website.
“We are still slowly recovering our online presence; it has been a very long process and I would urge any business owner to familiarise themselves with online security to reduce their chances of becoming victims themselves.”
Business Gateway also works closely with Police Scotland’s Cybercrime Harm Prevention team, ensuring its service and advice reflect expert insights.
The following tips and strategies have been identified by Gordy Macdonald, Cybercrime Protection, Incident Support and Training Officer at Police Scotland, as a checklist for Scottish businesses this National Computer Security Day.
Five practical tips to avoid a cyber attack:
Equip your staff with knowledge on how to identify Phishing attacks. Ensure staff are able to identify suspicious emails and are empowered to deal with these situations.
Ensure your software is up to date. Allsoftware must be up-to-date, and all devices must be protected with the most up-to-date operating version from its iSP.
Apply for Cyber Essentials certification. This Government back scheme will help protect your business against a range of cyber attacks.
Install authentication methods to all systems and devices. Utilise2sv or Multi Factor Authentication (MFA) for all devices and online accounts to provide protection from unwarranted access.
Frequently Back up your Data. Ransomware is the most prolific means used by Cyber criminals, by backing up data systems can be reset and resume more easily.
To find out more on how Business Gateway can help your business, visit:
Cyber security expert explains how to bolster your defences
Worried about cyber warfare? You’re not alone. With the threat of imminent attack from overseas malware and state-sponsored hacks increasing, the National Cyber Security Centre (NCSC) is calling for UK businesses of all sizes to “strengthen their cyber resilience” in response to the ongoing situation in Ukraine.
But what does cyber resilience mean, and what actionable steps can businesses take to bolster their defences? Anthony Green, CTO and cyber security expert at FoxTech, discusses:
“Intelligence suggests that cyber warfare will target critical infrastructure such as hospitals, schools, and energy supply chains. However, the real risk for the majority of businesses is collateral damage, and it’s never been more necessary for UK services and businesses to make cyber resilience an urgent priority.
“The goal of cyber resiliency actions is to give your organisation the best chance of preventing an attack and making a quick recovery if it does happen. Many organisations don’t even have basic cyber hygiene controls in place, which means that cyber education is vital and could have a potentially huge impact on the UK’s overall resiliency to cyber threats.”
FoxTech has provided its guide to the practical steps that businesses can take from today to strengthen their cybersecurity defences:
Stay informed
Can your IT strategy be summed up with the phrase ‘ignorance is bliss’? Businesses who are not fully aware of the extent of the threat and the actions they need to take will be the most vulnerable to attack. So, it’s vital to get informed.
As part of the Government Communications Headquarters (GCHQ), the NCSC website is frequently updated with the latest guidance, making it one of the best resources for UK businesses to get accurate, up-to-date advice to protect their IT ecosystem from attack. Brief your wider team on the heightened threat to ensure that your whole organisation is on board with the further security actions you may need to take.
Protect your devices
It’s vital to protect all devices that connect to your network, including those that are used remotely.
Ideally, make sure your employees are using company devices. If you do not provide company devices, ensure that all personal devices that connect to your network are secured
Ask employees not to conduct personal business on their company device
Ensure that all users’ laptops, desktops, and mobile devices have been tested and patched (patching is a process that repairs security vulnerabilities)
Turn on automatic updates and always install new updates as soon as possible
Practise password security
User accounts are a common entry point for attackers – make sure yours are not an easy target.
Install two factor authentication
Disable frequent password updates that encourage employees to write down their password as a reminder
Protect against password spraying by ensuring users choose uncommon passwords. The NCSC guidance recommends disabling complexity requirements which encourage password re-use, and instead use three random words, such as phoneradiuswhile or yelljamdistance
Secure your third-party software
All your third-party software needs to be secured and any vulnerabilities should be patched. If you don’t have the expertise to do this in-house, it is highly recommended that you consult cyber security experts who can conduct vulnerability scanning and implement remedial measures for you.
Check that any third-party software such as browsers, office productivity suites, firmware and cloud-based services are patched
Make sure your firewall, endpoint security and anti-virus is properly installed and correctly configured (if it’s configured incorrectly then you may not be protected)
Review what you’re showing the internet
It’s essential to review all your internet-facing data, as you might be displaying more than you realise.
Get a low-cost or free attack surface map to discover what you have exposed to the internet
Get an expert to conduct vulnerability scanning on your internet-connected services and patch any vulnerabilities
Secure your domain registration data by implementing a strong password on your registry account
Protect against phishing
Phishing emails are by far the most common form of attack, with 83% of UK businesses experiencing a phishing attempt every week.
Take advantage of the NCSC’s free cyber security training which has a useful module on spotting and reporting phishing emails – remember that employees are the first line of defence against phishing attempts
Instil a ‘no blame’ culture to encourage employees to report when they suspect they have clicked a phishing email
Only allow necessary access
Restrict access to your systems to only those who need it and ensure that all access is secured.
Delete any inactive accounts
Check your administrative access and ensure that only those who need to are enabled to access the network to make changes
Anyone not authorised to make changes should be set to view-only
Implement strong multi-factor authentication to all administrative accounts
Get a handle on any third-party organisations who have access to your IT estate. Understand what they do, who is allowed access and what privileges they have. Remove any access that is no longer required
Create an incident response plan
If the worst does happen, you need to have a comprehensive incident response plan in place. Only 31% of companies have an agreedcyber attack response plan set up, so this step will be an urgent action for many businesses.
