Action Fraud UK has warned that both businesses and universities need to be on guard against a new scam, which has already resulted in firms being defrauded of £350,000. Hackers are registering spoof UK university domains to look like they belong to UK university email addresses. These domains are used to contact suppliers and order high value goods such as IT equipment and pharmaceutical chemicals in the university’s name and the suppliers are never paid back. Kevin commented below as part of our security experts comments series.
Kevin Bocek, Chief Cybersecurity Strategist at Venafi:
“These attacks are part of a much larger problem that jeopardises the system of trust used throughout the internet and shows why a new system of trust built on reputation is needed. These padlocks are supposed to signify a trusted machine identity – a digital certificate that means a website is genuine. But now cybercriminals can obtain certificates allowing them to look authentic for virtually nothing. This is a high risk, high impact threat that security teams cannot ignore anymore.”