The challenge with the internet has always been ensuring that we have secure and safe computer systems this has become significantly more difficult over time. Cyber dependent crimes rely on the criminal making a system unusable as well as gaining unauthorised access to a system such as a computer, tablet, laptop, or smartphone.
When connected to the internet it offers the cybercriminal an opportunity to try and gain access. If access is gained a hacker may have the ability to steal or change data held on your system, control the device, such as Banking, CCTV, doorbells or any form of smart technology. They can view what the user is doing on the device by monitoring keyboard strokes or viewing what is shown on the monitor or cameras.
Hacking - occurs when a suspect manages to gain unauthorised access to your device. The suspect will use computer programmes that will attempt to guess the password that allows access to a system or fraudsters target weaknesses in the devices applications or programmes.
We can protect ourselves against this type of attack by having strong passwords.
There are a number of general rules regarding passwords that will make them more secure:
Check how secure your password is here
The term malware refers to malicious software. This is software that is designed to gain unauthorised access to computers and other devices, disrupt their normal operation or gather information from them. Malware can infect a computer or device from a number of sources including:
Contaminated email attachments.
Infected websites, whether visiting directly or via links shown on emails or social media posts.
Social engineering involves a fraudster skilfully manipulating an individual to assist their criminal activity. They may try to trick an individual into opening an infected email that places malware on a system than it is to directly hack the system itself. Due to this, social engineering has become more prominent and cyber criminals are finding more audacious ways to get people to undertake tasks, provide information or hand over money using the internet.
Types of social engineering
Phishing - Often cyber criminals will send emails pretending to be someone else to numerous recipients at the same time. The email may claim to come from a bank, online auction site or government department. The aim of the email is to get the recipient to do something they wouldn’t usually do or to reveal confidential information to the sender. By making the email appear to be from a legitimate source the recipient is more likely to reply or take the action requested in the email. Software is available that can show or ‘spoof’ an email address in the sender line of an email, so it appears the email is from someone that it is not. The email may also be sent from an email address that is similar to the genuine sender i.e. @c0lchester.gov.uk (the ‘o’ has been changed to a ‘zero’) instead of @colchester.gov.uk Without taking time to check the authenticity of the sender address the recipient may believe the email is from a genuine source. Phishing emails may also contain malware in attachments that you are directed to open. The email may also ask you to click on a link which leads you to a fake or malicious website that can transfer malware to your device or harvest information you input.
Spearphishing - is a more direct form of phishing. Again, the cyber criminals will send an email, but on this occasion, it will be targeted at a specific person and the ‘sender’ is often shown as a person the recipient knows. This may be a work colleague, senior employee or someone from the company IT or HR department. Again, the sender email address is ‘spoofed’ to appear that it is from a known sender. The email may also contain other information to make it appear more genuine. This may include details of where the sender is, such as at a conference or on holiday. This information can often be obtained from social media sites, such as Facebook, Instagram or LinkedIn. It may also show information about the recipient that has been obtained from the internet such as personal reviews provided online for places visited.
Check the sender email address in an email - hover the mouse cursor over the email address shown in the sender box. If the email address has been spoofed this should show the email address the message has actually come from. Be aware though this function can be overridden, and you may need to check the email header data to confirm the source email address. If the email looks suspicious in anyway do not open any links and forward it to the phishing department of the organisation they are pretending to be from.
Check that the email address shown is an organisation’s correct email address and has not been spelt incorrectly, such as @c0lchester.gov.uk (the ‘o’ has been changed to a ‘zero’) instead of @colchester.gov.uk’. Often, phishing emails will be sent from an email account similar to a genuine company email address, for example police@gmail. com or email@example.com, rather than a genuine organisations account.
If a request is made to provide bank details, personal information or login details, then it should be verified by contacting the organisation or person making the request using established contact details. Do not make contact using a reply email from the one received and do not reply using any of the contact details, in particular do not use phone numbers shown in the email as these can often end up being very costly calls at a high premium.
Cyber Aware (formerly Cyber Streetwise) provides cyber security advice for small businesses and individuals. Its guidance is based on expert advice from the National Cyber Security Centre, a part of GCHQ. For more information, visit www.cyberaware.gov.uk
Get Safe Online is the UK’s most popular source of easy-to-understand information about online safety. Their website is a unique resource providing practical advice on how to protect yourself, your business and your family against common types of cybercrime. The website contains guidance on many other related subjects too – including performing backups and data protection. www.getsafeonline.org
If you would like further support on a one to one basis then please contact the DAST details below