Jeff Maynard TVP Volunteer (T5273)Cyber Crime in the UK • ≈ TWO million online fraud reports per...

Serving with pride and confidence

Jeff Maynard TVP Volunteer (T5273)

TVP accredited for Fraud and Cyber Crime Prevention

Protecting yourself from Cyber Crime


Jeff Maynard:

✦Started in computing in September, 1965 ✦Ran British Airways’ global comms and computers ✦Migrated C&W from analogue to digital networking ✦ IT Entrepreneur Of The Year, 2000 ✦Floated three IT companies (OTC, LSE, AIM) ✦Writes iPhone/Android Apps as a hobby ✦Advisor to TVP on cyber crime


Am I at risk from cyber criminals?

Think before you link!

Cyber Crime in the UK

• ≈ TWO million online fraud reports per year • Action Fraud estimate only one in five reported…

• ≈ potentially TEN million online frauds per year • Average loss: £550

• Cyber crime in the UK is a £billion pa industry!


The Cyber Crime risk:

Much the most prevalent crime against the individual:

• Much, much more likely than mugging or burglary • Most people are ‘complacent’ • Poor password choice helps the bad guys • Banks can be reluctant to refund lost money • Only one in 650 cyber frauds leads to conviction

And, its all down to the Internet…


But, the Internet is here to stay

It is just so much easier for:

• on-line banking • downloading/streaming videos, movies, music etc • watching catch-up TV • booking holidays, theatres, football matches • buying groceries, clothes, electronics etc • making investments • audio/video calls • …


But, the Internet was not designed for

Any of these activities:

• on-line banking • downloading/streaming videos, movies, music etc • watching catch-up TV • booking holidays, theatres, football matches • buying groceries, clothes, electronics etc • making investments • audio/video calls • or even web surfing!


And, the Internet is:

• fundamentally insecure

• largely unmanaged


The Internet grew from DARPAnet

• Conceived by US military • for transporting large files • between military and research labs

• Cold War thinking • Self healing • No central control room

• Closed so no need for security • Hyperlinking (the WWW) added later

• by academics, for academics • …


Why Cyber Crime?

Cyber Crime is:

• Easy

• Safe

• Profitable


Lots of ways the bad guys target you:

Watch for all of these:

• Invitational emails • Phishing emails • Attachments to emails • Romance scams • Fake web sites • On-line gaming • Virus, trojans and malware (inc Ransomeware) • Text messages • ‘Boiler room’ and other calls


Scammers are after you money…

• Either persuade you to send them some money • or • Steal your iD (credentials) to access your money

• Malware can intercept login information, but • Email is the preferred contact method


“I’m all right, only my son has my email”

WRONG!

• I can buy 5,000,000 email addresses for $200 • I can create millions of email addresses overnight • If you are ever on-line you WILL be a target • If you are ever on-line you WILL be a target

• BUT, you can help yourself not be a victim…


Some typical invitational emails

If it sounds too good to be true…

1. $1,000,000 Lottery win - send $300 for admin 2. Help liberate dormant bank account and share proceeds 3. Buy-off a hired gunman (!) 4. Send (friend) money to return home after mugging 5. Send air fare to new-found lover 6. Cash cheque for share/Secret Shopper 7. Bypass eBay for ‘better’ deal 8. Job offer 9. Buy ‘hot’ stock (investment scam)


Phishing emails - the most dangerous…

Designed to steal your identity and then take your money

• PayPal • High St banks • Credit Cards • Building Societies • H M R C • Apple • Amazon • Netflix • eBay • …



Try to get you to login to a fake site

• ‘Your account has been suspended’ • ‘You need to verify your on-line credentials’ • ‘Problem with your membership’ • ‘You are due a refund’ • ‘Your order needs clarifying’ • …


1/4


2/4


3/4


4/4


Let’s do the unthinkable and click the link!!

https://conventioncondo.com/.001TV018lic001



Some telltale signs:

• Odd email address • Poor grammar • Spelling mistakes

• But, the criminals are learning... • Not addressing you by name • Asking you to 'verify' something • Offering a refund



The displayed link will be spoofed:

The actual URL and the displayed URL are not related

Please visit our Safe Site.



The displayed link will be spoofed:

The actual URL and the displayed URL are not related

Please visit our Safe Site. http://thievingbastards.com



You will never be emailed to click a verify link by

• Banks • Building Societies • PayPal, Amazon, Apple, Netflix… • Any financial institution • H M R C • The Police • Any government institution • ANYONE you can trust!



All trying to take you to a fake web site

• Think before you link! • If unsure, type the target address in your browser • Better still, use the AppDelete it and move on!


Phishing emails - can be very profitable…

• 10,000,000 emails sent • 100,000 (1%) delivered to recipient • 1,000 (1%) click on the Phishing link • 100 (1%) enter personal details • £800 from each person who enters info (2015 avg) • Potential Reward: £80,000

• (at 2% the ‘reward’ is £640,000!)

