November 2023 Newsletter

Posted By: Mark Tuesday 12th December 2023 Tags: , , , , , , , , , , , , , ,

This month: Online scams warnings during the Christmas shopping period; team news, NCSC issues UK infrastructure warning, annual bad passwords report, ICO cookie policy warning and AI is Collins Word Of The Year.

Newsletter Image: Online Scams warnings

Online Scams Warnings

As we head towards Christmas, online shopping regularly reaches record levels at this time of year. Black Friday & Cyber Monday have expanded to be a month of sales, and then we’re straight into Christmas and New Year discounts. While punters are searching for a bargain, cyber criminals are exploiting this active period with various online scams and phishing expeditions.

We’re seeing a spike in spam phishing emails and posts from fake social media accounts attempting to dupe unsuspecting bargain hunters into parting with their cash for non-existent goods, or else giving up their personal information, banking credentials and credit card details.

Online Scams Through Fake Websites

As seen during the demise of stores such as Wilko, cybercriminals are quick to set up fake sites to take advantage of those thinking there may be bargains to be had. Sales and holidays periods are no different, with online stores popping up to take advantage of the season.

There’s often great demand for the ‘popular’ presents being promoted each year. Online scams attempt to cash in on the hype and the fight to get an item before it’s gone. Professional scammers can set up very realistic, genuine looking sites. They’ll then display prices that aren’t unbelievably cheap, but are almost too good to be true, that will get the attention of just enough people.

Online Scams Through Social Media

Social media is heavily used in online scams by promoting fake goods for direct sale though the various market places, and also linking to the scam websites.

Common social media shopping scams include fake ads offering goods at a discounted price. Once people pay, the scammers disappear without ever delivering any product. Scammers also create fake social media accounts and use them to promote fraudulent products or services with fake influencer traffic. They use bots or other automated means to artificially inflate the number of followers, likes, and comments on social media platforms, to give a veneer of popularity and credibility in order to trick people into buying the fake products or services.

Fake accounts also attempt phishing scams by sending messages that appear to be from legitimate sources, such as banks or social media platforms, to trick you into giving them your personal information. The scammers want to steal details for identity theft purposes, to set up new accounts, or take over other genuine user accounts to spread their criminal activity.

Scammers can benefit from using legitimate URL shorteners to mask the real fake link that take you to scam sites or attempts to infect the device with malware.

It’s important to be vigilant when shopping on social media and to take steps to protect your personal information. If you’re ever unsure about a message or request you receive on social media, it’s best to err on the side of caution and not respond.

Online Scams through Phishing Emails and Text Messages

At this time of year, you see an uptick in special discount offers, gifts for completing surveys, and specially selected prize draw winners, filling inboxes. These email designs will match the look and feel of those sent out by big name companies, however, they’ll be attempting to get you to click on malware links or taking you to scam sites to steal your personal information.

Some examples we’ve seen lately include a ‘Message From Argos’ informing us we’re randomly selected to partake in a short survey in return for winning a Shark vacuum cleaner; A £100 McDonalds Gift Card for participating in a promotional campaign; A 170-Piece Stanley Tool Kit from Screwfix in return for a short survey, and more. Needless to say, these offers were nothing but online phishing scams. The email addresses of the senders were nothing to do with any of the companies they claimed to be.

During a time when lots of online orders are being shipped across the country, it’s worth reminding everyone to be aware of scam messages pretending to be delivery companies claiming attempted delivery of goods. These phishing emails and texts will usually be looking for you to ‘reschedule a delivery’ by entering a lot of personal information, including credit card info. Be very cautious of any email or text related to parcel deliveries.

Some Tips To Help Keep You Safe From Online Scams

Good security advice for avoiding online scams rarely changes year-on-year. Here’s some general guidance from various official security sites.

