May 2023 Newsletter

Posted By: Mark Wednesday 14th June 2023 Tags: , , , , , , , , , , , , ,

This month: Cyber fraud is on the rise; supporting St Teresa’s Hospice; ransomware costing businesses more; UK government to review AI models; AI aids medical superbug vaccine search; edit functionality comes to WhatsApp messages.

Newsletter Image: Cyber Fraud

Cyber Fraud Continues To Rise

Banks have been telling the BBC of a huge uptick in fraud since 2022, with major increases seen in online cyber fraud. Barclays told the BBC they were seeing 77% of cyber fraud emanating through social media, online marketplaces, and dating apps, while TSB reported that the cyber fraud they were seeing was driven through impersonation, investment and purchase scams. Within a year, they had seen WhatsApp impersonation scams treble, while fake Facebook Marketplace listings had doubled.

Cyber Fraud Through Social Media

Lloyds said the banking sector has faced an ‘epidemic of fraud’, with NatWest reporting an 87% increase. All the banks noted they were seeing the majority of cyber fraud activity starting out on social media and tech platforms.

While most of the banks are signed up to the Contingent Reimbursement Model Code, which aims to reimburse people if they fall victim to an Authorised Push Payment (APP) scam, Paul Davis, TSB’s director of fraud prevention, said he believed social media companies “must urgently clean up their platforms” to protect consumers.

“It’s high time that social media and telephone companies took financial liability for the rising levels of fraud taking place on their platforms”.

Rocio Concha, director of policy and advocacy at consumer group Which?, said the statistics “expose the worrying scale” of fraud on social media.

Cyber Fraud In Other Forms

Online scams continue to grow, with cyber criminals concocting ever more sophisticated avenues of attack for their cyber fraud activities. They’re quick to adapt their cons to newsworthy tech trends, but there are also a number of old-school cyber scams that continue to be effective.

Falling victim to cyber fraud can be financially devastating, and it’s emotionally draining to have to deal with the fallout when trying to fix things.

Here are a few of the current cyber fraud trends being monitored in 2023.

Loved One Needs Help Scam

A WhatsApp message appears, supposedly from a family member, saying they’ve got a new phone number and need money to pay an urgent bill. Messages often start with a ‘Hello mum’ or ‘Hello dad’ and they’ll provide bank details for you to transfer money to.

These messages will try to create a sense of urgency, so you may send the money before stopping to think more carefully. But caution for any money request is a must. If it feels suspicious, and it should when they’re a close family member claiming a sudden new number, try and reach out to the person via an alternative method to confirm they’re genuine.

Bank Impersonation Scam

Your online bank and credit card accounts no longer just rely on a username and password. They will nowadays rely on an extra layer of authentication (MFA), usually a one-time passcode (OTP), sent to your phone.

An increasingly common form of cyber fraud will see the criminals calling you, claiming to be from your bank’s security team, and warning about some problem with your account.

If they already have your login details, and they’re only after the OTP, the caller may tell you they’re emailing or texting it to you for you to read back to them ‘for verification’. In reality, the scammer’s login attempt triggered your bank to send you the passcode, and so handing it over gives full account access.

If they’re looking to acquire all of your login information, they may instead call up claiming to be your bank’s security team, but asking you to install some software on your device that gives them control over it or allows them to screen share (known as Remote Access Fraud). This will usually involve legitimate IT tech software being used for illegal purposes.

No bank will ever ask you to hand over your OTP, or give them access to your machine to share personal unique login information, access accounts and transfer funds to other accounts. This attempt at cyber fraud can’t work if you refuse to install the software or hand over any information that’s uniquely personal to you.

If you’re contacted by anyone asking you to do this, hang up and call the number printed on the back of your bank card. Or you can call 159, which is ‘a memorable short-code phone service that connects the vast majority of UK banking customers safely and securely with their bank when they receive an unexpected or suspicious call about a financial matter’.

