C-suite executives are becoming increasingly concerned about the growing threat quantum computing presents to cyber security and are less concerned about other novel tech like deepfakes.

While it’s still only a theoretical issue, the scale of the problem quantum would pose has led many companies to plan for it in advance, an expert has said.

“You don’t have any type of proven attacks that can crack encrypted traffic and encrypted data, but they’re really, really worried about it,” said Itai Greenberg, chief strategy officer at Check Point, to ITPro.

A particular concern is the ‘steal now, crack later’ approach, in which hackers could covertly exfiltrate encrypted data today in the hope that years down the road they can decrypt it using quantum computing.

“The magnitude of the impact that something like this can cause to the world is enormous. The whole internet is based on basic encryption algorithms that we all use.”

“I’ve been asked by different, large financial and government institutions about this recently,”

Prominent figures such as John Roese, global chief technology officer (CTO) at Dell, have previously told ITPro that quantum poses a larger threat than AI, though it also carries a range of benefits such as a generational leap in computing speeds.

The UK government announced support for more research into quantum computing in the Spring Statement, while Microsoft is pursuing its own quantum supercomputer.

Despite the alarm raised at the board level, it may not be until the end of the decade that quantum computing is achieved. 

A threat that Greenberg described as ‘more realistic’ than quantum computing in the short term is that of deepfakes. 

This is the technology that allows people to alter their appearance in pre-recorded videos or even over a live conference call, and can be used for novelty or by a criminal to trick a victim into thinking someone they’re not.

Real-time deepfakes were used to trick politicians such as the Mayor of Berlin, and deepfaked audio files like those produced by Microsoft’s VALL-E can be used to believably play the role of a trusted individual over the phone or via audio files in an email.

Greenberg said the threat was considered “niche” in boardrooms at present, and customers are far more concerned about quantum computing than this other novel technology. 

The threat of adding deepfake technology to traditionally successful attacks like ransomware and phishing has been hypothesised for years, since the technology started to become renowned.

The threat has always thought to be real, but one that would arrive in the future. Over the past few years, the technology has become more mature and increasingly convincing across both video and voice, sparking fears that it could usher in a new era of cyber crime sooner rather than later.

“But the quality of deepfake videos and sounds is becoming so good that I can see how this could become a major threat to the world,” said Greenberg.

“On the voice, it’s a much better job than the video level. It’s very, very impressive on the video level but it still feels a little bit fake. But it won’t take too long until it becomes amazing… I’m not talking about years, I’m talking about months.”

He noted that there is no widely-available solution for detecting deepfake videos or calls at present, but that work is ongoing to develop tools rooted in AI to achieve this.

Intel has developed its own tool for detecting deepfakes in real time, called FakeCatcher. It works by picking out key details in an individual’s face, then using deep learning to analyze the changing color of blood under their skin. 

This is a feature of biology that deepfakes cannot reproduce, so works as an effective marker that a person is really who they appear to be. Intel claims it has a detection accuracy of 96%, and that this even applies to heavily compressed video.

In the meantime, Greenberg stressed that companies should continue to bear in mind that there are always new technological challenges but that existing best practices should be upheld.

One way in which companies are assessing their own core security standpoints right now is by looking at their cloud infrastructure.

Greenberg said that many companies have struggled to effectively distribute their security when they moved to the cloud, and lost the hard and fast firewall and security barriers they previously enjoyed in on-prem storage and computing.

“From a security standpoint, the cloud as we know it is very prone to mistakes,” he also noted.

“A small mistake that you make in the cloud can put you in a position of big risk, whereas when you make a small mistake on-prem you still have the defense of the perimeter.”

Many companies moved to the cloud in the past few years, but in light of the complexities it presents this pace may have slowed down. Greenberg urged companies to establish a clear, consolidated security platform in the cloud rather than relying on disparate security products.

“I think that customers are gradually and slowly moving critical machine applications to the cloud. They started by shifting a lot of IT applications to the cloud, but as they are moving their mission critical elements they’re taking baby steps to do it properly.”

The UK branch of cosmetics giant Shiseido has reportedly fallen victim to a data breach involving personal details belonging to “hundreds” of former and current employees.

The Japanese company has been accused of failing to notify the affected staff that their data, including address information, passport and ID images, and bank details, had been stolen.

Several employees have reported being victims of fraud, with their personal data being used to open fraudulent businesses as well as take out bank loans and insurance, according to testimonies obtained by beauty industry watchdog Estee Laundry.

Shiseido’s management and HR department had reportedly “denied responsibility, refusing to contact ex-employees to alert them”.

“We have had to contact ex-colleagues and staff ourselves,” one anonymous source told Estee Laundry, adding that the company’s HR and legal teams “refused to offer any help”.

This has resulted in some victims of the breach being forced to take on the scammers themselves as well as cover the expenses of having their names cleared. After discovering in March that their personal information had been used to open a fraudulent business, another anonymous employee was forced to “pay court fees to get [themselves] removed from the company”.

Another former employee said that they had “spent over a month deleting and deactivating accounts” while not knowing how scammers managed to obtain the personal data.

In both cases, the victims were ultimately notified about the data breach by former Shiseido colleagues. The incident is said to be limited to Shiseido’s UK branch.

Shiseido wasn’t immediately available to comment on the allegations. If confirmed, this would be the second mass data breach involving the cosmetics company in six years, following a 2016 case that saw the personal details of 420,000 customers leaked. The data obtained by the hackers included credit card information belonging to 56,000 users who had made purchases through Shiseido’s online store over a time period close to five years, between 14 December 2011 and 4 November 2016.

Shiseido is known to use single sign-on (SSO) authentication provided by CyberArk Identity for its 30,000 employees worldwide.

Social media sites and search engines will have a legal duty to “do more” to protect UK users from harmful, fraudulent and misleading advertisements.

This is according to the latest update to the Online Safety Bill, which aims to regulate the UK’s digital landscape.

It comes as the Department for Digital, Culture, Media & Sport (DCMS) and the Home Office launched a consultation into improving the “transparency and accountability” of the UK’s online advertising market – the largest and fastest-growing in Europe.

