weekly briefing - south west police rocu briefing 2nd sept... · fraudsters are spamming fake...

September 2nd 2016

Weekly Briefing

NOT PROTECTIVELY MARKED

Current Threats

Dropbox Hack

Apple Fake invoice Email scam

British Gas - Ransomware

Incident Reports - South West

Zepto Ransomware attack

Miscellaneous

Cyber Crime News

CiSP – Cyber Crime Threats Shared


Dropbox Hack

Dropbox has confirmed that they have been hacked and have notified their customers of a potential forced password reset.

Emails were sent out this week alerting its users that a large chunk of its users credentials were obtained in a 2012 data breach. Users were prompted to change their passwords if they hadn’t since 2012.

Advice

Change your passwords for Dropbox and other online accounts, especially if you use the same password for multiple accounts.

Use a Password Manager to create complex passwords for different sites and remember them for you.


Apple Fake invoice Email scam

Apple customers are being targeted in a series of new scams involving invoices containing fake iTunes/App Store purchases. The fake invoices are aimed at stealing victims’ bank details by making them think someone has gone shopping on their Apple account. Victims are then scared they have been defrauded and click on a “refund” link. From here they are directed to a fake Apple log in page where they are asked to enter their Apple store log in details and submit their debit or credit card details. These type of Phishing emails are becoming very common. The invoices appear genuine using the well known Apple logo and a similar font.


Example of a fake invoice


Apple:

The iTunes Store will never ask you to provide personal information or sensitive account information (such as passwords or credit card numbers) via email.

Email messages that contain attachments or links to non-Apple websites are from sources other than Apple, although they may appear to be from the iTunes Store. Most often, these attachments are malicious and should not be opened. You should never enter your Apple account information on any non-Apple website.

What the iTunes Store will never ask you to provide via email:

Social Security Number

Mother's maiden name

Full credit card number

Credit card CCV code

"Phishers" create elaborate websites that look similar to iTunes, but their sole purpose is to collect your account information. Often, a fake email will ask you to click on a link and visit one of these phishing websites to "update your account information."


British Gas – Ransomware

Fraudsters are spamming fake British Gas utility bill emails that link to a virus that takes

over victim’s computers.

Action Fraud has received hundreds of reports of these emails cleverly designed to look like a seemingly harmless utility bill. The emails contain links that take people to a website where they are told to download a file in order to view their bill. After downloading the file, the virus locks you out of your computer and then directs you to an online payment page.

British Gas say that their emails will always be personalized and will often quote your British Gas account number (where the email relates specifically to your account) and will

only provide links back to the britishgas.co.uk website.


Action Fraud:

Having up-to-date virus protection is essential; however it will not always prevent you from becoming infected.

Please consider the following tips:

Make sure that your internet browser and any plug-ins (e.g. Flash, Java, Silverlight) are up-to-date

Don’t click on links or open attachments from unknown email addresses. Remember that fraudsters can ‘spoof’ an email address to make it look like one used by someone you trust. If you are unsure, check the email header to identify the true source of any such link or attachment.

Please visit the British Gas website directly and log in from there to check utility bills. Do not use the purported link provided in suspicious emails.

Avoid logging into your email account from a public computer (e.g. at a hotel or internet cafe) as it could be infected with spyware. Additionally don’t connect to unsecured public Wi-Fi, use mobile data services such as 4G to access your accounts instead.

Create regular backups of your important files to an external hard drive, memory stick or online storage provider. It’s important that the device you back up to isn’t left connected to your computer as any malware infection could spread to that too.


Ransomware - Zepto

The South West Regional Cyber Crime Unit has completed an investigation into a Zepto ransomware attack against an organisation in the South West.

An employee within the organisation accessed their personal email account from a computer which was connected to the network. Once the email was opened an automated process has taken place, whereby the code was programmed to call out a command and control server and from there ransomware has been downloaded. This has resulted in local files being encrypted before spreading across to mapped drives.

Ransomware Advice

Make sure you have anti-virus software installed and ensure it is up-to-date and running in real time.

Keep browsers, operating systems, Adobe and other applications up-to-date and patched against vulnerabilities.

Backups are an absolute necessity in protecting your data. Back up files regularly, store the backups on external storage and physically disconnect the storage from the computer and network between backups. Ensure you verify the backups.

There are many fake emails with malicious attachments circulating the internet. If you receive an uninvited email containing an attachment then do not open it unless you are sure of its origin.

In the unfortunate case of infection, pull the plug on the computer and internet access.

Do not pay the ransom as a first response - report to Action Fraud as soon as possible.


News Snapshots

The Guardian view on internet security: a huge and growing problem

Cyber criminals are breaking into smartphones with increasing frequency. Apple recently issued a global iOS update after spyware, that took advantages of 3 weaknesses in the iPhone, was discovered. Concerns grow for Android phones as it is claimed that only some of the Samsung and LG models are updated frequently making them more secure. In some poorer parts of the world Android has the biggest market share which makes this a particularly serious problem.

Samsung Galaxy Note 7 release

Samsung Electronics is recalling its flagship Galaxy Note 7 smartphone and said that battery problems were behind phones catching fire.

The decision follows reports in the US and South Korea of the phone "exploding" during or after charging.

The South Korean company said customers who had already bought the phone would be able to swap it for a new one.

Samsung said it had been difficult to work out which phones were affected among the 2.5 million Note 7s sold.


CiSP - Cyber Crime Threats Shared

The Cyber Security Information Sharing Partnership (CiSP), which is run by CERT-UK, is an information

sharing platform used to share and publish cyber crime threat information.

The aim of the platform is to allow members to take remedial action and modify their organisations to prevent

cyber attacks.

If you would like to join the CiSP then please sign up at www.cert.gov.uk/cisp and contact us as we can

sponsor you.

Our South West Regional node has now been launched and we welcome you to join our group. This is a

place for all businesses and individuals based in the South West to share threat intelligence and updates

surrounding cyber security.


This document has been given the protective marking of NOT PROTECTIVELY MARKED

and may be disseminated outside law enforcement with no restriction.

If you know anyone else who would like to receive this, please send us their e-mail address

and we will add them to the distribution list.

If you would like to be removed from the list please send an email to the address below to let

us know.

Any comments or queries please email South West Regional Cyber Crime Unit at:

[email protected]

w w w. s w C y b e r C r i m e U n i t . c o . u k


weekly briefing - south west police rocu briefing 2nd sept... · fraudsters are spamming fake...

Documents