If you do install any software, then immediately disconnect the device from the internet and contact your bank.

Amazon Account Scam

A still-popular ‘older’ scam, regularly seen on BBC’s Scam Interceptors, this cyber fraud involves some similar traits to the bank impersonation scam, above, except in this one the fraudster is pretending to be an Amazon employee confirming a ‘successful payment’ for an Amazon service, such as an Amazon Prime sign up, or for a large purchase made on your account. Sometimes this may be an automated ‘robocall’ that gives you a number to call back if there are any ‘issues’.

At this point you’re telling them that you didn’t make any such purchase, so they then either ask you for your personal details and credit card number to verify the account and give the refund, or they ask you to install software so they can fix the ‘security breach’.

Amazon’s own advice is as follows:

  • Be careful installing apps or software: Amazon will not ask you to install an app or download software in order to receive a refund or to get help from customer service.
  • Never pay over the phone: Amazon will not ask you to provide payment information, including gift cards (or “verification cards”, as some scammers call them), for products or services over the phone.
  • Always verify orders directly with Amazon: Amazon will not call, text, or email you about an order you aren’t expecting, and ask you to urgently confirm the purchase. For any question related to an order, always check Your Orders on Amazon.co.uk or via the “Amazon Shopping” app.
  • Be wary of false urgency: Amazon will not pressure you to act now. Scammers may try to create a sense of urgency to persuade you to do what they’re asking.

Charitable Donation Scams

Unfortunately, Action Fraud receives many reports of cyber fraud in the guise of fake fundraising for victims of the Ukraine war, or other tragedies that are in the news. Scammers attempt to con unsuspecting, good-hearted donors with fake stories and payment links to scam accounts. Others provide phishing links on emails and social media pages for donors to click on and be infected by malware.

Christmas usually sees the largest spike in these types of scam, but be wary of fundraisers popping up related to any story in the media. Research the fundraiser before making any donation. There are many legitimate registered charities that will be raising money for the thing you are looking to give money to.

Cyber Fraud Awareness

Be alert when anyone gets in touch and asks for payment, and never think you’re too clever to be duped! Scammers can spoof sender numbers. Enable multi-factor authentication for all your accounts and never give out any of your personal details.

Report any attempt at cyber fraud to the Action Fraud website or by calling 0300 123 2040.

Newsletter Image: Supporting St Teresa's

Supporting St Teresa’s

St Teresa’s Hospice is a registered charity, providing palliative and end-of-life care and support in South Durham & North Yorkshire. LaneSystems have been working with St Teresa’s since July 2022 and during this time we have formed a close working relationship. We have donated both time and equipment to the hospice to help them carry on doing the work they do so well. Last Christmas, we also sponsored their annual Santa Run.

This month, LaneSystems have donated laptops to further aid with the great work being carried out by St Teresa’s. The laptops will be used for remote working and allow for patients to be visited at home.

Jo Wallis, Director of Income Generation at St Teresa’s, said:

“These laptops are an incredible gift supporting all the work of the Hospice. They will be used to support all our patient services and supporting functions, allowing our teams to work remotely and visit patients at home. Our teams will be able to access accurate information, record, and report activity in real time. This gift will make a significant difference to all the team at the Hospice.”

“On behalf of everyone involved with the hospice, our patients, families, volunteers, and staff we cannot thank everyone at Lane Systems enough for this generous gift.”

About St Teresa’s Hospice

The Hospice was founded in 1986, and their core services are free to those who need them.

The focus of their work is entirely on enhancing the quality of life and helping people to live with their illness, as comfortably as possible. The highly skilled palliative care team enable them to provide a rapid response, round-the-clock service.

Their continuing aim is to provide the best possible care to those who need it, in terms of:

  • quality (measurement and evaluation – understanding the competition)
  • professionalism (through training and personal development)
  • meeting clients’ and their family’s needs

St Teresa’s Hospice aims to provide “CHOICE”:

Complete
Holistic Palliative Care
Offered free of charge
In the patient’s
Chosen
Environment

St Teresa’s believe they will achieve this through good management, through partnerships, fund-raising and recruitment and management of quality personnel in all fields.

