It’s been an interesting week at Intelect HQ, it seems the ’phisher’men (and women) have been really busy. Taking advantage of impending holidays and the fact that we might be taking our eye off the proverbial ball maybe?
Earlier in the week I was asked for a view regarding an email that had arrived in a corporate mailbox and had aroused some suspicions. Allegedly a security company, they were conducting screening of a previous employee. As it turned out the email was genuine but what astounded me was the level of personal detail contained in the attachment about the subject of the screening, full name, date of birth and national insurance number no less.
Then came the ‘click’ on this SharePoint link from a contact of mine. Whilst a personal email account it had all the details from a business email, telephone numbers and disclaimer in the footer. Potentially quite a sophisticated phishing attempt.
And finally, the age-old demand for payment, ‘pay now or else’, arrived for me from a business contact of many years ago Needless to say that was ignored like the SharePoint link. I’ve not even looked at my Spam yet, but these types of emails show no sign of abating and are becoming ever more convincing. Do we continue to wring our hands and just accept it, or are there things we can do? As I remember from my years in the police service, there are always things we can do, let’s start doing the basics.
We all have responsibilities when using technology. Here’s an example, yesterday I was in a shared space and the owner of a laptop walked out leaving their device unlocked and unattended with their email account on full display. I could have had a field day. Like the sheer volumes of personal information put up on social networks, this is like shooting ducks in a barrel.
We are making Cybercrime far too easy for the criminal. So here are a few suggestions.
- If you manage a company, please stop sending out other people’s personal information by insecure email! It is the equivalent of putting a postcard in the post box. For the security company concerned, you really should know better.
- If you manage a company, please stop asking for people to send you their personal information by insecure email! I have lost count of the number of times I have been asked to send scans of my passport, utility bills, driving licence etc. No, I just won’t.
- And for the rest of us let’s start adopting some of the fundamentals of cyber security. Use long and strong passwords, do not hook up to Wi-Fi in public areas unless absolutely necessary and never for online banking. Don’t over share on social media and never leave your device unattended or unlocked. I could go on.
Crime has evolved, and it will continue to evolve, those with malicious intent will always seek out ways of tricking us out of our money and possessions. Like burglary, like car crime, like robbery we all have a duty to be more aware, because it is a simple fact that the police and other agencies do not have the resources to respond to everything.
Cybercrime is massive, be suspicious, be alert, educate your staff. Please don’t make it easy for criminals, we are never going to completely eradicate crime but let’s start doing the basics, prevention works.
Footnote; I offer in house, bespoke business cyber-crime prevention workshops. If you think your staff would benefit, please get in touch.