Debenhams customers have been put on alert about a scam e-mail which could leave users at risk of having sensitive information stolen. Customers are being targeted by scammers who are sending out an authentic looking e-mail as part of an elaborate phishing con. A phishing scam is designed to trick unsuspecting people into handing over personal information or downloading malware onto their computer.
Action Fraud UK described the fake Debenhams e-receipt as the most convincing phishing email they’ve ever seen. A spokesperson said ‘Fraudsters have created an exact replica of a real e-receipt , but you’ll notice they’re sent from personal email addresses and not Debenhams.
Action Fraud have issued advice to people to help them spot phishing scams –
- their spelling, grammar, graphic design or image quality is poor quality
- they may use odd ‘spe11ings’ or ‘cApiTals’ in the email subject to fool your spam filter
- if they know your email address but not your name, it’ll begin with something like ‘To our valued customer’, or ‘Dear…..’ followed by your email address
- The website or email address doesn’t look right, authentic website addresses are usually short and don’t use irrelevant words or phrases
- Businesses and organisations don’t use web-based addresses such as Gmail or Yahoo
- Money’s been taken from your account, or there are withdrawals or purchases on your bank statement that you don’t remember making
Chamber News (22nd January 18)
Apple Chief Executive Tim Cook has said he does not want his nephew to be on a social network. His comments come after more and more people are voicing their concerns about Facebook, Twitter and You Tube.
Speaking at a coding-related event at Harlow College in Essex, Mr Cook, who does not have a son, said he would put boundaries in place and would not want him on a social network.
Ofcom reported under-age use of social media was on the increase – prompting the NSPCC charity to accuse Facebook, Instagram and Snapchat of ‘turning a blind eye’ to the problem. Social networks have also been accused of allowing their platforms to be manipulated by ‘fake news’ and propaganda.
Two of Facebook’s executives have acknowledged issues with their service. Elliot Schrage, public policy chief, said ‘ We have over-invested in building new experiences and under-invested in preventing abuses’. Facebook’s civic engagement product manager, Samidh Chakrabarti, has also blogged that social media companies in general need to be more aware about the influence they wield. ‘If there’s one fundamental truth about social media’s impact on democracy, it’s that it amplifies human intent – both good and bad,’ he said. ‘I wish I could guarantee that the positives are destined to outweigh the negatives, but I can’t. That’s why we have a moral duty to understand how these technologies are being used.’
Robert Kyncl, You Tube’s chief business officer, has said that he does not believe that the service should be regulated by third parties. ‘We’re not content creators, we’re a platform that distributes the content.’
Social media companies also face growing criticism that their products are addictive in nature. The recently created Time Well Spent campaign group said ‘What’s best for capturing our attention isn’t best for our wellbeing,’ they also went on to say that platforms would not change unless made to do so.
www.bbc.co.uk/technews (23rd January 18)
A new strain of ransomware, named ‘Bad Rabbit’ has been found spreading in Russia and the Ukraine. The malware has affected systems at three Russian websites, an airport in Ukraine and an underground railway in the capital city of Kiev.
Bad Rabbit bears similarities to the WannaCry and Petya outbreaks earlier this year. It is not yet known just how far this malware will be able to spread. US officials said they had received multiple reports of Bad Rabbit ransomware infections in many countries (such as Turkey and Germany) around the world.
The US computer emergency readiness team said it “discourages individuals and organisations from paying the ransom, as this does not guarantee that access will be restored”.
A privately owned Russian news agency, Interfax, was particularly hit hard. Its website displayed the ‘our service is temporary unavailable’ message for over twenty-four hours.
On the morning of 25 October, it transpired that Russian banks had also been targeted but, luckily, were not compromised.
Bad Rabbit encrypts the contents of a computer and asks for a payment – in this case 0.05 bitcoins, or about $280 (£213).
Cyber-security firms, including Russia-based Kaspersky, have said they are monitoring the attack.
www.bbc.co.uk/technews (25th October 17)
The Norwegian Consumer Council (NCC) has warned that some smartwatches designed for children have security flaws that make them susceptible to hackers. Watches from brands including Gator and GPS were tested and it was discovered that attackers could track, eavesdrop or even communicate with the users. The smartwatches serve as basic smartphones, allowing parents to communicate with their children as well as track their location. Some of the watches include an SOS feature that allows the child to instantly call their parents.
The NCC said it was concerned that Gator and GPS kid’s watches transmitted and stored data without encryption. This means that strangers could track children as they moved, or could make a child appear to be in a completely different location.
Consumer rights watchdog Which? criticised the watches and said that parents would be shocked if they knew the risks. ‘Safety and security should be the absolute priority – if that cannot be guaranteed then the products should not be sold,’ said spokeswoman Alex Neill.
As a precautionary measure, John Lewis has withdrawn one of the named smartwatch models from sale in response and is waiting for further advice and reassurance from the supplier.
GPS for Kids said it had resolved the security flaws for new watches and that existing customers were being offered an upgrade.
The UK distributor of the Gator watch said it had moved its data to a new encrypted server and was developing a new, more secure app for customers.
www.bbc.co.uk (19th October 17)
Belgian researchers have discovered a major weakness in the security protocol WPA2 – used to protect the vast majority of Wi-Fi connections.
Mathy Vanhoef, a security expert at KU Leuven University in Belgium, discovered the flaw and published details to highlight the problems. ‘Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted,’ he said. ‘This can be used to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on.’
Depending on the network configuration, it is also possible to inject and manipulate data. Any attackers may well be able to inject ransomware or other malware into websites.
Britain’s National Cyber Security Centre is looking into the matter. ‘Research has been published into potential global weaknesses to Wi-Fii systems. The attacker would have to be physically close to the target and the potential weaknesses would not not compromise connections to secure websites, such as Wi-Fi safety, device management and browser security.
www.the guardian/technews.co.uk (17th October 18)
If you have a device that uses public Wi-Fi, you are at a higher risk. Shopping centres, airports, hotels, public transport, coffee shops, and restaurants all see hundreds of people connecting to the same Wi-Fi access points. It is a prime hunting ground for anyone trying to intercept personal information.
The advice is to avoid public Wi-Fi at the moment whilst vendors work on patches to allow all devices to be updated. Hackers will develop software quickly to take advantage of any vulnerabilities. Therefore updating all devices is a must.
If you have any questions about the state of the security of your devices, or indeed if you have any concerns in general, please call and talk to one of our team. We will be happy to advise and help in any way we can. (adecsmaple – 024 7699 5930)