Rainbow Rush – Blackwell Meadows, July 9th

Join St Teresa’s on the 9th July at Blackwell Meadows Rugby Football Club for a 5km Powdered Paint Fun Run! Enjoy food and drinks in the club house or their lovely beer garden afterwards, as well as some fantastic stalls to browse on the day too.

Register Today!

Newsletter Image: The Rising Cost Of Ransomware Attack

The Rising Cost Of Ransomware Attacks

The Register reported that US law firm, BakerHostetler, released a report this month noting the rising costs to businesses for dealing with ransomware attacks. The Cleveland-based firm says increasing costs aren’t just in relation to the amount demanded in ransom payment, but also tied to the additional costs of investigating attacks and dealing with any lawsuits that follow from data breaches.

They found a dip in the number of ransomware incidents in early 2022, but have been seeing a rise since the end of the year into 2023.

From roughly 1200 ‘security incidents’ investigated by the company last year, it was found that the average ransom paid was $600,688 – up from $511,957 in 2021. That’s still below the peak of $794,620 during the 2020 pandemic. Roughly 40% of victims paid a ransom. The largest ransom demand was for more than $90 million, with the largest payment in excess of $8 million.

Increased awareness and improvements in business cyber security protocols have helped reduce the numbers being hit, but those slow to shore things up are finding increases in average ransom demands, average ransom payments, and average recovery times across most industries.

The NCSC (UK) and FBI (US) recommend not paying ransoms. While paying is seen as encouraging the criminals to continue, there’s also no way of knowing that data will be restored/returned, or that it won’t still be released/sold after any ransom is paid. You’re systems will still be infected, and you may also be targeted for further attacks when it’s known you pay.

Ransomware Corrupts Data

Because ransomware criminals are aiming to be speedy in their work, spending as little time as possible within your systems, it’s likely the means of encryption are poorly implemented and will corrupt your data. So even paying to get the data restored isn’t getting your important data back exactly how you need it. It can end up being more expensive and time wasting to deal with fixing the corrupted data than if you’d decided not to pay. This, of course, relies on your business employing a robust backup policy to restore from.

Richard Addiscott, senior director analyst at Gartner told The Register:

Restoring from corrupt data dumps delivered by crooks is not easy, Addiscott advised — and that’s if ransomware operators deliver all the data they promise. Plenty don’t — instead they use a ransom payment to open a new round of negotiations about the price of further releases.

That sort of wretched villainy means just four percent of ransomware victims recover all their data, he said. Only 61 percent recover data at all. And victims typically experience 25 days of disruption to their businesses.

Addiscott suggested immutable backups, and an isolated recovery environment, are an excellent combination of defences.

LaneSystems provide a range of services from data recovery, backups, cyber security, cloud services and other IT support and IT consultancy provisions to give your business peace of mind. If you’re a company in or around Teesside, Durham, Tyneside, Northumberland, North Yorkshire, or anywhere in the North East of England, give us a call to discuss your requirements.

Newsletter Image: Artificial Intelligence Government Review

UK To Review AI Models

As the debate rages about the growing integration of artificial intelligence in everyday life, the industry is facing greater scrutiny over the pace at which the technology is developing. As questions are raised about its ability to mimic human behaviour, the fears of it taking over most jobs, concerns over data privacy and the potential to aid crime and misinformation, some tech experts have called for further research and understanding of the area.

The UK’s Competition and Markets Authority (CMA) is to review the Artificial Intelligence market to examine how these models will provide benefits to all consumers, along with making sure that no single model dominates the market. The goal being to ensure future innovation in AI continues in a way that benefits consumers, businesses and the UK economy.

