Cyber Crime Public Awareness re: Personal Data 21 May 2021

The Garda National Cyber Crime Bureau is continuing its criminal investigation into the cyber attack on the HSE in conjunction with local and international partners.

We are encouraging people who have reason to suspect they are victims of cyber related crime, particularly the recent criminal cyber attack of the HSE, to make a report on the Garda Confidential Line – 1800 666 111 or at their local Garda station.

It has not been confirmed with full certainty that personal records or data reported to have been circulated are in fact genuine even though this is probable and would be a feature of these attacks.

In general, our crime prevention advice has been and remains – if you are contacted by persons stating that they have your personal details and/or looking for bank account details you should not engage or provide any personal information. If this does happen, we are encouraging people to report suspected breaches of personal data which will be examined by specialist investigators. Such reports will be handled in a sensitive manner.

An Garda Síochána has this year regularly highlighted concerns on all types of fraud and scams which are proliferating vie email, text message and phone call. These continue and every person needs to be scam aware. State agencies, such as An Garda Síochána, the Health Service Executive, the Revenue Commissioner’s will not cold call you looking for personal information such as PPS numbers or bank account details.

If you received any communication like this:- DO NOT engage with the caller- DO NOT click on any links in emails or text messages- Screenshot the email, text message or other communication.We also appeals to the public not to forward anonymous content, particularly on social media messaging apps. These messages proliferate the spread of fake news, create false concern and can cause fear amongst people. We ask that you to talk to your family and friends and only pass on information from credible and legitimate sources.

Cifas weekly coronavirus scam update – vaccine selfies, oversharing on social media and nuisance calls

Fraudsters continue to use pandemic to steal money and information from the public

Urgent reminder issued to consumers about the perils of oversharing on social media

Cifas, the UK’s leading fraud prevention service, is highlighting the latest coronavirus scams from the past week, and warning the public to stay vigilant of the ever-changing tactics that scammers are using to extract money and information.

Vaccine selfies lead to rise in identity theft

Members of the public are being warned not to share their vaccine selfies following a spate of cases involving identity theft.

As the vaccine programme continues to be rolled-out, a number of people have been sharing pictures of themselves along with their vaccine cards on social media. These documents include personal information including names, birth dates and vaccination sites. This information is being used to create fake vaccination cards which are then sold on the black market. Criminal gangs are reported to be selling forged COVID-19 negative test certificates through Whatsapp groups and adverts on social media.

Cifas is warning people never to share personal details on social media, and that anyone using a fake vaccination card could face a prison sentence. If you are targeted by this scam then you need to report it immediately to your social media provider and report it to Action Fraud or Police Scotland.

Social media users warned about oversharing

New research by Tessian has revealed that 84% of people post on social media every week, with the majority sharing information including their interests, the names of their children and birthday celebrations. This type of information can help fraudsters commit facility takeover fraud where a criminal poses as a genuine customer to gain control of an account. Cifas saw a 21% increase in reported cases of this type of fraud last year.

Social media users are reminded that they should provide as little personal information about themselves on social media as possible, and to only accept invitations from people they know.

Pandemic sparks surge in scam calls

The National Trading Standards Scams Team has reported a 250% rise in the number of nuisance calls since the first nationwide lockdown. Their research has revealed that the top three scam call types involved:

The research also revealed that people over the age of 70 were specifically targeted by COVID-19 scam calls.

Cifas is reminding anyone that receives a call offering goods or services to take a moment to stop and think before parting with financial or personal information. This information can be used by criminals to buy goods or apply for services in the victim’s name.

If you believe you’ve fallen for a scam then you must contact your bank immediately, and report it to Action Fraud or Police Scotland.

Sally Felton, Director of Intelligence and Member Experience at Cifas, said: ‘As feelings of excitement at the prospect returning to normal build, it’s important we remain vigilant against oversharing personal details online. Criminals have access to technology to scrape your personal details from the web and use these to commit fraud against you. Make it hard for them and be aware of what you’re posting about yourself online.

‘I would urge everyone to review their privacy settings on social media to make sure only those you want to can see your profile and posts. But even then, you can’t be sure your information won’t be shared. Limit the information you do share, and think twice before posting your future holiday bookings as these advertise to everybody when your home will be unoccupied.’

  • selling fake insurance for white goods such as fridges and washing machines
  • impersonation callers and spoofed numbers for organisations including the NHS, and service providers such as Amazon and Netflix
  • criminals posing as legitimate tradesman offering domestic home repairs.

What to do first when your company suffers a ransomware attack

Graham Cluley – Oct 1 2020

For many companies it would be a nightmare to discover that they are the latest unwitting victim of a ransomware attack, capable of crippling computer systems and locking up data if a payment isn’t made to cybercriminals.