  • Shop on familiar websites: Stick to popular and well-known websites, or smaller, established, businesses that have been around for a reasonable amount of time and have clear genuine contact options. Probably best to avoid any site with a contact form as the only means of contact. Take extra care over slightly misspelled URLs or unusual domain name suffixes.
  • Research the seller: Before making a purchase, perform your due diligence. Look at how long they’ve been in existence, check for any customer reviews online, ask other people you know and trust if they’ve had any dealings with the company, etc.
  • Look for the lock: Always check if the site you’re buying from is secure. Look at your browser’s address bar and ensure that it displays a lock icon near the URL, which indicates it’s secure for transmitting encrypted data.
  • Use a credit card or payment service: Credit cards, and payment services like PayPal, offer additional protection against fraudulent charges. You are able to dispute charges if an item fails to arrive or isn’t as described. Never pay by bank transfer for online goods.
  • Use strong passwords: Use a unique and complex password for each online account. Avoid using the same password across multiple accounts, and use a password manager to keep track of everything so you don’t have to.
  • Don’t click on links: Avoid clicking on links in unsolicited emails or text messages.
  • Outsmart email scams: Be wary of emails that ask for your personal information or urge you to act quickly. Scammers often use urgency to pressure you into making a hasty decision so be wary of any pushy behaviour. Verify the sender’s email address. If it appears to be a major company, contact them via another method not provided in the email, such as through the contact details on their website by typing in the web address into a new browser tab, or maybe speak to someone in their stores.

And in term of more general IT safety advice, consider the following:

  • Put devices on lockdown: Use a passcode or biometric authentication to lock your devices when not in use. This will prevent unauthorised access to your personal information.
  • Avoid public Wi-Fi networks: Public Wi-Fi networks are often unsecured and can be easily hacked. Avoid using them when making online purchases or accessing sensitive information. Instead, use a virtual private network (VPN) to encrypt your internet connection.
  • Update your software: Keep your operating system, browser, and antivirus software up-to-date to protect against security vulnerabilities.

Be alert, stay safe and enjoy yourself.

Newsletter image: LaneSystems team news

LaneSystems Team News

A couple of shout outs to the team this month.

Firstly, we welcome new Service Desk Technician, Robbie Templeman, to our LaneSystems family. Robbie is a Japanese car aficionado with a penchant for vinyl treasures from favourite artists. When not cruising in his beloved Toyota Crown, he is embracing the latest in technology with unwavering passion.

It’s also a happy yeariversary to our 3rd Line Technician, Jason Weatherill. Since joining LaneSystems, Jason has been busy keeping our clients safe and happy. Thank you for your hard work!

Newsletter Image: NCSC Warning Over UK Critical Infrastructure

NCSC Warning Over UK Critical Infrastructure

In its latest annual review, the National Cyber Security Centre warns that the country’s critical sectors are facing ‘enduring and significant’ threat, led by a rise of state-aligned groups, alongside an increase in aggressive cyber activity.

It warns that the UK needs to accelerate work to keep pace with the changing threat, particularly in relation to enhancing cyber resilience in critical sectors such as those providing safe drinking water, electricity, communications, transport and financial networks, and internet connectivity to the country.

State-aligned threat actors have been a notable emergence in the last year. These threats are said to be idealogically motivated, rather than financially, and are, usually, sympathetic to Russia’s invasion of Ukraine.

The NCSC is concerned about threats posed by states and state-aligned groups relating to Russia, China, Iran and North Korea while emphasising its commitment to safeguarding democracy around the world.

NCSC CEO Lindy Cameron said:

“The last year has seen a significant evolution in the cyber threat to the UK – not least because of Russia’s ongoing invasion of Ukraine but also from the availability and capability of emerging tech.

“As our Annual Review shows, the NCSC and our partners have supported government, the public and private sector, citizens, and organisations of all sizes across the UK to raise awareness of the cyber threats and improve our collective resilience.

“Beyond the present challenges, we are very aware of the threats on the horizon, including rapid advancements in tech and the growing market for cyber capabilities. We are committed to facing those head on and keeping the UK at the forefront of cyber security.”

UK and US develop new global guidelines for AI security

After the release of their annual report, the NCSC also released new guidelines for secure AI system development that they say will ‘help developers of any systems that use AI make informed cyber security decisions at every stage of the development process’.

The UK has led the initiative, with agencies from eighteen partner countries signing up to endorse and co-seal.

NCSC CEO Lindy Cameron said:

We know that AI is developing at a phenomenal pace and there is a need for concerted international action, across governments and industry, to keep up.

These guidelines mark a significant step in shaping a truly global, common understanding of the cyber risks and mitigation strategies around AI to ensure that security is not a postscript to development but a core requirement throughout.

I’m proud that the NCSC is leading crucial efforts to raise the AI cyber security bar: a more secure global cyber space will help us all to safely and confidently realise this technology’s wonderful opportunities.

Newsletter Image: Bad Passwords Annual Report

Bad Passwords Annual Report

It’s that time of year when NordPass releases its password habits report – the annual stark reminder of how bad people are at protecting their account logins.

