Metropolitan Networks strives to keep clients and subscribers up to date on the latest cyber threats. Cybercrime is on the rise, so it’s imperative to educate ourselves and others around us to stay clear of possible pitfalls. If you have any questions about cyber security or improving your network please contact us: firstname.lastname@example.org | 01689 836 223 | met-networks.com. If you’d like to stay informed sign up to our newsletter.
Latest Cyber Security Threats
An unconfirmed number of customers have fallen victim to an Amazon scam in which they are falsely sold products (usually high-end electronics), but when prompted to pay they are redirected to another site and are asked to pay the amount into a foreign bank account. And because the transactions are not done through Amazon pay methods, Amazon refuses to reimburse the victims, some who have lost more than £3000.
- Treat high-end products sold on the cheap as suspicious
- Never pay for a product via a foreign bank account, as a reputable Amazon reseller would collect payment via Amazon.
There are have been a number of reports of ATM scams in which cards are stolen with a device commonly known as a Lebanese Loop, which is a strip of metal or plastic attached to a dummy slot that obstructs the card slot (image below). The machine will ask for the pin and as the victim input the digits they are captured by someone standing close by or with a micro camera. The pin won’t register because the machine can’t read the card making the victim think that their card has been swallowed by the machine. Once they’ve gone, the scammer returns and retrieves the card to be reused or cloned.
- Inspect the machine before inserting your card
- Check the card slot for any removable parts
- Check the area above and around the keypad for any unusual looking panels that may contain a small camera
- Always cover your hand when entering your pin code
- Report any suspicious looking machines to the police
Two-Pronged Ransomware Attack:
This scam could be applied to any organisation but has been directed at schools. Schools receive a cold call from ‘the Department of Education’ requesting the email address of the headmaster followed up with an email containing an attachment laced with ransomware. Once the attachment is opened the malware encrypts all of the data on the network and demands payment of (up to) £8,000 for the decryption key. The school or organisation’s only recourse is to pay the fraudsters or revert to a backup.
- Treat every call and email with suspicion. It will never hurt to take a moment and verify the source of a call or email.
- Always have current backups of your systems (there are a number of methods to use which vary in price and reliability depending on your needs.)
Bank customers on Twitter have fallen victim to fraudsters when complaining about the failed services of their bank. The scammers lie in wait of complaints against banks then messages the customer from a dummy account which looks almost identical to the bank’s social media account. The victim follows an attached linked to a fake site, enters their login details which are immediately captured and used to drain the account.
- Be careful what you post on social media
- Verify the identity of who you are talking to, compare their handle to the one used by the bank
- Rather than clicking on links, type in the name of the site directly
Recent Phishing Scams
Britain is being targeted by scammers with a convincing email claiming that HMRC owes them tax returns but that they must first open a ‘government gateway account’ to receive their refund. They are then prompted to input their payment details which are then used to drain the account and/or open credit card accounts in the victim’s name. The subject of the email used is: ‘#Refund Payment Confirmation Number’ followed by an 11-digit number.
Instead of clicking on a link when inputting financial information go to the site directly.
- Instead of clicking on a link when inputting financial information go to the site directly.
- If you are in any doubt of the authenticity of an email, contact the company/organisation using the number found on their official site and not through a link.
The body of the email looks like:
Speeding Ticket Scam:
People all over the UK have been receiving emails claiming that they have been caught speeding and must pay the fines. They are given a link which contains ‘photographic evidence’ of their offense and when clicked Trojan malware is downloaded onto their computer which logs their movements and steals their personal/financial information.
- Speeding violations are never sent via email, but by post to the address where the car is registered.
- Never click on links of unsolicited emails, go to the site directly.
Gmail users are receiving convincing looking emails from one of their contacts (who had already been hacked) prompting them to click on a file that looks like attachment but is actually a link that prompts users to input their login details giving the hackers access to their entire Google profile.
- Double check URL if you are prompted to enter in your password.
- Use two-factor authentication, if your data is captured it cannot be used.
Users have been receiving emails from ‘Netflix’ prompting them to ‘update’ their account details by clicking on a link and inputting their information including banking details into an authentic-looking Netflix website, they are then directed to the legitimate Netflix homepage.
- Go to site directly rather than using a link in an e-mail
- Be aware that Netflix will never ask for your billing information once your account is already set up.
For more information on security or how to improve your network, contact us: email@example.com | 01689 836 223 | met-networks.com