If the legislation is passed, regulator Ofcom will have the power to verify whether social media sites and search engines such as Facebook and Google have implemented systems to “prevent and remove fake adverts”.

If the platforms are caught falling short, the watchdog will be able to not only block the service from functioning in the UK but also issue a fine of up to £18 million pounds or 10% of the company’s global annual turnover.

Culture secretary Nadine Dorries said that the legislation comes amid “calls to strengthen our new internet safety laws”.

“These changes to the upcoming Online Safety bill will help stop fraudsters conning people out of their hard-earned cash using fake online adverts,” she added.

One of the people campaigning for stronger e-safety regulations is Which? chief executive Anabel Hoult, who described the government’s announcement as “great news” that “could make a huge difference to stemming the tide of fake and fraudulent ads on social media and search engines”.

However, Hoult also called for legislators to ensure that Ofcom is equipped with “the support and resources it needs to hold companies to account and take strong enforcement action where necessary”.

According to Geraint Lloyd-Taylor, partner in the advertising and marketing team at law firm Lewis Silkin, the watchdog will have to ensure that tech giants take the legal duty to protect their users from harmful ads seriously.

This will include “taking reasonable steps to ensure those ads don’t make it onto their platforms in the first place, and ensuring that ‘repeat offenders’ are banned from placing harmful ads on their platforms”.

“If platforms fail in those duties, it is very likely Ofcom will be empowered to impose significant financial penalties. The advertisers themselves will continue to answer to the Advertising Standards Authority (ASA), as the ASA will continue to be the relevant regulator when it comes to the content of those ads," he told IT Pro.

"In more serious cases of fraudulent and scam ads, the police and other regulators will continue to play a role in prosecuting the individuals and companies that created and paid for the scam ads, though that is easier said than done in practice."

Lloyd-Taylor also described the latest addition to the Online Safety Bill as “not unexpected”.

“The two committees that recently reported back on the draft Online Safety Bill [i.e. the Joint Committee and DCMS sub-committee] both recommended that some types of harmful paid-for advertising should be included in the scope of the updated Bill,” he added.

Online content fraud levels spiked at the start of the COVID-19 pandemic and reached record numbers in 2021. COVID-related scams, such as duping victims with promises of life-saving medication, vaccines, or financial support, were especially popular, with cyber criminals raking in £34.5 million in the first 12 months of the pandemic.

In April 2020, days after the NCSC reported that it had taken down 2,000 online scams, of which 471 were from fake online shops, Google announced that all advertisers would have to be verified before they are allowed to buy ad space on the search engine’s platform.

A quarter (24.77%) of all spam emails sent in 2021 originated from Russia, with more than half (56%) of all emails being spam messages.

That's according to Kaspersky’s latest Annual Spam and Phishing Report, which analysed close to 150 million malicious email attachments blocked by the cyber security provider’s antivirus over the course of last year.

Kaspersky identified 10 countries that were responsible for sending out more than three quarters of the world’s spam emails, with Russia and Germany (14.12%) being the most prolific senders.

The US and China came in third and fourth place, at 10.46% and 8.73% respectively. The Netherlands (4.75%) came in fifth place, followed by France (3.57%), Spain (3%) and Brazil (2.41%), Japan (2.36%), and Poland (1.66%).

When compared to 2020, Russia and China had the most significant rise in sent spam – a 3.5% and 2.5% increase, respectively.

Brazil-based users were most often targeted by phishing attacks, with 12.4% of 2021’s victims being based in the South American country, followed by French, Portuguese, and Mongolian users.

When it came to content, 2021’s spam emails mostly centred around popular topics including money and investment, Bond and Spider-Man movie premieres, and the pandemic, which Tatyana Shcherbakova, security expert at Kaspersky, described as “bread and butter for scammers”.

The most notable COVID-related scams included fictitious financial support schemes and fake COVID vaccination passes and QR codes, Kaspersky found.

“These scams prove to be very efficient as people continue to trust too much of what they see in their inboxes and browsers. We believe it is important to be aware that there are a lot of offers out there that seem “too good to be true”,” she said, calling on people “to be cautious when it comes to trusting what’s in their email”.

“This approach may help them save their private data and money,” Shcherbakova added.

Kaspersky’s findings come weeks after Microsoft issued a warning about hackers targeting Microsoft 365 users with a fake app capable of stealing OAuth authentication tokens, providing them full access to the victim's email, calendar, and contacts.

The UK government “failed to put adequate fraud prevention measures in place” when launching the Bounce Back Loan Scheme, which intended to help SMBs weather the economic effects of the pandemic.

That's according to findings from the National Audit Office (NAO), which criticised the government for its plan to recover only £6 million over the next three years, out of the £4.9 billion of relief funds lost to scammers since the launch of the scheme in May 2020.

The target, which is around 0.1% of the stolen funds, has been deemed as “inadequate” by the NAO in a new report.

“Compared with the scale of its ‘most likely’ estimate of £4.9 billion of fraudulent loans, both the £32 million additional budget for counter-fraud operations, and its target to recover at least £6 million of fraudulent loans from organised crime, are inadequate,” the report concluded.

The criticism comes months after the Department for Business, Energy and Industrial Strategy found that more than one in ten (11%) of the accepted applications for the Bounce Back Loan had been fraudulent. The NAO noted that the figures, which were published in March 2021, “are highly uncertain”.

Commenting on the release of the report, NAO head Gareth Davies said that the government “prioritised getting Bounce Back Loans to small businesses quickly but failed to put adequate fraud prevention measures in place”.

“One impact of these decisions is apparent in the high levels of estimated fraud. The true level of fraud will become clearer over time, but it is clear [that the] government needs to improve on its identification, quantification and recovery of fraudulent loans within the scheme,” he added.

The Bounce Back Loan Scheme was created to support businesses during the pandemic and offered loans of up to £50,000, or a maximum of 25% of annual turnover. More than 90% of the total £47 billion in loans, an estimated £39.7 billion, had gone to the smallest businesses, with a turnover below £632,000.

