Gone are the days when a virus writer was creating viruses for “fun", political or anti-establishment reasons – nowadays it is a big business; whether people are paying to decrypt their data or if they have sent money to a fraudster – and this happens every day.

Technology and software can be used to minimise the risk – but the risk can never be eradicated, mainly due to human behaviours and social engineering.  This is how the majority of the bigger frauds are instigated. Frauds are instigated by criminals, but normally the victim helps them.  Think about what someone is asking you to do.  If you are being asked to click on a link, open a file, send money, verify information... STOP AND THINK

Below is a video that was released by Cifas (the UKs leading fraud prevention service).

It highlights how much information we share – all of which can be used to steal our identity or defraud us.

Our Advice

To help stop you from becoming a victim of cybercrime/fraud;

Office 365 security

Office 365 is an amazing tool for business, the majority of our clients are now using it to deliver e-mail services alongside collaborative working, unified communications and file management. It is so good that it has become the de-facto standard for email provision. 

The popularity of 365 has made it a large target for fraudsters.  The bad news is that ‘out of the box’ Office 365 has some known vulnerabilities.  The good news is that it can be ‘hardened’ to make it much more difficult for a fraudster to take advantage of.

Click here to find out more about Office 365 security.

Office 365 security

Do not click on links

If you are not expecting an email from someone with a link ... do not click on it.  Clicking on a link can trigger all sorts of unwanted events from Ransomware (encryption of all data) through to viruses that can give criminal back door access to your environment.

Be aware of emotive sounding emails such as “Letter of Resignation” or “Notice of Redundancy”.  they are designed to get you to act before thinking.  Check the links. If you hover your mouse over a link (WITHOUT CLICKING IT) it will display the actual address it is going to take you to.

If that does not match – DO NOT CLICK IT.

Do not click on links

Don't give away personal information

Never, ever, respond to emails or phone calls requesting sensitive information.

It is easy for a scammer to find out who works at a company (all the information is on Companies House, LinkedIn, Facebook or any other number of social media platforms) who then use this information to their advantage to pretend to be an employee, director or accountant to harvest information.

They can be very convincing.  This information will be used to try and de-fraud you out of money.

Don't give away personal information

Never issue a payment based on an email

Everyone needs strict financial controls. Your email address is most likely on a database somewhere.  If you have ever filled out an online form (which you have) your details such as name, email address and sometimes passwords are available to scammers). 

If you are registered with an online service that has had a breach (such as LinkedIn, Adobe, Dropbox and the list goes on…) the details you provided to them, including your password is available to scammers.

Financial scams are becoming more and more advanced. It is not just about malware or viruses.  Before paying a new supplier, changing bank details or making an unusual payment speak to the person you are paying. 

NEVER TRUST AN EMAIL ASKING YOU TO MAKE A PAYMENT. 

Never issue a payment based on an email

Passwords

Do not have a file that contains all of your passwords stored on your PC or in your email - if you do get compromised then you have just given a criminal access to everything.  It is worth noting that you shouldn’t write them down and leave them on your desk or top draw unlocked. A password is just as valuable to a criminal no matter how it was found.

Your password should be long.  Try a sentence (they are easier to remember and very secure) e.g. "MyfirstcarregistrationwasKY60RXY"

Also, don’t use the same password for everything ... and ideally use Multi-Factor Authentication if you can (something you know and something you have).

Passwords

Check the email address

To the right is an example of a ‘poor’ spoof. You can tell this is not real because of the domain name – but the sender's name would appear to be Metro Bank …

Some scams use email addresses that are similar – so take time to double-check this if the email is asking you to do something like click on a link or open a file. 

Look at this domain name; www.bigofficecompany.co.uk and now read this one www.bigofflcecompany.co.uk  You may have noticed they are different.  The “i” in office has been replaced with a lowercase “L” … at first glance however they appear to be the same.

Check the email address

Beware of external devices

Don’t plug in personal devices like USB flash drives, MP3 players and smartphones to your computer without having it checked first. 

These devices can be compromised with code waiting to launch as soon as you plug them into a computer – especially if you are bringing in an external device from a home computer that may not be as protected as your work computer.

Beware of external devices

Don't ignore warnings on your PC

Installed antivirus solutions and Windows will on occasion prompt you when there is a problem. If in doubt contact us regarding the message, but don’t ignore them, they are there to warn you of issues.

MS Office for instance will warn if a file has a Macro embedded. Do not enable Macro’s unless you trust the source of the document as Macro’s can contain viruses.

Antivirus Prompts should only warn you of detected threats. If you do not recognise the prompt or security product or if it is attempting to send you to a link then do not proceed and contact us.

Don't ignore warnings on your PC

Are you concerned about your IT Security?

We have a team dedicated to remedy and fix your security issues, and to help you get back up and running, when things have gone wrong.