Jeff Maynard TVP Volunteer (T5273)Cyber Crime in the UK • ≈ TWO million online fraud reports per...
Transcript of Jeff Maynard TVP Volunteer (T5273)Cyber Crime in the UK • ≈ TWO million online fraud reports per...
Serving with pride and confidence
Jeff Maynard TVP Volunteer (T5273)
TVP accredited for Fraud and Cyber Crime Prevention
Protecting yourself from Cyber Crime
Serving with pride and confidence
Jeff Maynard:
✦Started in computing in September, 1965 ✦Ran British Airways’ global comms and computers ✦Migrated C&W from analogue to digital networking ✦ IT Entrepreneur Of The Year, 2000 ✦Floated three IT companies (OTC, LSE, AIM) ✦Writes iPhone/Android Apps as a hobby ✦Advisor to TVP on cyber crime
Serving with pride and confidence
Am I at risk from cyber criminals?
Think before you link!
Cyber Crime in the UK
• ≈ TWO million online fraud reports per year • Action Fraud estimate only one in five reported…
• ≈ potentially TEN million online frauds per year • Average loss: £550
• Cyber crime in the UK is a £billion pa industry!
Think before you link!
The Cyber Crime risk:
Much the most prevalent crime against the individual:
• Much, much more likely than mugging or burglary • Most people are ‘complacent’ • Poor password choice helps the bad guys • Banks can be reluctant to refund lost money • Only one in 650 cyber frauds leads to conviction
And, its all down to the Internet…
Think before you link!
But, the Internet is here to stay
It is just so much easier for:
• on-line banking • downloading/streaming videos, movies, music etc • watching catch-up TV • booking holidays, theatres, football matches • buying groceries, clothes, electronics etc • making investments • audio/video calls • …
Think before you link!
But, the Internet was not designed for
Any of these activities:
• on-line banking • downloading/streaming videos, movies, music etc • watching catch-up TV • booking holidays, theatres, football matches • buying groceries, clothes, electronics etc • making investments • audio/video calls • or even web surfing!
Think before you link!
And, the Internet is:
• fundamentally insecure
• largely unmanaged
Think before you link!
The Internet grew from DARPAnet
• Conceived by US military • for transporting large files • between military and research labs
• Cold War thinking • Self healing • No central control room
• Closed so no need for security • Hyperlinking (the WWW) added later
• by academics, for academics • …
Think before you link!
Why Cyber Crime?
Cyber Crime is:
• Easy
• Safe
• Profitable
Think before you link!
Lots of ways the bad guys target you:
Watch for all of these:
• Invitational emails • Phishing emails • Attachments to emails • Romance scams • Fake web sites • On-line gaming • Virus, trojans and malware (inc Ransomeware) • Text messages • ‘Boiler room’ and other calls
Think before you link!
Scammers are after you money…
• Either persuade you to send them some money • or • Steal your iD (credentials) to access your money
• Malware can intercept login information, but • Email is the preferred contact method
Think before you link!
“I’m all right, only my son has my email”
WRONG!
• I can buy 5,000,000 email addresses for $200 • I can create millions of email addresses overnight • If you are ever on-line you WILL be a target • If you are ever on-line you WILL be a target
• BUT, you can help yourself not be a victim…
Think before you link!
Some typical invitational emails
If it sounds too good to be true…
1. $1,000,000 Lottery win - send $300 for admin 2. Help liberate dormant bank account and share proceeds 3. Buy-off a hired gunman (!) 4. Send (friend) money to return home after mugging 5. Send air fare to new-found lover 6. Cash cheque for share/Secret Shopper 7. Bypass eBay for ‘better’ deal 8. Job offer 9. Buy ‘hot’ stock (investment scam)
Think before you link!
Phishing emails - the most dangerous…
Designed to steal your identity and then take your money
• PayPal • High St banks • Credit Cards • Building Societies • H M R C • Apple • Amazon • Netflix • eBay • …
Think before you link!
Phishing emails - the most dangerous…
Try to get you to login to a fake site
• ‘Your account has been suspended’ • ‘You need to verify your on-line credentials’ • ‘Problem with your membership’ • ‘You are due a refund’ • ‘Your order needs clarifying’ • …
Think before you link!