The Federation of Small Businesses’ (FSB) national vice chair Martin McTague told IT Pro that the high level of fraudulent loans was likely due to the fast pace of loan approvals:

“The government and British Business Bank were faced with an extremely difficult task: getting cash into as many of these small firms as possible, as quickly as possible, whilst rightly doing all they could to shut out fraudsters in a fast-moving situation. After weeks of the original interruption loan scheme simply not working for the smallest firms most in need, hold ups with the bounce back programme would have been catastrophic,” he said.

A spokesperson for the Department for Business, Energy and Industrial Strategy told IT Pro that it is “continuing to crack down on Covid-19 fraud and will not tolerate those that seek to defraud the British taxpayer”.

“We are working closely with lenders and enforcement authorities to minimise fraud and ensure those that have committed fraud face consequences,” they added.

Small and medium-sized businesses (SMBs) are being urged to update their software ahead of Black Friday and Cyber Monday to avoid financial and reputational damage.

The warning comes after the National Cyber Security Centre (NCSC) identified 4,151 online shops that had been compromised using a vulnerability within the e-commerce platform Magento. With 250,000 clients, the Adobe subsidiary is the third-largest e-commerce system globally, after WooCommerce and Shopify.

NCSC alerted the affected retailers of the vulnerability in late September, with Magento issuing a security patch on 12 October.

All online businesses are being urged to update their software, as the mass shift to e-commerce since the start of the pandemic has caused more customers to shop online than ever before, increasing their risk of falling victim to online scams.

Hence, the NCSC has issued guidance on running a secure website and avoiding threats including skimming, which has been described as “a threat to all retailers” by British Retail Consortium assistant director Graham Wynn.

The trade association has urged “all retailers to follow the NCSC’s advice and check their preparedness for any cyber issues that could arise during the busy end of year period”.

NCSC deputy director for Economy and Society, Sarah Lyons, said that the agency wants “small and medium-sized online retailers to know how to prevent their sites being exploited by opportunistic cyber criminals over the peak shopping period”.

“Falling victim to cyber crime could leave you and your customers out of pocket and cause reputational damage. It’s important to keep websites as secure as possible and I would urge all business owners to follow our guidance and make sure their software is up to date,” she added.

Last year, Check Point’s security researchers observed a sharp increase in the number of phishing exploits in the run-up to Black Friday and Cyber Monday, with phishing emails having increased by over 13 times in early November 2020. In December 2020, RiskIQ security researchers discovered around 37,000 fake retail websites set up to scam holiday shoppers, with 208 domain infringement events containing only “Black Friday,” “Cyber Monday,” “Boxing Day,” or “Christmas”.

HM Revenue and Customs (HMRC) has warned taxpayers that the approaching Self Assessment deadline could be used by fraudsters to commit financial and identity theft.

The warning comes as the department prepares to issue over four million emails and text messages that will remind Self Assessment customers of the 31 January 2022 deadline.

This could provide an opportunity for scammers to pose as HMRC in an effort to obtain money or personal data from unsuspecting taxpayers.

The department stated that 2021 has already seen 797,010 tax-related scams reported so far, out of which 357,567 offered fake tax rebates. It has also worked to take down 8,561 malicious websites as well as received 327,044 reports of phone scams in total – an increase of 21% since 2020.

HMRC’s director general for Customer Services, Myrtle Lloyd, warned taxpayers to not allow themselves to “be rushed” into transferring money or giving out personal information when contacted by someone claiming to be from HMRC.

She also said that it’s not in HMRC’s practice to “ring up threatening arrest” – a common form of scam that attempts to threaten people into paying out large sums of money.

“Only criminals do that,” said Lloyd, adding that “scams come in many forms”.

“Some threaten immediate arrest for tax evasion, others offer a tax rebate. Contacts like these should set alarm bells ringing, so if you are in any doubt whether the email, phone call or text is genuine, you can check the ‘HMRC scams’ advice on GOV.UK and find out how to report them to us,” she said.

The warning comes weeks after a new Ofcom report revealed an alarming uptick in smishing attacks, with three quarters of adults under the age of 35 having received text scams. Based on the findings, the regulator estimates that 44.6 million people were targeted by scam calls and texts over the summer of 2021.

HMRC stated that it’s working with Ofcom as well as the wider telecoms industry to remove more than 1,282 phone numbers being used to commit HMRC-related phone scams.

Three quarters (75%) of adults under the age of 35 have received text scams in the last three months, as threat actors look for new methods to target victims.

This comes as more traditional forms of phone scams, such as phone calls containing a recorded voice messages or live calls, are on the decline – having been received by only 39% and 32% of 16 to 34-year olds, respectively, according to new findings from Ofcom.

The trend is visible across all age groups except for adults over the age of 75, out of which only 55% admitted to having been the target of a ‘smishing’ attempt, a common example of such being a fake text message from the Royal Mail. In the same age-group, 57% said they had received a live voice call from scammers, a popular example of such being a phone call about supposed issues with the potential victim’s internet service.

Overall, 71% of the 2,000 UK adults surveyed by Ofcom had received a scam text message in the last three months, while 44% received a phone call with a recorded messages, and 41% were a target of a live phone call from scammers.

Based on the findings, the regulator estimates that 44.6 million people were targeted by scam calls and texts over the summer of 2021.

Ofcom’s Scams Survey 2021 is the first of its kind that compares the prevalence of scam phone calls to fraudulent text messages, following previous research from enterprise security provider Proofpoint that found ‘smishing’ attempts had increased 700% in the first six months of 2021.

Ofcom's Networks and Communications group director Lindsey Fussell said that scammers’ tactics were “becoming increasingly sophisticated”, adding that “phone and text scams can cause huge distress and financial harm” to the victims.

Fussell urged the public to stay alert to any unsolicited phone calls and forward any scam messages to the authorities:

“Put the phone down if you have any suspicion that it is a scam call, and don’t click on any links in text messages you’re unsure about. Report texts to 7726 and scam calls to Action Fraud or Police Scotland,” she said.

An Android Trojan campaign has been charging unsuspecting victims around €36 (£31) per month since at least November 2020, researchers have found.

