Scammers Go Phishing For Fake News

Posted on : 31-05-2017 | By : richard.gale | In : Cyber Security, Uncategorized

Tags: , , ,


Fake news is everywhere these days. It may seem like a new phenomenon, but the concept of propaganda is not a new one. Stock markets thrive on the latest headlines and traders throughout history have attempted to manipulate markets by releasing information to influence prices. Today fake news combined with social media has changed the game with powerful consequences. This potent combination of false and misleading information online flooding the internet can cause devastating effects to your company and should be something that Information Security departments take seriously. During the US Presidential campaign a false story was propagated which said that Pepsi refused to serve Trump supporters at a rally. The story did a huge amount of damage to Pepsi’s brand and reputation which can be a costly business!

Tackling the fake news problem and controlling the flow of fake information in and out of an organisation is a huge task. There are tools already available that can monitor traffic so it could possible to extend this to include external activity on social media sites such as Twitter, Facebook and LinkedIn. There are companies and technology products available in the market which can trawl these sites looking for malicious or misleading links. But technology is only one way of looking at the problem. More important are the other influences that drive our behaviour. It is critical to look at people and the processes that drive our behaviour.

Trust is a key feature which allows fake or misleading news into an organisation. Take a scenario where a friend or colleague sends you a link, you instinctively trust the information and click on the link. The same applies to brands that we trust. If you take the Microsoft pop up which is a favourite with scammers. They send a fake pop up to your screen. Most people trust this established branded name see the Microsoft Badge and click thinking this must be true. These unsuspecting users click on the box or call a fake hotline number thereby generating a malware event opening the door for scammers straight into your organisation.

Email is another example of a very trusted way of communication, making it a hot spot for scammers looking to retrieve your information or get you to click on a malicious link. A popular route for scammers is to send emails that pretend to be from the IT Department asking employees to do a certain task such as reset your password. You click the reset button and the scammers are in.

Phishing scams are one of the most commonly used ways in which your organisation can be infiltrated. User training which includes sending out a phishing email will find that 10-20% of emails are clicked on each time the test is run. Even after training this stays fairly consistent so alternative ways of dealing with the problem need to be investigated. Some technology firms such as Menlo Security isolate the user from the internet and can capture most of these types of issues.

These technology options offer some valuable tools to protect organisations but ultimately there is no magic piece of software that can filter out the fake news and ward off the scammers. The only way to deal with the problem is education. Companies need to invest in proper cyber security training for all their employees. The traditional annual training update is not enough. Training needs to be done on a more regular basis with a more modern approach that can produce long term behavioural changes.

It is crucial to remember that staff are the front-line defence against the fraudsters and we need to ensure that they are armed with the right knowledge to combat the threat. In a week where we have seen the Governor of the Bank of England fall prey to a fraudster who emailed the Governor impersonating a Bank of England colleague this is no easy task!

Gen-Y Professionals – Cyber Attacks, Bothered?

Posted on : 26-05-2017 | By : jo.rose | In : Cyber Security

Tags: , ,


Whilst many of us are concerned about the threat of Cyber-attacks, its seems that the Gen-Y professionals have a more relaxed view. This is because they have grown up with technology and social media more than any other generation. They seem to be born understanding how the latest technology works, what’s the coolest social media app, and, if even the most up to date one doesn’t work, they try something else until they find the solution that works best for them.

Young professionals can be naïve to the sensitivity of company data and the value it could have to cyber-criminals. Surveys show that almost a fifth believe an attacker would be able to do nothing with their company’s data if hacked or a device stolen, or realise that a stolen device can be manipulated to make future attacks.
And it’s because of this that is leaving organisations more open to Cyber-attacks. A lot of Gen-Y’s have a blasé attitude towards cyber security, due to a blurring of home and the workplace, therefore unconcerned about the effects of hacking or losing data.

Almost half young professionals connect their own potentially infected devices to their company’s network, whilst others use work devices for personal use. It’s also not uncommon practice for work devices to be lent to people outside of the organisation. If they are connecting their own devices to the company network then one approach could be for the organisation to have in place appropriate personal security. One way could be through choose-your-own-device policies which would give back more control to the IT team. Accessing the network through their own devices, they could be given a choice from a select set of products which would be regularly updated and security already installed.

Many are unaware of, or don’t believe their company has an IT security policy. A way blend the two would be for company IT security teams to engage with the younger employees to help in the creation of security policies that suit the need of both employer and employee. It appears that young professionals want to engage with their organisations’ IT security teams to help develop policies. It would surely make for a clearer understanding of what is expected of them and what they need from their organisation.

In a survey completed by ESET the following data points were found:

  • 70% are unaware that hacked devices can be manipulated to make further future attacks
  • 52% are unaware that stolen data could be used against their company
  • 50% believe it’s nearly always their organisation’s responsibility to ensure the safety of data.
  • 49% are unaware hackers would be looking to sell their company’s data
  • 47% use work devices for personal use 44% of young professionals have connected, or are unsure if they have connected, their own devices, potentially infected with malicious malware, to their company’s network
  • 38% are unaware of, or don’t believe, their company has an IT security policy
  • 29% indicate a complete lack of concern over the effects upon their company and its data if a work device is hacked, lost or stolen
  • 30% of those who are aware of the existence of an IT security policy do not know what it is
  • 18% believe an attacker wouldn’t be able to do anything with their company’s data if was stolen or a device hacked
  • 10% admit they may have shared access to their company’s network with third parties

So it seems silly to think Gen-Y’s are viewed as the most tech savvy when it comes to their personal brand, yet when it comes to their business lives, they are some of the most unreliable. Bothered? We should be!!