There’s no magic wand that can make a ransomware attack simply disappear with no impact at all on an organisation, but you can lessen the problem by carefully following tried-and-trusted steps in the immediate aftermath of an attack.

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have jointly released an in-depth guide that not only includes recommendations on how you can reduce the chances of being the next ransomware victim, but also provide a step-by-step checklist for how to respond.

I believe that the ransomware response checklist could be a valuable addendum to organisations’ incident response plans. Your company does have a cyber incident response plan, right?

And the advice couldn’t be more timely, with more and more organisations hit by ransomware attacks that cripple their ability to operate normally.

So, let’s take a look at the checklist step-by-step, focusing specifically on the very first things you should do:

1. Determine which systems were impacted, and immediately isolate them.

If several systems or subnets appear impacted, take the network offline at the switch level. It may not be feasible to disconnect individual systems during an incident.

If taking the network temporarily offline is not immediately possible, locate the network (e.g., Ethernet) cable and unplug affected devices from the network or remove them from Wi-Fi to contain the infection.

If it’s one or two computers that have been infected by the ransomware then you may be able to get away with just disconnecting those PCs and dealing with them individually. But if the infection has distributed itself more widely then you may have to take more significant action to prevent the ransomware from spreading further.

So clearly it’s important to attempt to determine the scale of the problem as quickly as possible, as this will influence the nature of your response.

After an initial compromise, malicious actors may monitor your organization’s activity or communications to understand if their actions have been detected. Be sure to isolate systems in a coordinated manner and use out-of-band communication methods like phone calls or other means to avoid tipping off actors that they have been discovered and that mitigation actions are being undertaken.

In some instances, organisations have used personal email accounts or instant messaging services like WhatsApp to communicate if they fear corporate communications systems may be being monitored by the attackers.

Obviously response teams should be careful to ensure that out-of-band communications they receive are genuinely from fellow workers rather than malicious themselves.

Not doing so could cause actors to move laterally to preserve their access — already a common tactic — or deploy ransomware widely prior to networks being taken offline.

But what if you cannot temporarily shut down your network or disconnect affected computers from the network?

In that case, the response guide offers the following advice:

2. Only in the event you are unable to disconnect devices from the network, power them down to avoid further spread of the ransomware infection.

However, it should be noted that if you do this you may lose potential evidence about the attack which would be useful to the authorities.

Law enforcement agencies, as well as CISA and MS-ISAC, may be interested in gathering a wide variety of other information that could be useful in their investigation.

This includes, but is not limited to, the following:

  • Recovered executable file
  • Copies of any readme file (this should not be removed as it often assists decryption)
  • Live memory (RAM) capture from systems with additional signs of compromise (use of exploit toolkits, RDP activity, additional files found locally)
  • Images of infected systems with additional signs of compromise (use of exploit toolkits, RDP activity, additional files found locally)
  • Malware samples
  • Names of any other malware identified on systems
  • Encrypted file samples
  • Log files (Windows Event Logs from compromised systems, Firewall logs, etc.)
  • Any PowerShell scripts found having executed on the systems
  • Any user accounts created in Active Directory or machines added to the network during the exploitation
  • Email addresses used by the attackers and any associated phishing emails
  • A copy of the ransom note itself
  • Ransom amount and whether or not the ransom was paid
  • Bitcoin wallets used by the attackers
  • Bitcoin wallets used to pay the ransom (if applicable)
  • Copies of any communications with attackers

Even if there is little chance that an attacker might be identified and caught, details like the above – if shared with other companies – could help prevent them from becoming the next victim of the ransomware.

And it is only after the first two response steps that the guide recommends victims attempt to restore critical systems.

3. Triage impacted systems for restoration and recovery.

Identify and prioritize critical systems for restoration, and confirm the nature of data housed on impacted systems.

– Prioritize restoration and recovery based on a predefined critical asset list that includes information systems critical for health and safety, revenue generation, or other critical services, as well as systems they depend on.

Keep track of systems and devices that are not perceived to be impacted so they can be deprioritized for restoration and recovery. This enables your organization to get back to business in a more efficient manner.

While these first three steps are being considered in order, however, there is additional work that can be taking place in parallel.

4. Confer with your team to develop and document an initial understanding of what has occurred based on initial analysis.

This clearly is a document that will grow over time as more information is found out about the ransomware, and what systems have been attacked and which have not.

5. Engage internal and external teams and stakeholders with an understanding of what they can provide to help you mitigate, respond to, and recover from the incident.

The guide provides contact information for CISA, MS-ISAC, as well as the FBI and US Secret Service.

Share the information you have at your disposal to receive the most timely and relevant assistance. Keep management and senior leaders informed via regular updates as the situation develops. Relevant stakeholders may include your IT department, managed security service providers, cyber insurance company, and departmental or elected leaders.