Known as GriftHorse, the Trojan masquerades under seemingly innocent Android applications such as puzzle games, educational software, dating apps, as well as a translator that had garnered more than 500,000 downloads alone.

The GriftHorse campaign was developed using the Apache Cordova mobile application development framework, which allows developers to use HTML5, CSS3, and JavaScript for cross-platform mobile development. However, the technology also makes it possible for the developers to deploy updates to apps without requiring users to update the app manually.

Although oftentimes useful for quick fixes, this capability can also be abused to host malicious code on the server as well as execute it in real-time.

Once an app was downloaded, victims were asked to verify their identity using an SMS code which, in reality, subscribed them to being charged around €36 (£31) per month through their ​​phone bill. Many of the affected users failed to notice the theft for the first few months, and were only able to stop the unsolicited payments by contacting their mobile network provider.

This means that, as of today, some 10 million victims from over 70 countries, including the UK, could have lost €360 (£310) each to cyber criminals.

Researchers from mobile security company Zimperium zLabs reported the Trojan to Google earlier this year, which in turn removed the malicious applications from the Google Play store. It's likely that the last payment will have been taken in April 2021, when the campaign was last reported active.

Zimperium’s researchers believe that the malicious apps “are still available on unsecured third-party app repositories” and continue to place Android users at risk.

It also highlights “the risk of sideloading applications to mobile endpoints and user data”, as well as the need for “advanced on-device security”, according to Zimperium researchers ​​Aazim Yaswant and Nipun Gupta.

Android users should verify the identity of the apps they wish to download and conduct an assessment provided by Zimperium, the researchers have warned.

“​​[The] GriftHorse Android Trojan takes advantage of small screens, local trust, and misinformation to trick users into downloading and installing these Android Trojans, as well frustration or curiosity when accepting the fake free prize spammed into their notification screens,” said Yaswant and Gupta.

Text phishing, or 'smishing' attacks, have increased by almost 700% since the beginning of this year, according to data from enterprise security provider Proofpoint, as reported by Which?.

Proofpoint compared the occurrence of SMS phishing attacks between July and December 2020 and January and June 2021, and found that there were 700% more attacks during the first six months of 2021 than compared to the second half of 2020.

Moreover, smishing seems to be especially popular in the UK, where reports of attacks were 15 times higher than in the US.

The dramatic increase in attacks can be attributed to the rise of parcel deliveries as lockdown restrictions increased consumers’ and businesses’ reliance on postal services. Proofpoint previously found that parcel and package delivery scams accounted for 67.4% of all smishing attempts. Meanwhile, impersonating financial services and banks had become less prevalent, making up only one in five (22.6%) reported attacks.

The findings echo those of Check Point Software from earlier this year, whose researchers warned of a 645% increase in Royal Mail-related phishing scams.

Which?’s own research found that two of the top three most commonly reported text message scams have been from threat actors impersonating delivery companies, while more than 70% of those it surveyed admitted to no longer trusting text messages from companies to be free from scam risks.

Commenting on the findings, Which? director of Policy and Advocacy called on businesses to “play their part to protect people from scams”.

“Smishing attempts have risen dramatically – with fraudsters taking advantage of the pandemic to trick consumers into giving away personal details and transferring their hard-earned cash,” he said, adding that a new SMS guide from Which? “aims to help organisations differentiate their texts from the scammers impersonating them so consumers can more easily recognise scam SMS messages”.

The 10-point guide has already been signed by delivery companies such as Hermes and DPD as well as banks Barclays and TSB.

“We welcome the commitment by the businesses who have signed up to our guide and hope this will encourage more organisations to consider how they can better protect their customers from fraud,” he added.

Proofpoint encourages people to report all spam texts by forwarding them to 7726 at no extra charge.

Parcel and package delivery scams now constitute more than half of all reported text phishing, or 'smishing', attempts in the UK, as remote working increases consumers’ and businesses’ reliance on postal services.

That's according to new data published by trade association UK Finance, with the findings attributed to cyber security provider Proofpoint.

The company found that, between 15 April and 14 July 2021, 53.2% of all reported scam text messages were sent by threat actors posing as postal delivery firms.

Data collected by Proofpoint also shows that the trend of impersonating postal services such as the Royal Mail is on the rise. Between 14 June and 14 July, parcel and package delivery scams constituted 67.4% of all smishing attempts.

By contrast, impersonating financial services and banks is becoming less prevalent, falling from 36.8% between 15 April and 14 July to only 22.6% for the 30-day period up to mid-July.

According to Sarah Lyons, NCSC deputy director for Economy & Society, Proofpoint’s findings prove that scammers choose to “regularly exploit well-known, trusted brands for their own personal gain” and that these messages “can be very hard to spot”.

“If you think you've already responded to a scam, don't panic. Whether you were contacted by text message, email or phone, there's lots you can do to limit any harm,” she said, adding that people should forward scam messages to to 7726 as well as visit www.cyberaware.gov.uk “for more information on how to protect your online accounts and devices”.

McAfee VP Antony Demetriades told IT Pro that Proofpoint’s findings are symptomatic of the mass shift to remote working:

“Following nearly 18 months of lockdowns, working from home, and store closures, it’s not surprising that we’ve seen an increase in online criminals tapping into consumer online shopping habits with fake parcel delivery scams.

"Scams and fraudulent emails and texts are a common tactic used by online criminals, as it enables them to target a large number of consumers with the same text or email, with the aim of gathering personal information. These fake parcel delivery scam messages can trick consumers into visiting malicious websites that can be used to install malware or steal personal or financial information and passwords,” he said, adding that “it's also important to remember that official organisations will never ask for personal or financial information via text, phone or email”.

“If you witness this, it’s always best to contact the organisation directly or report it to Action Fraud online at actionfraud.police.uk or by calling 0300 123 2040,” he said.

The National Cyber Security Centre (NCSC) has simplified its cyber scam-reporting with a new add-in for Outlook on Microsoft 365 which makes it even easier to flag phishing emails to its Suspicious Email Reporting Service (SERS).

Launched in April of last year, SERS allows users to report email scams by forwarding them to report@phishing.gov.uk. Within the last 16 months, it has received over 6.5 million reports from the public resulting in the removal of 97,000 online scams, the NCSC said.