For the 4th time out of the 5 years of study, ‘123456’ was the most popular password choice, globally, with variations from ‘1234’ to ‘1234567890’ also making it high on the list. ‘admin’ and ‘password’ also remain steadfastly high. When looking at the UK, specifically, it’s generally the same story but with an added sprinkling of football teams. All of these efforts take a fraction of a second to hack.

Top Ten Passwords, Globally

  1. 123456
  2. admin
  3. 12345678
  4. 123456789
  5. 1234
  6. 12345
  7. password
  8. 123
  9. Aa123456
  10. 1234567890

Top Ten Passwords, UK

  1. 123456
  2. password
  3. qwerty
  4. liverpool
  5. 123456789
  6. arsenal
  7. 12345678
  8. 12345
  9. abc123
  10. chelsea

The Password Problem

NordPass cites various to cyber security reports to tell us that 86% of all web app attacks use stolen redentials, 18% of the most common items for sale on the dark web are online accounts, emails, and passwords, 24 Billion credentials have been breached since 2016, and that the average person has 100 passwords to remember.

Fundamentals of password safety

NordPass provides some valuable information regarding good password hygiene.

Use complex passwords

Your password should be at least 20 characters long and include a mix of uppercase and lowercase letters, numbers, and special symbols. Avoid using easily guessable information like birthdays, names, or common words.

Never reuse passwords

Never use the same password across multiple sites or services. If one account gets compromised, all your accounts could be at risk.

Check your passwords

Take the time to regularly assess your password health. Identify weak, old, or reused passwords and improve with new and complex ones for a safer online experience.

Use a password manager

Generate and store complex and unique passwords for each of your accounts with the help of a good, reliable, password manager. These tools can generate, retrieve, and store complex passwords for you, and take away the need to remember different passwords for each different login you have.

ICO Issues Cookie Policy Warning

Some of the UK’s most visited websites have been warned they could be fined if they don’t make it clearer that cookies are optional.

The Information Commissioners Office issued a statement on November 21st saying it had written to many of the most popular sites regarding their compliance with UK data protection laws. They believe many major sites aren’t giving users “fair choices” about their use, and say it’s a legal duty of sites to make it as easy to ‘reject all’ cookies as it is made to ‘accept all’.

While there are some cookie uses that relate to site functionality, many are used for tracking and tailored marketing purposes. The ICO wants opting out of these cookies to be clear and simple.

They say that anyone who receive such communication will be given 30 days to comply, while an update on its work to tackle offenders will be provided in January, including details of companies that have not addressed their concerns.

ICO, GDPR & PECR

The Privacy and Electronic Communications Regulations (PECR) cover the use of cookies and similar technologies for storing information, and accessing information stored, on a user’s equipment such as a computer or mobile device.

The ICO website provides guidance.

Newsletter Image: AI Named Word Of the Year

AI Named Word Of the Year

You may be forgiven for thinking that Artificial Intelligence has already been part of our lives for a long time, by now, but it was only earlier this year that OpenAI made ChatGPT available to the general public for work and play. Soon followed by Google’s Bard, and a whole slew of other offerings up to the latest, Q, from Amazon.

There has been much debate about the ‘good’ and the ‘bad’ of AI for Humanity, with some of the major tech players, and the world’s politicians, arguing the merits, ethics, and potential effects in the future.

Given the level of noise about AI this year, it’s maybe unsurprising to find it has been named Collins Word of the Year 2023, beating out ‘Bazball’, ‘deinfluencing’, ‘nepo baby’, ‘ultraprocessed’, ‘canon event’, ‘debanking’, ‘greedflation’, ‘semaglutide’, and ‘Ulez’.

Considered to be the next great technological revolution, AI has seen rapid development and has been much talked about in 2023, and the publisher said it “has accelerated at such a fast pace and become the dominant conversation of 2023”. Use of the term has quadrupled in the last year.

Alex Beecroft, the managing director of Collins, said there was “no question” that AI had been “the talking point of 2023”.

“We know that AI has been a big focus this year in the way that it has developed and has quickly become as ubiquitous and embedded in our lives as email, streaming or any other once futuristic, now everyday technology.”

In contrast, but also related to AI, Cambridge Dictionary declared their word of the year to be ‘hallucinating’ — owing to the popularity of large language models (LLMs) like ChatGPT, which sometimes produce erroneous information — while Merriam-Webster made ‘authentic’ its word, in relation to the generation of AI content blurring the line between real and fake.