1/4
Think before you link!
2/4
Think before you link!
3/4
Think before you link!
4/4
Think before you link!
Think before you link!
Let’s do the unthinkable and click the link!!
https://conventioncondo.com/.001TV018lic001
Think before you link!
Think before you link!
Think before you link!
Phishing emails - the most dangerous…
Some telltale signs:
• Odd email address • Poor grammar • Spelling mistakes
• But, the criminals are learning... • Not addressing you by name • Asking you to 'verify' something • Offering a refund
Think before you link!
Phishing emails - the most dangerous…
The displayed link will be spoofed:
The actual URL and the displayed URL are not related
Please visit our Safe Site.
Think before you link!
Phishing emails - the most dangerous…
The displayed link will be spoofed:
The actual URL and the displayed URL are not related
Please visit our Safe Site. http://thievingbastards.com
Think before you link!
Phishing emails - the most dangerous…
You will never be emailed to click a verify link by
• Banks • Building Societies • PayPal, Amazon, Apple, Netflix… • Any financial institution • H M R C • The Police • Any government institution • ANYONE you can trust!
Think before you link!
Phishing emails - the most dangerous…
All trying to take you to a fake web site
• Think before you link! • If unsure, type the target address in your browser • Better still, use the AppDelete it and move on!
Think before you link!
Phishing emails - can be very profitable…
• 10,000,000 emails sent • 100,000 (1%) delivered to recipient • 1,000 (1%) click on the Phishing link • 100 (1%) enter personal details • £800 from each person who enters info (2015 avg) • Potential Reward: £80,000
• (at 2% the ‘reward’ is £640,000!)
•
Think before you link!
Attachments to emails
• Some email attachments can contain malicious code: • exe, bat, PDF, HTML, doc, com, cmd, vbs, js • zip, rar, 7z (especially with password) • and many more…
Never run or install software sent by email Keep your anti-virus up-to-date and live Think before you click on any attachments
Think before you link!
Romance scams
• £41million in 2017 (avg £11,500)
• Fake identity set up on dating site • Scammer spends time getting friendly • Scammer offers to come to UK to meet
• but is short on cash • so asks for airfare… • and more, and more…
Think before you link!
Fake web sites
From phishing email or search engine or web site
Typical scams: Identity theft Cheap holiday lettings Tickets to scarce events Fake software update
• Increasing sophistication • Easy to download and modify real site • Cannot hide the actual address in browser
Think before you link!
Fake web sites
• some examples to go here
1/5
Think before you link!
2/5
Think before you link!
3/5
Think before you link!
4/5
Think before you link!
5/5
Think before you link!
‘Added value’ web sites
Think before you link!
‘Added value’ web sites
$75
$114
$154
Think before you link!
Email protection summary
• Sender: do you know/recognise the sender? • From: does the email address match the ‘sender’? • Subject: does it sound alarmist? • Dear who: beware of generic names • Message body: bad English, poor grammar • Hyperlink: mouse-over or tap-hold to view • Attachment: do not open • Logo/signature: easily copied from genuine version
Think before you link!
On line banking
Is it safe to do your banking on line? YES with a couple of caveats:
Bookmark each one you use Better still, use the App(s)
Think before you link!
On line banking
Is it safe to do your banking on line? YES with a couple of caveats:
Bookmark each one you use Better still, use the App(s)
Think before you link!
Moving money on line
Buying or selling - take care:
• Receive money via PayPal • Send money via PayPal
• or credit card • Don't use BACS to unknowns • Don’t accept cheques from unknowns • Don't use Western Union
Think before you link!
Moving money on line
Two PayPal scams:
• Pay by PayPal but collect in person • Could be hacked account • Not protected by PayPal • Collections cash only
• Payment received email • Authorisation waiting email • Awaiting tracking number • SCAM!
Think before you link!
On line gaming issues
Gaming platforms used for money laundering - so popular with criminals
Invitations to join coupled with app download - malware or key logger
Fake ‘cracks’ for games (malware again)
Fake game Apps (on Android)
Think before you link!