However, the organisation has said that this isn’t enough, with NCSC technical director Dr Ian Levy saying that the new tool will make it easier for businesses to “further help combat cyber crime”.

Designed as a simple button, it allows staff to report a suspicious-looking email with just one click, saving the time that it takes to find the SERS email address and forward the message. The more automated approach aims to make reporting easier and faster, allowing users to protect the security of the business without compromising on time and productivity.

“As more people report more dodgy stuff to us, the safer everyone gets,” said Levy. “The pandemic has shown the cyber criminals will stop at nothing to attack and defraud citizens and businesses. But our Suspicious Email Reporting Service has also shown that the British public can help us fight back against this scourge."

SMBs have been especially vulnerable to hackers, with almost a third of cyber attacks now involving a small business. According to Federation of Small Businesses national chair Mike Cherry, innovations such as the simplified reporting tool “are crucial to calling time on business crime”.

“Small achievable steps will go a long way to protect thousands of small firms from cyber attacks. Every year, there are almost four million cases of cyber attacks against small businesses in the UK, and more than 50 per cent of these come from phishing,” he said, adding that “these systems not only help prevent disruption to small firms today but will become increasingly important to help safeguard small businesses for the future”.

Organisations interested in equipping their staff with the Microsoft 365 tool can go to the Microsoft AppSource portal and search for the Report Phishing add-in, click the “Get it now” button, and follow the instructions to complete the installation.

A 22-year old British national has been arrested by Spanish authorities in connection with the biggest security and privacy breach in Twitter’s history.

Joseph James O'Connor, who currently lives in Liverpool and is known online as ‘PlugWalkJoe’, was detained in the resort town of Estepona in Southern Spain. He is accused of being involved in the hijacking a variety of verified Twitter accounts, including then-Democratic candidate Joe Biden, Elon Musk, Bill Gates, Jeff Bezos, as well as former US President Barack Obama, on 15 July 2020.

O’Connor and his accomplices are alleged to have then used the accounts to launch a Bitcoin scam, forcing Twitter to block the accounts from posting until security to the accounts could be restored.

Apart from his role in the Twitter hack, O’Connor, who describes himself as a “harmless wannabe hacker”, is also accused of hijacking TikTok and Snapchat user accounts, as well as cyberstalking a juvenile victim, the US Department of Justice announced on Wednesday.

“O’Connor is charged with three counts of conspiracy to intentionally access a computer without authorisation and obtaining information from a protected computer; two counts of intentionally accessing a computer without authorisation and obtaining information from a protected computer; one count of conspiracy to intentionally access a computer without authorisation and, with the intent to extort from a person a thing of value, transmitting a communication containing a threat; one count of making extortive communications; one count of making threatening communications; and two counts of cyberstalking,” the Justice Department stated on its website.

The UK’s National Crime Agency (NCA) and the Spanish National Police assisted in the investigation and arrest, it added.

O'Connor is expected to appear in a detention hearing in Spain on Thursday and is likely to face extradition to the US. He is the second UK citizen to be implicated in the case, with Mason Sheppard, 19, from Bognor Regis, West Sussex, having been charged in early August 2020.

Two men from Florida, Nima Fazeli, 23, and Graham Ivan Clark, 18, have also been arrested. Clark, who was 17 at the time of the arrest, pleaded guilty and is serving three years in juvenile prison, while Fazeli was sentenced to five years and handed a $250,000 (£182,000) fine.

Microsoft has secured a court order to take down malicious infrastructure used by cyber criminals to conduct a sophisticated business email compromise (BEC) campaign against Microsoft 365 customers.

The company’s Digital Crimes Unit (DCU) filed a case to strike down 17 malicious ‘homoglyph’ domains used by cyber criminals to mimic legitimate businesses and their contact details. This allowed the perpetrators to lull victims into a false sense of security when messaging as part of the spam campaign.

Homoglyph domains appear very similar to legitimate names, but those running them replace the characters in a business’ name with another that’s subtly different, such as using MICROS0FT.COM instead of MICROSOFT.COM.

Microsoft initially identified a single customer complaint regarding BEC, with its investigation finding that a criminal group had created 17 additional malicious homoglyph domains registered with third parties. The network appears to be operating out of West Africa, with targets primarily small businesses in North America across a variety of industries.

This specific BEC attack involved fraudulent domains, together with stolen customer credentials, used to access and monitor customer accounts. The group then gathered enough intelligence to impersonate the customers in an attempt to trick victims into transferring funds.

Once the cyber criminals gained access to a network, they imitated customer employees and targeted trusted networks, vendors, contracts and agents in order to fool them into sending or approving financial payments.

Microsoft claims the criminals identified a legitimate email from the compromised account of an Office 365 customer referencing payment issues, and asking for advice on processing payments. They took advantage of this and sent an impersonation email from a homoglyph domain using the same sender name and a near-identical domain.

“Cyber criminals are getting more sophisticated,” said the general manager of Microsoft’s DCU, Amy Hogan-Burney.

“Microsoft’s Digital Crimes Unit will continue to fight cybercrime with our comprehensive efforts to disrupt the malicious infrastructure used by criminals, through referrals to law enforcement, civil legal actions on behalf of our customers such as this one, or technical measures in partnership with our product and service teams.”

BEC is an ongoing concern for businesses, and this legal action follows 23 previous enforcements that Microsoft has sought against malware and nation-state groups, taken in collaboration with law enforcement agencies, since 2010.

Research showed that despite a 32% surge in email security threats during 2020, there was an 18% year-on-year decline in BEC detections. This could mean, however, that cyber criminals are exploring alternative techniques rather than scaling back.

US Senator Elizabeth Warren has described the lack of cryptocurrency regulation as “unsustainable”, warning that consumers are being put at risk by “highly opaque and volatile” cryptocurrency market.

Warren raised her concerns in a letter to SEC Chair Gary Gensler on Thursday, demanding answers by July 28 on the SEC’s authority to protect consumers investing and trading in cryptocurrencies, in order to help determine what future congressional action may be needed, according to Reuters.