If you don’t have a cyber security incident response plan, see the NCSC’s guidance on creating one
If you do have a plan in place, ensure all information (especially contact details) are correct
Make sure that your plan details who has the authority to make decisions, and what will happen if the attack occurs out of office hours
Ensure your plan includes information on how you will communicate if your normal systems are down
Make sure data is regularly and securely backed up in a safe place that is unconnected to your network
Contact cybersecurity consultants
If you don’t have cyber security expertise in-house, then consulting a cybersecurity expert can help you implement the steps above. They can also carry out more advanced actions to find and fix any other vulnerabilities that are particular to your organisation.
Get an expert security assessment to scan for any remaining vulnerabilities in your network, programmes, and cloud-based services
Join a security operations centre, which can constantly monitor your system and analyse any abnormalities against the latest threat intelligence to identify and block breaches before the attacker is able to steal anything.
Undergo penetration testing (also known as ethical hacking) to understand how an attacker is likely to gain access
Get a free CyberRisk score from FoxTech (it operates like a credit score for your cyber security) to get an immediate indication of your security posture.
The consequences of falling victim to a cyber attack can be dire, so in the current threat landscape, cyber security should be at the forefront of any business’ strategy for 2022.
Cyber crime is on the increase. Since the onset of the COVID-19 pandemic, cyber attacks on businesses have surged, and a UK Government survey found that a shocking 39% of businesses came under attack in the first quarter of 2021.
Even more worryingly, attackers are starting to move away from large corporations to focus on small businesses, which are seen as softer targets, but in many cases find it more difficult to recover from an attack.
With cyber attacks on the rise, many executives ramped up their cybersecurity spending in 2021. However, research by cyber security specialists FoxTech has found that numerous industries are still at a significant risk of cyber attack.
CTO of FoxTech Anthony Green explains why:“Unfortunately, money spent on cybersecurity is not always spent in the right places, due to a lack of knowledge around the issue. This has left many companies who have invested in security measures, still vulnerable to attack.”
To help combat the problem, FoxTech has put together a guide to the top three cybersecurity problems they see in the companies they work with:
Buying products and forgetting the people to run them
Many business owners believe that the best ways to protect themselves against cyber attack is to buy and install the latest security products. However, far from offering infallible protection from cybercrime and malware, products such as endpoint detection, firewalls, and anti-virus software should be thought of as tools which can be utilised by your security team, rather than an end in themselves.
Anthony explains: “You can have the best cybersecurity and compliance products money can buy, but without the staff and expertise to run them you’re wasting your money.”
With Cyber Security specialists in high demand, it is not practical for the typical SME to have this expertise in-house – which is often why they are drawn to expensive cybersecurity products, when they could significantly improve their security using the basic products they already have, if only they had the skills and knowledge to configure them appropriately.
The UK DCMS 2021 report found that while 83% of UK Companies have up to date anti-malware software, only 29% have all the NCSC’s recommended “Cyber Essentials” in place to protect themselves from the attacks every organisation faces. Most commonly missing are simple things like installing software updates and securely configuring laptops.
Many UK small and medium sized businesses could make significant improvements to the security of their system by engaging a cybersecurity firm as a trusted advisor, rather than relying solely on expensive software. Getting an expert on side can help companies discover where their current security controls are lacking, and develop the tools and business processes to put them right.
Lack of education around email protection
Email is the number one initial attack point for malicious cyber activity. Every company uses email, and many do not have sufficient email security set up, meaning attackers can easily gain access and send phishing emails, with the intent to steal your company’s information and carry out further attacks via ransomware, trojan horse installation or credential theft.
Alarmingly, only a single employee has to fall for a phishing email for an attacker to gain access to your company’s email.
It is therefore essential for every business to take simple steps to reduce the risk of phishing and business email compromise:
Security Awareness Training for staff Two Factor Authentication on email accounts Secure configuration of your email service
Only 14% of UK companies perform security awareness training even though the NCSC provides free security awareness training available here: https://www.ncsc.gov.uk/training/top-tips-for-staff-scorm-v2/scormcontent/index.html
What if a malicious email still gets through? Anthony provides some reassurance: “If one of your employees falls for a phishing attempt, there is still time to avoid significant financial damage.
Email accounts are often compromised weeks or months before the damage is done – with compromised accounts being traded on the black markets to the highest bidder who can monetise your account through ransomware, or impersonate your CEO to redirect a large payment.
Careful monitoring by cyber security experts can stop the kill chain before the final payload is delivered – turning what could be a major disaster into just a minor incident.”
Not knowing your company’s vulnerabilities
Of all the threats to the cybersecurity of businesses, the biggest is a lack of knowledge about vulnerabilities in their systems. “It’s not that businesses don’t take their cybersecurity seriously” says Anthony, “but that they don’t realise their current strategy is inadequate, until it is too late.”
One of the only ways to learn exactly where the weaknesses are in your system (places where hackers could gain a foothold) is to get a cyber security assessment done by an independent cybersecurity specialist, who can scan for the same weaknesses that hackers are looking for.
Identifying where you are vulnerable, before implementing a strategy to secure your IT systems, process and procedures from attack is the most reliable way to protect your business as we go into 2022.
