Mark Moore, Director, South West Cyber Resilience Centre
You’ve been round the block, and you know what a fraud looks like. You’re on the lookout for emails with dubious attachments, probably with some questionable spelling, and quite possibly with a sense of urgency. You know to avoid clicking on these files, so you’re in a pretty good position. But are you thinking widely enough? A lot of people don’t regularly update themselves on the changing tactics of cyber criminals, and if you’re amongst them, you’re increasingly at risk.
Cybercrime has become a business, and the job of those working in it is to find new ways to trick you. And they’re really quite good at it.
Criminals often use malicious software (‘malware’) to compromise people’s machines. Increasingly, these malware files pop up in places that you’re more likely to use. Would you be suspicious if I sent you an email directing you to a file on Google Drive? Or on dropbox? What about if I asked you to download a graphic from Canva? Or even put something into a Teams chat? All of these have happened recently, and you need to be on your guard about any files whose provenance you’re unsure of. In one recent example a number of people received Microsoft professional upgrades by post, all nicely packaged and very corporate. Not wanting to look a gift horse in the mouth, they plugged in the USB stick to get started with their new features and were swiftly directed to the scammers’ ‘tech support’ desk, which would take payment to unlock their now useless machines.
In a similar vein, you might also want to start thinking about your mobile devices. Because if you think that malware only comes with a computer, you’re much mistaken. Recently, we’ve seen the emergence of so-called ‘ransomware’ on phones: it’s locked until you make a payment to those who have breached you. And they’re getting in through the traditional ‘desktop’ routes … old and insecure operating systems, and malware. What does this mean, practically speaking? If your phone is five years old, and isn’t getting updates, it’s probably a security risk. If you install apps indiscriminately, it’s a security risk. A number of apps have been found to contain rogue coding in recent times, so minimise unnecessary installations, reduce your permissions, and make sure your devices are current. In an ideal world, you might consider whether you want to permit business access via kit which you can’t fully secure.
If all of this is news to you, you’re not alone. Most of us don’t have an obvious place to go to stay abreast of cybercrime tactics. The Home Office is now funding a network of not-for-profit, police-led centres, all of whom offer a monthly threat assessment and a bunch of basic security guidance, without charge. You can find your local one at www.nationalcrcgroup.co.uk