A former Democratic presidential candidate who chairs the Senate Banking Committee’s Subcommittee on Economic Policy, Warren has previously made a mark by calling out Big Tech monopolies, and her comments are widely seen as an attempt to lay the groundwork for legislation to regulate the fast-growing crypto market.

Cryptocurrencies reached a record capitalization of $2 trillion in April, but US regulation of the crypto market remains patchy.

“While demand for cryptocurrencies and the use of cryptocurrency exchanges have skyrocketed, the lack of common-sense regulations has left ordinary investors at the mercy of manipulators and fraudsters,” Warren said.

“These regulatory gaps endanger consumers and investors and undermine the safety of our financial markets. The SEC must use its full authority to address these risks, and Congress must also step up to close these regulatory gaps.”

Cryptocurrency crimes have increased 12-fold since 2016, according to recent findings, and the Federal Trade Commission also recently warned that cryptocurrency scams have escalated dramatically in the last six months.

Federal Reserve Chairman Jerome Powell and Treasury Secretary Janet Yellen have suggested heavier regulation of cryptocurrencies, warning that they pose a risk to financial stability.

In Senator Warren’s letter to the SEC chair, reviewed by Reuters, the high-profile senator said cryptocurrency platforms lack the same basic protections as traditional exchanges. She noted that nearly 7,000 people reported a combined $80 million in losses from cryptocurrency scams in the six months to March 2021.

Warren asked Gensler to outline the ways in which cryptocurrency exchanges may be undermining the SEC’s mission to ensure that markets are operating fairly, and whether additional protections for investors are needed.

Today is the deadline for telecommunications companies to implement technology protections designed to protect consumers from robocall scammers.

Under legislation introduced 18 months ago, telcos must have implemented technology as of today that verifies callers on their networks or face potential penalties.

The protocol designed to stop scam robocallers is called secure telephone identity revisited (STIR). It applies digital signatures to telephone numbers from calling parties on session initiation protocol (SIP) networks. Signature-based handling of asserted information using toKENs (SHAKEN) is a set of STIR implementation guidelines for carriers.

A call made on a STIR/SHAKEN-enabled network sends an authentication request and originating phone number to a STIR authentication service.

The service checks that the caller is authorized to use that number and then signs a digital token that it sends to another STIR server on the recipient's network. That second server checks the legitimacy of the token against its database before passing the call to the recipient.

The technology is designed to stop robocall scammers spoofing numbers from reaching victims.

Robocalls have become a massive nuisance in the US, where consumers received 77 billion unwanted robocalls in 2020 alone, according to the Transaction Network Services 2021 Robocall Investigation Report.

The FCC originally asked the US telecommunications industry to adopt these anti-spoofing protocols voluntarily in November 2018 under Chairman Ajit Pai, after a consultation on methods to verify caller information. The industry put together a stakeholder group for implementing the technology,

This attempt to introduce STIR/SHAKEN voluntarily stalled. In December 2019, Congress got tough, passing the Telephone Robocall Abuse Criminal Enforcement and Deterrence (TRACED) Act, which required implementing the technology within 18 months. In March 2020, Pai proposed a set of rules implementing that mandate.

Statistics suggest that the mandate has already started to work. The number of robocalls targeting US consumers dropped 28% from 2019, which TNS attributes in part to the implementation of STIR/SHAKEN and filtering apps. Over a third of the calls passing over carrier networks in December 2020 were signed using the technology, up from 21% in January 2020.

Google has announced that all financial services advertising to UK users will first need to be verified by the local financial regulator in a new effort to tackle the country’s rising fraud crisis.

The move comes two weeks after the UK’s Financial Conduct Authority's (FCA) director for enforcement, Mark Steward, highlighted the issue of fake companies advertising fraudulent financial services over social media platforms. Speaking at parliament's Treasury Select Committee meeting, Steward said that the number of consumer warnings about financial scams had to be doubled between 2019 and 2020.

Google’s new verification process aims to combat the issue of online fraud by requesting that financial services providers demonstrate that they are authorised by the FCA, or qualify for one of the limited exemptions, before they can advertise on the tech giant’s platforms.

The new requirements will go into effect starting September, according to Google UK & Ireland VP and MD Ronan Harris, who said that the announcement “reflects significant progress in delivering a safer experience for users, publishers and advertisers”.

“While we understand that this policy update will impact a range of advertisers in the financial services space, our utmost priority is to keep users safe on our platforms — particularly in an area so disproportionately targeted by fraudsters,” he stated in a company blog post.

Harris also announced that Google has “pledged $5 million in advertising credits to support public awareness campaigns in the UK, helping to ensure that consumers are better informed about how to spot the tactics of scammers both online and offline”.

This comes after it was revealed that the FCA pays Google £600,000 a year to run ads warning users about online financial scams, despite the tech giant being accused of profiting from social media platforms that “make money out of fraud”.

Speaking at the Treasury Select Committee hearing, Steward said that "the irony of us having to pay social media to publish warnings about advertising that they're receiving money from is not lost on [the FCA]”.

Police officers from the Dedicated Card and Payment Crime Unit (DCPCU) have arrested eight people in relation to a Royal Mail text phishing, or 'smishing', scam.

The eight arrested individuals are suspected of attempting to commit financial fraud and impersonating the Royal Mail by sending out fraudulent texts and emails which link to phishing websites.

The arrests come weeks after researchers from Check Point Software reported a 645% increase in Royal Mail-related phishing scams, with March being the biggest month for attacks on record.

The DCPCU, which is a specialist unit of the City of London and Metropolitan Police, conducted a series of early morning operations across London, Coventry, Birmingham and Colchester, resulting in eight male suspects being arrested. Seven have since been released under investigation, with one suspect charged and remanded into custody ahead of their court appearance.

The DCPCU, which is funded by the banking and cards industry, also managed to recover numerous customers' financial details, enabling these bank accounts to be protected.

Commenting on the arrests, DCI Gary Robinson, who leads the DCPCU, said that the "ongoing investigations are now underway" and that the unit and the Royal Mail "will continue to work together to bring those committing smishing scams to justice".