Malware, trojans and virus threats
Your PC or Mac can be infected: • executing email attachments
• .exe .bat .com .cmd .js .cpl vb dmg • downloading (applications) from P2P sites • ‘updating’ software from dodgy sites • visiting porn sites
ALWAYS keep anti-virus software running • plenty free for personal use
• Sophos, AVG, Avast etc
Think before you link!
Malware, trojans and virus threats
Malware (inc trojans, viruses, worms) installs malicious programs: Keyloggers, Ad displays, Remote Access, Relay, DoS Attacker, Ransomware, …
Think before you link!
RansomwareMessage that your data is encrypted
Docs, photos, files, everything! Requesting payment for unlock key Usually in ‘bitcoins” (diff to trace)
Think before you link!
RansomwareMessage that your data is encrypted
Infections across networks (includes shared wi-fi!)
Think before you link!
Recovering from Ransomware
1. Do NOT pay the ransom! 2. Google the detail so you can delete the file(s)
3. Recover your data from your backup…
Think before you link!
Backup - best practice
1. Automatic 2. Remote location (off-site) 3. Continuous (every version/update) 4. Everything (all your files)
Cloud services (Box, Dropbox, iCloud, OneDrive, Google Drive etc)are NOT suitable for backup…
Recommendation: CrashPlan
Think before you link!
Text (SMS) scams
Similar to email scams but delivered by text message once again, attempting to drive you to a scam site
• account verification request • lottery win • missing order
Think before you link!
1/1
Think before you link!
Other mobile scams
• Missed call may redirect to premium rate line • Prize win message redirects to premium rate • ‘Free’ ring tone is subscription service • Insurance call following new phone buy
Think before you link!
Mobile safety
• Lock your phone with your PIN • Call your provider immediately if phone lost • Do not install Apps from unknown sources • Use PIN to access voicemail • Know how to remotely lock/track • Think before you link! • Factory reset before selling
Think before you link!
Phone (landline) scamsThree broad types:
• Problem with your bank account • will offer to swap bank card by courier
• ‘Microsoft/BT calling' • trying to persuade you there is a problem with your PC/broadband • following the instructions will let them control your computer • the claim regarding ‘noticing problems’ is rubbish!
• Hard sell • timeshare • stocks/shares/wine • Pensions • etc…
Think before you link!
Phone (landline) scams
Dealing with cold sales calls: • Hang up!(if it sounds interesting, Google provider and phone them)
Think before you link!
Public wi-fi
Use public wi-fi with caution McDonalds, Costa, etc
Use commercial hotspots (eg BT/Cloud) If in doubt use 4G
Update apps only on your home network Use an app for banking etc
Think before you link!
Poor passwords put you at risk
• 8+4 (>8 characters, upper/lower case, number, symbol) • Pharaoh2&7 | Titndoml&*9 | Mdhnn9)(8
• Three word phrase • WorldcruisEHeaven | TypicalBadChoices
• DO NOT use ‘password’, birthday, address, ‘12345678’
• Don’t write them down! • Different passwords for different accounts • Use two-factor login if available • Use a password manager (Avast Password is free)
Think before you link!
Choosing the best kit
The ONLY equipment to provide complete protection is wire cutters!
But, some is safer than others: iPad, iPhone (safest) Mac (next safest)
Windows PC, Android tablet/phone - higher risk
No equipment or software will stop you clicking dodgy links!
Think before you link!
YOU are your best defence
• If it smells fishy, it probably is
• If it sounds too good to be true, it probably is
Think before you link!
Staying safe on line
THINK before you link!
• better still: do not follow email links! • keep anti virus running and firewall on • use strong passwords and keep them safe • backup critical data • use an App for on-line banking • bookmark banking/financial sites • use PayPal rather than credit cards • use two-stage verification if available • Beware of friends’ USB drives
Think before you link!
Staying safe on line
Think before you link!
Thames Valley Police Emergency: 999 Non-emergency – 101 www.thamesvalley.police.uk Action Fraud Tel: 0300 1232040 www.actionfraud.police.uk Crimestoppers Tel: 0800 555111 www.crimestoppers-uk.org Trading Standards Tel: 03454 040506 www.tradingstandards.uk
Browse www.getsafeonline.org