This is not necessarily a new scam but more cleverly designed and worded.
Click for fullscreen view
The email is urging the recipient to act FAST and sign-in with their email credentials with limited time to react, it stresses that your email account will be DISABLEDif you don’t react. Note, it is sent with a level of urgency by using UPPERCASE subject line and noting you have until the NEXT DAY. These are all techniques used by cyber-criminals to get you to react to the message. Furthermore, you note that the email is signed by the EMAIL ADMINISTRATOR and refers to MICROSOFTto further strengthen the trustworthiness of the message and encourage users to accept the email is real.
This is a targeted scam to businesses to gain access to users email accounts by using a strategy that not only targets the individual but an entire department. By sending an email to say sales@ or info@ the cyber-criminal is targeting multiple people at the same time knowing that someone in that department may actually open and react to the email.
In the past cyber-criminals would target an individual with these kinds of scams by emailing an individuals name (say tom@, dick@ or harry@), but by targeting departmental email accounts, the cyber-criminal has a greater chance of someone within that department opening the email and clicking the links or opening the attachments.
By training staff to identify scam emails like this, would dramatically reduce the threat landscape for these emails and stop your IT infrastructure from being exploited. RLS Computer Services Ltd. can deploy systems to reduce scam emails, install malware detection systems on your PC and install countermeasures and procedures to reduce any impact if a threat was executed by an employee.
The current climate in cybercrime isn’t going to change, so stop taking unnecessary risks with your data & let us keep it safe.
We have received many reports from customers who have received emails claiming that a cyber criminal has hacked their PC and gained footage from their webcam of explicit sexual acts. They threaten that unless they pay $xxxx (usually in Bitcoin currency) that they will leak this video onto the Internet and activate malware that they have installed on their PC.
Furthermore, In the email subject line you may also note that they have included a previously used password from a website that the user has accessed, this is to further strengthen your belief that this is real and solidify their attack on you.
First, we want to reassure everyone these are hoax, Phishing emails, designed to get you to part with your cash and create fear to make you engage in a knee-jerk reaction to what seems to be a terrifying attack on your privacy.
How to stay safe
Here are a few tips on what to do:
Never pay anyone in Bitcoin or react (or interact) with a scammer.
Never click a link or open an attachment to scam emails demanding a ransom.
Always use complex passwords for the sites you use, especially ones with personal identifiable and sensitive information (i.e. Social Media, Banks, Shopping Sites, etc.)
Only access sites that are secure (with the padlock and starting with https://)
Never reply to a scam email.
If you think your password has been compromised in anyway, change it.
If you have gone too far and divulged your bank or card details to a scam email or rogue website, then you must inform the bank immediately.
We at RLS Computer Services take cyber-security very seriously and don’t wish our customers to be a victim of fraud.
To help keep yourself safe from fraudsters by reducing their chances of getting hold of your information, we have put together some top tips for you.
When using Internet banking or any online service, never share One Time Passcode (OTP), passwords, security codes or any other form of security information with another person. Not even an employee of that company.
Never download software or let anyone log on to your computer or other devices remotely following or during a cold call.
Never enter your Internet banking details after clicking on a link in an email or text message.
Never follow a telephone instruction asking you to press keys on your keyboard, or run any programmes from a cold caller.
Never visit a website given to you by a cold caller, it might contain malware.
If you are ever unsure, we urge you to take your time, don’t be rushed. A genuine organisation will never rush you to take action on your account.
To illustrate the point of security and fraud please take the time to watch this witty but to the point video.
Here are my recommendations to keeping you safe online and out and about.
Use a quality anti-virus solution and keep it up to date. There is no point scrimping on security here, an anti-virus application will provide several security benefits including malware protection, firewall and browsing protection.
Always use a strong password, which is a critical factor of preventing access to your information. It doesn’t have to be overly complicated either, simply take this famous pangram “The quick brown fox jumps over the lazy dog” and ask yourself how many ways can you write just part of this sentence (i.e. “TheQuickBrownFox”, “Th3Qu1ckBr0wnF0x”, or “Th3QBF0x”)? You can use your own sentence and create your own short versions to create your password, there is literally endless possibilities and combinations.
Password protect your PC and lock it when you step away, even if you are just visiting the loo.
One of the biggest concerns most people have is with safe browsing, but what does that mean? I define it as visiting known websites or searching for information on the Internet. To safely surf the Internet you should follow these simple rules:
Never search for a website that you know the address for, always type the fully URL of the website instead of just the name. For example when visiting the BBC website don’t just type “bbc” into a search engine as you are then presented with a mountain of responses to choose from and the first one isn’t always the correct one, instead type “www.bbc.co.uk” which will take you straight to the site.
Always use bookmarks for regularly visited websites (i.e. Bank, shopping sites, etc.)
Never install browser add-ons, toolbars and extentions when you don’t know what they do, this is one of the major causes of browser hijacking to date.
Turn on Pop-up blocker to stop ads and unwanted browser activity and selectively allow only those sites who need them (i.e. your bank might sometimes pop-up a window to present your latest bank statement).
Out and About
Cyber security isn’t just about what you do at home and work on your computers, it is also about what you do when you are out shopping, visiting friends and using your mobile devices. Here are my recommendations to reducing your chances of being cyber attacked when you’re out and about.
Check that cash machines haven’t been tampered with, credit card fraud can happen if a criminal has skimmed your card directly from a machine that has been altered to read your card and capture your PIN.
Always make sure no one can see your PIN number when typing it in, this should always be observed in shops and cash machines. Don’t be afraid to ask people to step back if they are too close.
Lock you mobile devices with a PIN in case you loose it and enable track and trace.
Don’t keep PIN numbers written down and if you absolutely have to don’t keep them in the same place as your cards.
Never let your card out of your sight, even at your friendly supermarket
If someone asks to use your mobile phone in an emergency just ask for the name of the person they want to call and the number and call it yourself, only handover the handset once you are assured you are dialling a legitimate number and talking to real person.
My last piece of advice I want to share with you is this, DATA is KING, after all cyber crimes are not just about stealing your money, it’s about stealing your information and the more detailed the information the better. So we must back it up and back it up with a quality backup solution. It is admiral to watch someone backup their data to a USB pen drive or external hard drive only to then loose it or break it. If you get hit with ransomware, lose your mobile device or simply delete your data (accidentally or by malware) the chances of recovery has been increased significantly when correctly backing up your data.
The answer is not as simple as it might seem, we have already highlighted the root cause of Phishing emails and why fraudsters send them. Therefore it is highly probable using the guides in my previous blogs that someone will attempt to defraud you at some point claiming they are from HMRC.
Okay, so what to look out for:
If the email is from a legitimate source they would normally point you to the web address both visually and as a hyperlink. For example see my link above “http://www.rlscomputers.co.uk/news/?p=300″ instead of using just “How to Spot a Phishing Email” as the link. This gives you the choice to type the link in opposed to only clicking the link.
Language, if the email is written responsibly then the language would make sense. You woodn’t find bad landwich and granma from the hmrc (exaggerated example, but you get the point).
Fake images, alot of HMRC Phishing uses fake or forged images, normally grabbed from Google images. This is NOT a sign of genuine origins so ignore it.
Greed, we all like money and want more of it, however don’t succumb to emails from HMRC telling you that you have received a TAX refund / rebate. HMRC will never contact you about these via email.
These are a few of the key notes you should remember before opening, clicking, acknowledging emails from HMRC, if you follow them it will keep you safe and in the know that the emails they do send you are quite safe to open and deal with.