expert-profile | Information Security Buzz

Tim Sadler

CEOfeature_status*/ ?>

Tessian

Comments Dotted : 7

March 19, 2021

Response Comment: Romance Scams Are Up From $475m In 2019 To $600m In 2020

The rise in romance fraud illustrates just how they’re exploiting the ‘lockdown loneliness’ for financial gain.

Throughout the pandemic, cybercriminals have captialised on people’s vulnerabilities and situations to craft convincing social engineering attacks and phishing scams. The rise in romance fraud illustrates just how they’re exploiting the ‘lockdown loneliness’ for financial gain.

It’s so important to consider how you could be targeted and to question any requests you receive from individuals you do not know. Establishing trust is a key part of deceiving someone online. Cybercriminals will play the long-game, using a fake identity and exchanging several messages to earn victims’ trust before asking for money or financial information in emails or DMs. The tell-tale signs of a scam can, therefore, be hard to spot.

As social distancing restrictions remain in place, we advise that people verify the identity of someone you are speaking to via a video call and remain suspicious of any unusual requests. If anyone thinks they may have already been targeted by a romance scam contact Action Fraud immediately.

Tessian shares the following advice to help people avoid these scams:

Never send money or a gift online to someone who you haven’t met in person.
Be suspicious of requests from someone you’ve met on the internet. Scammers will often ask for money via wire transfers or reload cards because they’re difficult to reverse.
Verify your correspondent’s identity via a video call.
Be wary of any email or DM you receive from someone you don’t know. Never click on a link or download an attachment from an unusual email address.
Keep social media profiles and posts private. Don’t accept friend requests or DMs from people you don’t know personally.

Read Less

January 11, 2021

Response Comment: Hackers Post Hackney Council’s ‘Stolen Documents’

Educating people will help but advanced attacks like this require advanced security solutions.

Although it's unclear how this particular group delivers its ransomware payload, it's likely that phishing has played a role. Figures from last year show that distributing ransomware attacks via email is quickly coming "back into fashion", while our own research found that a third of IT leaders have experienced a rise in ransomware delivered by phishing messages since companies started working fully remotely last year.

As hackers continually look for ways to hack humans in order to hack

As hackers continually look for ways to hack humans in order to hack organisations, businesses must find ways to secure their people, especially as they continue working remotely. Educating people will help but advanced attacks like this require advanced security solutions. Often, hackers will build trust with their targets over time, and across multiple emails, before sending the tell-tale malicious payload link or attachment. Solutions need to be in place to automatically detect this threat, and alert employees, at the very start of the email chain to avoid valuable data being stolen and extorted.

Read Less

November 23, 2020

Experts Reacted On MPs Hit With Nearly 3 Million Malicious Emails Every Month

Hacking humans on email is still the easiest way for cybercriminals to hack into organisations and institutions.

These findings highlight the sheer scale of the threat that all businesses are facing. With millions of malicious emails being sent, the odds that one might work are high - especially if they are carefully crafted to evade detection. It just takes one busy and stressed employee to miss the cues or one very convincing message for cybercriminals to breach an organisation's security and access highly sensitive information. Hacking humans on email is still the easiest way for cybercriminals to hack into organisations and institutions. Governments, therefore, need to protect their people from falling for phishing attacks, putting solutions in place to automatically detect threats and educating employees on threats like social engineering attacks. Failure to do so and the fallout could be disastrous, as cybercriminals get their hands-on sensitive data and gain illegal access to officials' email accounts. Consider the damage that could be caused should a hacker successfully take over an MP's email account. The threat of phishing isn't going away any time soon, but organisations can find ways to proactively prevent their people from falling for the scams. Read Less

September 18, 2020

NCSC warns of ransomware attacks against UK universities – experts reaction

While DMARC is a necessary first step to preventing domain impersonation, it has its downfalls and hackers will find ways around it.

It’s important to remember ransomware attacks are often delivered via phishing emails, so it’s concerning to see that nearly all of the top 20 UK universities do not have DMARC policies in place to protect their domains from being spoofed by scammers. We have seen hackers capitalise on key moments throughout the pandemic using phishing attacks, so it’s likely they will use this ‘back to school’ momentum to their advantage too, impersonating trusted universities to try and steal valuable personal and financial information. The problem is that without DMARC records in place, or without having DMARC policies set up to ‘reject’, hackers can easily impersonate a university’s email domain in phishing campaigns, convincing their targets that they are opening a legitimate email from a colleague, fellow student, professor or administrator at their university. If you receive an email from your university asking for urgent action, question the legitimacy of the request and if you’re not sure, contact the university directly to verify. It’s also important to note that while DMARC is a necessary first step to preventing domain impersonation, it has its downfalls and hackers will find ways around it. For example, DMARC won’t stop lookalike domains, and hackers can register domains that look similar to an organisation’s domain, betting on the fact that people won’t notice the slight change. Given that DMARC records are also inherently public, an attacker can use this information to select their targets and attack method simply by identifying institutions without an effective DMARC record. So as universities start to welcome students back - and inundate inboxes with updates about online learning and social distancing — it’s critical that they take action to build robust security measures that can protect their staff and students against email scams. Read Less

July 20, 2020

Experts On The News: Tesco ‘Free 4K TV’ Phishing Scam Targets UK Shoppers

They know people are struggling financially during this pandemic, so the offer of a free TV could be very attractive.

As the lines between people in our 'known' network and our 'unknown' networks blur on social media feeds and in our inboxes, it becomes incredibly difficult to know who you can and can't trust. Hackers prey on this, impersonating a trusted brand or person to convince you into complying with their malicious request and they will also prey on people's vulnerabilities. They know people are struggling financially during this pandemic, so the offer of a free TV could be very attractive. But as the.....Read More

May 28, 2020

CEO On Research: Half Of Workers Are Less Likely To Practice Safe Data Practices While Working Remotely

The Covid-19 crisis has triggered a tidal wave of challenges for businesses.

The Covid-19 crisis has triggered a tidal wave of challenges for businesses. Whilst they adapted fast to the abrupt shift towards remote working, the challenge businesses now face is keeping data secure from risky employee behaviour as working from home becomes the norm. Our research shows that people will cut corners on security best practices when working remotely and find workarounds if security policies disrupt their productivity in these new working conditions. But, all it takes is one misdirected email, incorrectly stored data file, or weak password, before a business faces a severe data breach that results in the wrath of regulations and financial turmoil. During this time, protecting people has to be all businesses’ top priority. IT decision makers, therefore, must establish clear guidelines on security best practices, enabling all staff to work efficiently and safely when away from the office. Read Less

April 03, 2020

Industry Leaders And Cybersecurity Experts Insight On Marriott International Data Breach

Contact the hotel directly to verify whether the request is legitimate.

Marriott customers should now be alert to the fact that they could receive targeted phishing scams from hackers impersonating the hotel group, leveraging the information they have stolen to steal payment details or account passwords. If you receive a suspicious email that asks you to carry out an urgent action, do not comply with the request, click the link or download any attachments. Contact the hotel directly to verify whether the request is legitimate.