Cybercrime

1st October 2015

October 2015: European Cyber Security Month.

As we put more and more of our live online we all need to be conscious of the risk of cybercrime, a multi-billion dollar “industry” where you budding cyber criminal can simply buy an exploit from an online market place. We have recently see “improvements” to phishing email purporting to be well known organisations we are all using such as Xero, HM Revenue and Customs, eBay and Facebook and banks where the cyber criminals have stepped up their game and made sure a lot of the tell-tale mistakes of the past like bad spelling and grammar no longer appear making these message much harder to detect.

We have also come across instances of vishing – voice phishing, employing social engineering techniques, where a caller has obtained some basic information like the organisation banks with, rung a branch location and asked for the contact in head office accounts to obtain the correct person’s name and then rung up mid-morning just toward the end of a month asked for that person by name, claiming to be from the correct banks online banking security department, said they could see they had logged onto online banking in the last hour (a reasonable assumption based on the time of day) and that they could see other suspicious login attempts and could they confirm for “security reasons” their username and detail of a recent transaction otherwise they would suspend the account their and then… problematic at the end of a month when you need to pay staff and suppliers! Combined with freely available publicly available information they now have the users name, username, account number, sort code, date of birth, place of birth, mother’s maiden name, detail of a recent transaction, home address… quite a scary prospect. Fortunately for the organisation in question the person was on the ball and became suspicious of being asked for information on an inbound call and terminated the call and rang the bank on their publish number… not that this didn’t stop the bank immediately blocking online banking access as a precaution and forcing a change of login credentials with activation details issued out of band by standard mail.

October is European Cyber Security month and the it is well worth remembering the strapline campaigns 2015 STOP, THINK, CONNECT as Cyber Security is a Shared Responsibility.

• If you receive an email asking you to login or change your password never follow the link in the message, always go directly to the website concerned in your browser.

• If you receive an inbound phone call asking for you to confirm details security information take the details of the caller’s name and department and then call back the organisation on their published number such as the number.

• Reputable organisations will never ask for you to confirm personally identifying security details passwords or PIN numbers on an inbound call and not in full on an outbound call so you might be asked for say the third and last character.

• If it sounds too good to be true it probably is

• Never reuse the same password across multiple websites, if you username and password are compromised on seemingly unimportant site

• Growing numbers of websites are moving over to support two factor authentication, either for standard login or for “enhanced security” checks such as changing contact details, resetting passwords, making payments, these can be via text message alerts, rolling one time passwords, authentication apps, if a site asks for you mobile phone number this is often what they want it for… this a compromised list of usernames and password much less useful as you are dependent on not only something you know (a password) but also something you have (a mobile phone, text message, code fob).

If you want further advise on IT security, web and email security and anti-phishing solutions, endpoint security solutions, or cyber security training for your staff please contact our IT Services business Decisive IT Ltd on 03333 44 15 15 or enquiries@decisive-it.com



 
Other items in Blogs
 
Keith Day
7th February 2019 Businesses urged to prepare for post-Brexit Customs

HMRC is urging VAT-registered UK businesses which trade exclusively with the EU to be prepared for a no deal Brexit.   In a letter sent to 145,000 affected businesses, HMRC explains changes to Customs, Excise and VAT procedures in the ‘unlikely event’ that the UK leaves the EU without a Brexit deal.   HMRC’s letter…

Read More »

Adrian Mackenzie
7th February 2019 Beware of pension investment scams

The Insolvency Service has urged individuals saving for retirement to protect their pension pots from criminals and ‘negligent trustees’.   Research carried out by the Service found that criminals use a range of tactics to convince savers to part with their funds, including persuading individuals to access their pension and invest in unregulated schemes.  …

Read More »

Victor Courdelle
7th February 2019 MTD for VAT – pilot extended to all eligible businesses

  HMRC has extended its Making Tax Digital for VAT (MTDfV) pilot scheme to all eligible businesses. For most businesses, compliance with the regulations is mandated for VAT return periods beginning on or after 1 April 2019. However, MTDfV for some ‘more complex’ businesses has been deferred until 1 October 2019. This deferral applies to:…

Read More »

Stephen Malkin
1st February 2019 MTD for VAT: Which Bridging Software?

As we approach the 1 April 2019 deadline for the introduction of MTD compliant VAT submissions, many businesses will at last be focusing on what solution they should adopt.   If their current bookkeeping system does not already have an upgrade that automatically provides this new functionality, they will be considering adopting ‘bridging software’.   Looking through…

Read More »

Ian Piper
18th January 2019 CryptoCurrency Taxation: HMRC close loophole?

HMRC are not known for being ahead of the curve, so trying to find official guidance on how exchange gains from selling bitcoin, and other crypto currencies, is expected to be self-assessed and taxed, was always going to be ‘problematic’. At the time of first researching this, the latest HMRC guidance was published in 3…

Read More »

Peter Brown
13th January 2019 5 things you need to know about Making Tax Digital

  Making Tax Digital (MTD) is the hot topic this year. It’s one of the most fundamental changes to the UK tax system since the introduction of self-assessment. From April 2019, VAT registered businesses with a turnover of over £85,000 will be required to keep records using software approved by HMRC.  We have condensed the…

Read More »