Amongst the problems of working in Cyber Security are that people either really don’t get it, are overwhelmed by ‘shock, horror’ reporting or even worse, see it as a mostly victimless crime, especially if ‘The Man’ is being sticked. That is of course until they or someone close to them is pillaged by these criminals in one way or another.
Perhaps this virus pandemic will show two groups of Cyber operatives on opposing sides, in their True Colours. We have always, always, tried to avoid being somewhat smug and ‘after the fact’. We will continue to discuss prevalent issues, that after all has always been the brief, and will dispense our reasoned advice, which may be useful to someone or give them a chuckle as they leave the burning building.
On the one side, and we can deal with this quite quickly, not wanting to have to change the names to protect the guilty is the cyber industry, many of whom are shamelessly using the global crisis to peddle their wares. Contrasted with some altruism, for instance Zoom giving its Videoconferencing shizzle out for free to schools, some of the cyber marketing is just shameless. You know who you are.
On the other side are the bad guys (mwahahaha) who, of course, are shamelessly exploiting the situation for their own gainz. There are so many examples of this that it would be easy to be sucked into raging about them all in turn, however the wonderful people at Digital Shadows are much more calm and collected than us and have produced a fabulous piece of work which explains the full picture including the massive amount of disinformation out there. This is great work and really worth a read.
There is, however, one filthy scheme which we will have a good old rant about (pause while we blow up our inflatable soapbox), and… breathe out. This is so outrageously nasty and targets your parents and elderly relatives, much the same as the dreaded nCOVID19. It is our duty to educate and protect our elders and betters, let alone the gullible.
Readers of the BBC News website (not dumbed down at all, oh no!) may have seen the results of an investigation, which it claimed as its own, but was in fact the work of an (apparently very gifted) hacker called ‘Jim Browning’ (9mm; The service weapon of nobody’s choice). This was about a professional scamming operation in India that contacted the vulnerable, based on age details from electoral register, formerly stolen credentials etc and blagged them in to paying to resolve problems on their windows machines, usually claiming to be Microsoft.
As a result of this ‘investigation’ by the crack(?!) investigators at The Beeb, this particular scam was shut down, with a very public set of arrests as you can see in the footage above.
Like most scams, this form of fraudulent exploitation is a numbers game that is more successful when managed just like a business with metrics, 360 reviews, all-hands town hall meetings (shudder) and a load of slick sales types, on commission, who could talk your granny into giving her life savings away.
And now we come to the tragic bit (we are not going to link The Engineers Song here, sorry). We have it on very good authority that these utter scumbags are gearing up to exploit the vulnerable during this difficult time and as we said before, we would be errant not to do something about it.
Here are a few things you can and should do. Tell your elderly, tech luddites, trigger happy friends and family:
- Microsoft will NEVER send a message that includes a phone number, ever. If you can, show them this article.
- Even if a message appears to come from someone they know, even their darling number one son or daughter, it might not be from them. It might not be for real. If it looks unusual or has links in it tell them to bin it, phone the aforementioned golden boy/girl, or most likely you, the middle geek kid, and ask what they wanted.
- Be especially aware of any calls that purport to be from the bank which tell them the Police will be in touch.
- Call you before calling any technical support number
- Never agree to install any software suggested by a third party over the phone.
We can assure you that there is about to be a significant increase in this activity over the next 3 months. Please keep an eye out for your people, they are all scared enough.
We would very much like you to register for this blog. It means we can send you our occasional ‘under the hood’ write ups of security incidents seen at the coal face (nation state hack detail, coming next), let alone invite you to our brilliant events.