Some stats for Cambridgeshire to get us started:
- There were 142 cyber-dependent crimes in a 150-day period
- One company recorded eight DoS* attacks in a day
- Losses of £752,000 during this time
Here is a quick bullet point take-away from the conference before we delve a bit deeper:
- Cyber crime is a priority for cambs police and is as high a priority for the country as anti-terrorism
- Always report attacks to Action Fraud even if nothing is damaged/taken
- A lot of damage is preventable
We heard that without reporting of hacks and attacks, funds will not be given to fighting cyber crime as the extent of the issue would not be known.
What to do if you suspect you are a victim of cyber crime in Cambridgeshire?
As soon as you are aware…
- Phone your bank
- Report to the local police
- Keep evidence (emails, letters, phone call recordings)
- Report to Action Fraud, even if it is an attempted crime
Mandate fraud is the most prolific crime seen by cambs police. Mandate fraud is when someone is convinced to update a suppliers banking details, therefore sending funds to the wrong bank account.
How is mandate fraud carried out and what should I be aware of?
Mandate fraud will be carried out by phone, email, letters, etc. Essentially the scammers are looking to make staff believe them. This may be with an official looking letter, or by frequently calling them, building up a rapport, and then asking them to please update to our new details.
Double check account number changes, do not automatically use a contact number given on a letter and seek further authentication before responding to an email exchange (see more on two step authentication in this blog post).
The ‘ruse’
We were told about two simple ways for someone to gain access to a bank.They may pretend to be a BT engineer, or someone enquiring about a mortgage or new bank account.
So the scammer can say they are from BT, and then have access to the servers while they “do their repairs”. Alternatively, they can pretend to be applying for a mortgage and then use distraction tactics to gain access to hardware.
This is in relation to the bank itself, but can be applied to an office. If you have information stored on computers or servers, someone could still seek to gain physical access to that by pretending to be a customer or service personnel.
Impersonating a CEO:
How this works is that a scammer will send an email pretending to be the CEO. It may appear to be from the CEO’s address (or one so close they hope you won’t notice).
Even if you have payment processes in place, a request from the boss will often take precedence. If a boss asks you to expedite a payment, staff will want to help out and maybe even not want to bother their boss.
CEO spoofing relies on helpful staff not double checking, or not wanting to disturb their CEO.
Small amounts from many bank accounts
Often scammers will take a small amount from many accounts, hoping people won’t report it. Keep an eye on all transactions.
“A mobile phone without a pin is the most valuable thing you can find”
Put a pin on your mobile.
USB baiting:
Apparently thing is a thing. It is when memory sticks are deliberately left outside a business, so helpful/curious people will collect them up and plug into their computer to check the content/find an owner.
Author:
Eastpoint Software Android, iOS and Windows Mobile Apps Development Cambridge, London, UK, Chelmsford, Richmond, Surrey and Twickenham. If you have any questions and are looking for mobile app development, please give us a call on 01223 690164. Our tech team love building apps, and are keen to take on new projects. We are based in Cambridge and London, UK.
Visit us: https://www.eastpoint.co.uk/Mobile-Apps/