•


Attachments to emails

• Some email attachments can contain malicious code: • exe, bat, PDF, HTML, doc, com, cmd, vbs, js • zip, rar, 7z (especially with password) • and many more…

Never run or install software sent by email Keep your anti-virus up-to-date and live Think before you click on any attachments


Romance scams

• £41million in 2017 (avg £11,500)

• Fake identity set up on dating site • Scammer spends time getting friendly • Scammer offers to come to UK to meet

• but is short on cash • so asks for airfare… • and more, and more…


Fake web sites

From phishing email or search engine or web site

Typical scams: Identity theft Cheap holiday lettings Tickets to scarce events Fake software update

• Increasing sophistication • Easy to download and modify real site • Cannot hide the actual address in browser


Fake web sites

• some examples to go here

1/5


2/5


3/5


4/5


5/5


‘Added value’ web sites


‘Added value’ web sites

$75

$114

$154


Email protection summary

• Sender: do you know/recognise the sender? • From: does the email address match the ‘sender’? • Subject: does it sound alarmist? • Dear who: beware of generic names • Message body: bad English, poor grammar • Hyperlink: mouse-over or tap-hold to view • Attachment: do not open • Logo/signature: easily copied from genuine version


On line banking

Is it safe to do your banking on line? YES with a couple of caveats:

Bookmark each one you use Better still, use the App(s)


Moving money on line

Buying or selling - take care:

• Receive money via PayPal • Send money via PayPal

• or credit card • Don't use BACS to unknowns • Don’t accept cheques from unknowns • Don't use Western Union


Moving money on line

Two PayPal scams:

• Pay by PayPal but collect in person • Could be hacked account • Not protected by PayPal • Collections cash only

• Payment received email • Authorisation waiting email • Awaiting tracking number • SCAM!


On line gaming issues

Gaming platforms used for money laundering - so popular with criminals

Invitations to join coupled with app download - malware or key logger

Fake ‘cracks’ for games (malware again)

Fake game Apps (on Android)


Malware, trojans and virus threats

Your PC or Mac can be infected: • executing email attachments

• .exe .bat .com .cmd .js .cpl vb dmg • downloading (applications) from P2P sites • ‘updating’ software from dodgy sites • visiting porn sites

ALWAYS keep anti-virus software running • plenty free for personal use

• Sophos, AVG, Avast etc


Malware, trojans and virus threats

Malware (inc trojans, viruses, worms) installs malicious programs: Keyloggers, Ad displays, Remote Access, Relay, DoS Attacker, Ransomware, …


RansomwareMessage that your data is encrypted

Docs, photos, files, everything! Requesting payment for unlock key Usually in ‘bitcoins” (diff to trace)


RansomwareMessage that your data is encrypted

Infections across networks (includes shared wi-fi!)


Recovering from Ransomware

1. Do NOT pay the ransom! 2. Google the detail so you can delete the file(s)

3. Recover your data from your backup…


Backup - best practice

1. Automatic 2. Remote location (off-site) 3. Continuous (every version/update) 4. Everything (all your files)

Cloud services (Box, Dropbox, iCloud, OneDrive, Google Drive etc)are NOT suitable for backup…

Recommendation: CrashPlan


Text (SMS) scams

Similar to email scams but delivered by text message once again, attempting to drive you to a scam site

• account verification request • lottery win • missing order


1/1


Other mobile scams

• Missed call may redirect to premium rate line • Prize win message redirects to premium rate • ‘Free’ ring tone is subscription service • Insurance call following new phone buy


Mobile safety

• Lock your phone with your PIN • Call your provider immediately if phone lost • Do not install Apps from unknown sources • Use PIN to access voicemail • Know how to remotely lock/track • Think before you link! • Factory reset before selling


Phone (landline) scamsThree broad types:

• Problem with your bank account • will offer to swap bank card by courier

• ‘Microsoft/BT calling' • trying to persuade you there is a problem with your PC/broadband • following the instructions will let them control your computer • the claim regarding ‘noticing problems’ is rubbish!

• Hard sell • timeshare • stocks/shares/wine • Pensions • etc…


Phone (landline) scams

Dealing with cold sales calls: • Hang up!(if it sounds interesting, Google provider and phone them)


Public wi-fi

Use public wi-fi with caution McDonalds, Costa, etc

Use commercial hotspots (eg BT/Cloud) If in doubt use 4G

Update apps only on your home network Use an app for banking etc


Poor passwords put you at risk

• 8+4 (>8 characters, upper/lower case, number, symbol) • Pharaoh2&7 | Titndoml&*9 | Mdhnn9)(8

• Three word phrase • WorldcruisEHeaven | TypicalBadChoices

• DO NOT use ‘password’, birthday, address, ‘12345678’

• Don’t write them down! • Different passwords for different accounts • Use two-factor login if available • Use a password manager (Avast Password is free)


Choosing the best kit

The ONLY equipment to provide complete protection is wire cutters!

But, some is safer than others: iPad, iPhone (safest) Mac (next safest)

Windows PC, Android tablet/phone - higher risk

No equipment or software will stop you clicking dodgy links!


YOU are your best defence

• If it smells fishy, it probably is

• If it sounds too good to be true, it probably is


Staying safe on line

THINK before you link!

• better still: do not follow email links! • keep anti virus running and firewall on • use strong passwords and keep them safe • backup critical data • use an App for on-line banking • bookmark banking/financial sites • use PayPal rather than credit cards • use two-stage verification if available • Beware of friends’ USB drives


Staying safe on line


Thames Valley Police Emergency: 999 Non-emergency – 101 www.thamesvalley.police.uk Action Fraud Tel: 0300 1232040 www.actionfraud.police.uk Crimestoppers Tel: 0800 555111 www.crimestoppers-uk.org Trading Standards Tel: 03454 040506 www.tradingstandards.uk

Browse www.getsafeonline.org

Jeff Maynard TVP Volunteer (T5273)Cyber Crime in the UK • ≈ TWO million online fraud reports per...

Documents

Transcript of Jeff Maynard TVP Volunteer (T5273)Cyber Crime in the UK • ≈ TWO million online fraud reports per...