"The success of these operations shows how through our close collaboration with Royal Mail, the financial services sector, and mobile phone networks, we are cracking down on the criminals ruthlessly targeting the public," he added.

Meanwhile, Stephen Ritter, CTO at digital identity verification provider Mitek, called for organisations within the technology and finance sector to "step up to the challenge" in fighting scammers.

"All too often, industry experts are quick to blame consumers for "falling" for scams – but this blame game needs to stop," he said. "To fight misinformation, Twitter and Facebook started flagging posts that weren't backed up by fact, and the problem has improved significantly. Why can't we do the same for fraudulent activities on our phones?"

According to Ritter, digital service providers such as "messaging apps, mobile manufacturers, email providers, or mobile networks" should use artificial intelligence to warn users "when a suspicious link or message is shared".

"Often, you might not notice a dubious link, or the unknown number it's sent from – but your phone, messaging service, or network could. A simple flag ('This link could be fraudulent') would go a long way to protecting consumers. And all it takes is AI and machine learning algorithms that are trained to spot scams before they reach the consumer," he said.

The Internal Revenue Service (IRS) has warned of ongoing phishing attacks impersonating the IRS and targeting educational institutions.

The attacks focus on universities' staff and students with .edu email addresses and use tax refund payments as bait to lure unsuspecting victims.

The IRS said the phishing emails “appear to target university and college students from both public and private, profit and non-profit institutions.”

It added that the suspect emails display the IRS logo and use various subject lines, such as "Tax Refund Payment" or "Recalculation of your tax refund payment." Clicking on a link takes victims to a fake website that asks people to submit a form to claim their refund.

The scammers ask taxpayers to provide a wide array of information, including their social security number, first and last name, date of birth, annual gross income, driver's license number, current address, and electronic filing pin.

The IRS warned people who receive this scam email not to click on the link in the email but report it to the IRS.

“For security reasons, save the email using "save as" and then send that attachment to phishing@irs.gov or forward the email as an attachment to phishing@irs.gov,” the IRS said in a statement.

Taxpayers who may have provided identity thieves with this information should also get an Identity Protection PIN to prevent thieves from filing fraudulent tax returns in their names using stolen personal information.

Any scams reported to the Treasury Inspector General for Tax Administration will be investigated further by the IRS' Criminal Investigation division. Last year, the IRS identified over $2.3 billion in tax fraud schemes.

Chris Hauk, consumer privacy champion at Pixel Privacy, told ITPro that like every year, taxpayer-targeted fraud schemes are again plaguing US citizens.

“This is especially true these last two tax seasons, thanks to complications and confusion caused by COVID-19-related delays and tax law changes, as well as stimulus payments being delivered by the IRS,” he said.

“Taxpayers will need to be more vigilant than ever for possible hacking attempts. Users should never click links or open attachments sent with unsolicited emails or text messages. Users also want to be careful when opening documents, even from known sources, due to macros that can be used in MS Office documents. All users should immediately disable macros in MS Office apps."

Texas utility company Austin Energy has warned its customers about reports of scammers sending out payment demands to maintain electric service.

After the very unusual wintery weather in the Lone Star state caused thousands of homes to lose power, scammers began calling potential victims as the power company and demanding payment to reconnect their power or prevent disconnection.

In a tweet, Austin Energy said, “scammers are trying to take advantage of our customers in the aftermath of the winter storm. The scammers are telling customers they will be disconnected within 30-60 minutes if immediate payment is not made.”

The utility company added it hadn’t issued a service disconnection since March 2020. Austin Energy also said it would never call residential customers with immediate cut-off deadlines or ask for credit card or wire transfer information over the phone. Neither would it “demand immediate payment in person with cash, gift card, Bitcoin, or any non-traceable form of payment.”

Austin Energy said there were several ways to identify a scam call. First, the fake utility representative aggressively tells the customer their account is past due, and it will disconnect service — usually within an hour — if the customer doesn’t make a large payment. Second, the scammer instructs the customer to quickly purchase a prepaid debit card from a retail store. Lastly, a scammer asks the customer for the prepaid debit card’s number, which grants the scammer instant access to the card’s funds.

Austin Energy said if a customer receives a phone call, letter, or email threatening to interrupt service, they must hang up and dial 311 to report it.

The warning comes as the Federal Trade Commission (FTC) warns of scammers taking advantage of climate change and other extreme weather conditions to fleece victims.

“If you get a call, thank the caller and hang up. Never call a number left in a voicemail, text, or email. Instead, if you're worried, contact the utility company directly using the number on your bill or on the company’s website. Verify if the message came from them,” said Emily Wu, Attorney at the FTC.

Cyber criminals are abandoning huge money heists in favour of small-scale scams that targeting individuals working from home during the pandemic.

This is according to a new report by the Royal United Services Institute (RUSI) which reports that cyber fraudsters have reinvented themselves during the pandemic.

Dubbed “silent stealing”, the new go-to tactic is based on “a working hypothesis that criminals are going down market”.

The RUSI report states that, although “trying to steal £10 million from a bank is an option”, cyber criminals are opting to carry multiple heists for significantly smaller amounts of money.

“Stealing £10 a hundred thousand times is going to give you a good return and probably go below the radar,” says the report. “Are you going to call Action Fraud or your bank in the case where you lose £10?”

For many, the answer is no, likely due to fears of not being taken seriously or a simple lack of time to report the theft.

The report also warns that those who have taken to working from home in recent months are especially vulnerable to being scammed, as criminals seek to exploit the cyber security vulnerabilities that have resulted from the shift to online/home working.

Recent research from Cisco found secure access to be the top cyber security challenge when supporting remote workers, with more than half of corporate laptops (56%) and personal devices (54%) being difficult to protect while employees are working remotely. Moreover, 60% of those surveyed said that they are worried about the privacy of remote collaboration tools.

Brett Beranek, VP & general manager of Security & Biometrics Line of Business at Nuance Communications, told IT Pro that the RUSI report’s findings “should come as no surprise”.