The guide also references the “Public Power Cyber Incident Response Playbook”, which although targeted at power utilities contains advice that would be appropriate for any organisation needing step-by-step guidance on how to engage teams and co-ordinate messaging to customers and the public.

Ideally you do not wait until you are suffering a ransomware attack to read guidance like this, but build a set of your own in advance that is specific to your organisation.

There are many more steps detailed, and good advice offered, in the full MS-ISAC Ransomware Guide and I would strongly recommend it to anyone responsible for securing an organisation against an attack.

Cifas weekly Covid-19 scam update

Cifas, the UK’s leading fraud prevention service, is highlighting the latest coronavirus scams from the past week, and warning the public to stay vigilant of the ever-changing tactics that scammers are using to extract money and information.

Scams notified to Cifas include the use of false FOI requests for business grant applications and fraudsters targeting families organising funerals for loved ones by contacting them and purporting to be from their local authority’s bereavement services team and asking them for credit card details to pay their funeral director.

Amber Burridge, Head of Fraud Intelligence for Cifas, said: ‘Each week we see fraudsters adopting new ways to steal money and information from innocent members of the public. Remember that criminals are preying on people’s fear and anxieties around the pandemic, so never be rushed or pressured into giving anyone your bank or personal details – even if the request appears to be legitimate.

Equifax Cyber Incident

Update

Equifax have posted a statement on their UK website confirming that around 400,000 UK citizens have been affected by the recent cybersecurity hack.

The security breach is limited to name, date of birth, email addresses and telephone numbers and does not include addresses, passwords or financial information.

Equifax  statement.

The UK’s National Cyber Security Centre (NCSC) has warned that the main risk to those affected is the possibility of receiving more targeted phishing emails. The stolen data can be used to make false email messages look very authentic as fraudsters can use your real name and  your telephone number to look like authentic emails.

These phishing emails can come from any source unrelated to Equifax and can look very realistic and can be used to trick unwary recipients into clicking on malicious links or even replying to these fraudsters.

With the stolen telephone numbers there is the opportunity for scammers to attempt to target unsuspecting users with scam phone calls.

The Advice

NEVER share passwords or bank details with anyone on the phone or by email and NEVER click on a link or attachment unless you are absolutely assured that the link is authentic.

If you’re not sure don’t click on it!

The Bank of England’s chief cashier, Victoria Cleland – does not use contactless payment cards.

Larry Elliott Guardian Economics editor

‘I don’t use contactless’: the woman whose name is on British banknotes

Victoria Cleland – Bank of England’s Chief Cashier

It is perhaps not entirely surprising to learn that the woman whose signature adorns Bank of England banknotes is a big fan of cash. She does not use contactless payment cards for personal spending – not least because she is yet to trust the technology completely.

Continue reading “The Bank of England’s chief cashier, Victoria Cleland – does not use contactless payment cards.”

Dynamic Currency Conversion – Benefit or Rip Off?


Dynamic Currency Conversion (DCC) allows you to pay in either your own or the local currency when using an ATM or credit card terminal when abroad.

There are extra costs associated with both options.

UK banks charge fees of up to 3% for most foreign transactions, such as using your debit card to take out cash from cash machines or buy things while you’re abroad

For Irish banks the fees and charges are quite similar.

Using Dynamic Currency Conversion DCC and choosing to pay in your own currency gives you an immediate conversion rate but includes extra fees which are split three ways between the card issuer – your bank, the merchant – the restaurant or store  and the DCC provider.

Every time you press the button “Pay in Your Own Currency” you are inadvertently ripping yourself off.

Most people will choose this option though, as it is counter-intuitive to pay in a foreign currency given the logic that another conversion fee might seem likely.

Large merchants like hotel groups and airlines who take online payments get a cut of the higher customer charges and it is sometimes difficult to locate where you can pay in the local currency to avoid DCC charges.

Pay in the Local Currency

If you choose the option to pay in the local currency you will still be charged exchange fees and this will show on your statement. However the fees will be a lot lower than using DCC.

The UK Cards Association offers the following advice:-

“A retailer or ATM may give you the choice of paying in your
home currency or the local currency. If you pay in your home
currency, make sure the exchange rate is competitive. If you
are in any doubt, pay the bill in the local currency as it will
generally be cheaper.

The Irish Competition and Consumer Protection Commission advises those travelling outside the euro zone that “it is usually more cost effective to pay in the local currency“.

Bottom line

Dynamic Currency Conversion DCC may not be in the same category as other travel scams, but it can be an easy way for you to spend more money than you should when you travel outside your own currency area.

Knowledge is half the battle and I hope this post has given you some ideas on how to avoid being overcharged on your next trip abroad.