The government has asked regulators, including the Competition and Markets Authority (CMA), to think about how the innovative development and deployment of AI can be supported against five overarching principles: safety, security and robustness; appropriate transparency and explainability; fairness; accountability and governance; and contestability and redress. The CMA says AI development has raised issues over safety; security; privacy; intellectual property and copyright; and human rights.

This initial review will:

  • examine how the competitive markets for foundation models and their use could evolve
  • explore what opportunities and risks these scenarios could bring for competition and consumer protection
  • produce guiding principles to support competition and protect consumers as AI foundation models develop

While two companies are dominant in AI — Microsoft, with ChatGPT, and Google, with its rival, Bard — other companies are entering the space to introduce their own flavour of AI system.

Sarah Cardell, Chief Executive of the CMA, said:

“AI has burst into the public consciousness over the past few months but has been on our radar for some time. It’s a technology developing at speed and has the potential to transform the way businesses compete as well as drive substantial economic growth.

“It’s crucial that the potential benefits of this transformative technology are readily accessible to UK businesses and consumers while people remain protected from issues like false or misleading information. Our goal is to help this new, rapidly scaling technology develop in ways that ensure open, competitive markets and effective consumer protection.”

The CMA will assess what are the likely implications of the development of AI foundation models for competition and consumer protection, with a view to publishing its findings in a September report.

Newsletter Image: Artificial Intelligence in Science

AI Aids Antibiotic Science

Scientists have used artificial intelligence to help find a promising new antibiotic that can target a deadly superbug.

A study, published in Nature Chemical Biology, reports the use of AI in discovering abaucin, an effective drug against the dangerous Acinetobacter baumannii bacteria, a hospital superbug that is resistant to many current antibiotics and can cause extremely dangerous infections.

Researchers trained the AI deep learning model by using thousands of drugs with their known chemical structure that had been manually tested on the superbug. This information aided the AI to understand which features in drugs were effective on the bacteria. The AI was then able to quickly narrow down a short list of potential options for further study.

The researchers were then able to test 240 in the lab, leading to the discovery of 9 serious options. One of those, abaucin, is incredibly potent and, incredibly, targets Acinetobacter baumannii specifically. While antibiotics are generally indiscriminate at killing bacteria, this one had little to no effect on other tested bacteria.

After positive lab results, the team can now hone the drug and look to move it to clinical trials. It’s still a long, slow process, but the injection of AI has sped up the initial research aspect of things. AI could be used to screen millions of potential compounds, which is something that would be simply impractical to carry out manually.

Jonathan Stokes, assistant professor at McMaster University’s department of biomedicine and biochemistry, said:

“This work validates the benefits of machine learning in the search for new antibiotics”

“Using AI, we can rapidly explore vast regions of chemical space, significantly increasing the chances of discovering fundamentally new antibacterial molecules”.

Prof Dame Sally Davies, former chief medical officer for England and government envoy on anti-microbial resistance, told Radio 4’s The World Tonight:

“We’re onto a winner.”

“[AI is] a big game-changer, I’m thrilled to see the work he [Dr Stokes] is doing, it will save lives”.

Newsletter Image: WhatsApp

WhatsApp Introduces Message Editing

In a move to match a feature offered by competitors, Telegram and Discord, the Meta-owned instant messenger service is rolling out the ability to edit a sent message for up to fifteen minutes after it’s been sent.

In a blog post on the WhatsApp website, they posted:

From correcting a simple misspelling to adding extra context to a message, we’re excited to bring you more control over your chats. All you need to do is long-press on a sent message and choose ‘Edit’ from the menu for up to fifteen minutes after.

Edited messages will display ‘edited’ alongside them, so those you’re messaging are aware of the correction without showing edit history.

They join a growing number of platforms offering the functionality. Facebook introduced it around a decade ago. At the time user data showed more than half of users accessing the social media platform on mobile phones which are prone to typing errors. Twitter are also offering some edit ability to Twitter Blue subscribers.

So, whether a basic mistake or a complete change of mind, editing is there to save some degree of embarrassment or stress.