“Fraudsters don’t stop their crimes because of a pandemic. In fact, they often seize the immense change that comes with an event like this to ramp up their activity – changing tactics and targeting individuals and businesses whilst they are at their most vulnerable and least protected in order to manipulate their data and steal their personal information,” he said, before recommending the use of biometric technology in order to ensure a secure online presence.

Nokia has successfully tested a new real-time spam and fraud detection service that could end nuisance telephone calls. Nokia worked on the trial with Hiya, a Seattle-based identity verification platform that helps analyze over 13 billion calls each month.

The telecoms company has integrated Hiya Protect on its cloud-native Telephony Application Server. Hiya Protect uses machine learning models to analyze calling events in real-time around the world for fraudulent behavior and new scams. Hiya serves more than 130 million businesses and customers worldwide.

The test marks the industry’s first VoLTE network integration through a public cloud service to a major European carrier. The company claimed that Hiya Protect could accurately detect various legitimate and illegitimate calls to keep subscribers protected from the unwanted ones plaguing the telephony industry.

The test involved Hiya's SaaS cloud interworking with Nokia’s cloud-native, IMS based Telephony Application Server. Hiya said the test not only proved the success of its detection and alerting capabilities, including fraud, spam, legitimate callers, and verified businesses, but it also proved the integration of Nokia core solution with Hiya’s cloud. As a result, Nokia’s Telephony Application Server is properly issuing call events and enforcing Hiya’s call instructions, the firm claimed.

Hiya’s integration also showed minimal impact on call set-up time to meet industry-standard service requirements.

Alex Algard, CEO at Hiya, said the project was a critical step in addressing carriers’ needs to integrate a cloud-based solution at the network level.

“Fraudsters and spammers are sophisticated and constantly change their tactics, so our solutions must outsmart them to stay a step ahead, which is why integrating at the network level and pushing the application to the Edge is such an important accomplishment,” he said.

Jitin Bhandari, vice president of core network products at Nokia, said proving open solutions like this can be effectively integrated and accurately detect spam calls is a “big step in pushing the industry forward.”

“This is the type of open cloud-based innovation and collaboration that is needed to solve nuisance/spam calls in networks and make the communication experience better for users across the globe,” he added.

According to a study by Tessian, 96% of phishing attacks arrive by email, so your employees should hopefully be aware of them and how to report one when they receive one. Despite this move towards a more security-aware culture within organisations, cyber criminals are becoming increasingly clever in their ways to deceive.

Phishing incidents nearly doubled in frequency in 2020, with 241,324 incidents reported compared to 114,702 in 2019, with malicious actors taking advantage of disruptions caused by the pandemic, as well as the availability of more sophisticated malware.

Security awareness, or the lack of it amongst employees, is cited as the main reason for phishing attacks being so popular, as IT and security teams struggle to recognise the more frequent and sophisticated campaigns alone. Coupled with the rise of ransomware-as-a-service (RaaS) and “phishing kits” available for wannabe cyber criminals, users are easily duped into believing the genuineness of the email they’ve received.

Cyber criminals depend on the odd few recipients opening the blanket-sent emails, using large send numbers in the hope that the more emails sent, the more likely they are to find someone to open them and click on the malicious links or follow the request to provide information.

Often, at first glance, the emails can appear to be from legitimate sources or known senders, or even carbon copies of previously received emails, with a spoof sender address in place of the original, making it very difficult to realise its bad intent. However, there are ways for employees to recognise them, so here are some clear giveaways to look out for:

1. You have no account with that company

If you get a message like, “Please update your PayPal account!” but you don’t even have an account with the company, that’s a pretty big red flag.

While you might pause to think, “What if someone opened an account in my name?” you still don’t want to open this email. Go directly to the company in question and request help.

2. The email account isn’t connected to the company

What if you do have a PayPal account, but it isn’t connected to the email account where you received the message? If you’ve never told the company about your other email account, it shouldn’t send emails to that account.

It’s that simple. Delete!

3. The return email address isn’t normal

This is one of the easiest ones to overlook, but one of the most surefire ways to spot a bogus email.

If you get an email from a known company, the email should come directly from that company. If it’s a bill from Netflix, it should come from something like billing@netflix.com.

If there are extra letters or numbers in the return email address, it is not legitimate. Even if there is a minor error like billing@netflex.com, it’s a trick.

4. The email asks you to confirm personal information

You’ve probably heard this before, but let it sink in - reputable companies will never request personal information like your PIN number, account numbers or other account details via email.

Even if everything else in the email looks legit, this is a giant red flag. Never click a link from an email you weren’t expecting and provide personal information. Ever.

5. The email is poorly written

Typos happen. That’s not exactly what we’re talking about here. We’re talking about consistently missed words or poorly phrased sentences, which are clear signs a non-native English speaker wrote the email.

Reputable companies don’t let that happen. They have editors and proofreaders who verify their emails look professional before they’re sent out.

6. There is a suspicious attachment

Attachments are pretty common, so we don’t worry about them too much, but we should.

If you see an email with an unexpected attachment, be suspicious. Most reputable companies will ask you to download assets from their website and will not send you an attachment.

7. The message is super urgent

A favourite tactic of phishing scams is to put the pressure on right away. The email may claim you have missed a payment, owe the government money or have been recorded through your laptop’s camera.

These tactics are intended to make you panic and rush to respond to the situation, which means you’ll click on their links to get to the bottom of it. Boom. You’re a phish on the hook!

Don’t respond to high-pressure emails unless you know the reason it appeared. Even if you’re late on your credit card payment and receive a nastygram from your credit card company, don’t use a link from that email to pay or put in information. Go directly to the website.

8. The email doesn’t use your name in the greeting

Does this look familiar? “Dear valued customer” or “Greetings, friend.” Yeah, this is a dead giveaway that an email isn’t from a source you know or work with regularly.

Any company you have an account with should know your name and use it in emails. That’s standard stuff. If you’re not greeted by name, the sender doesn’t know you, and you probably don’t know them (and don’t want to).

9. The whole email is a hyperlink

If your cursor turns into the pointing hand no matter where it is on the email, the entire email is one giant hyperlink. Why? If the whole email is a hyperlink, any random mouse click delivers the sender’s virus or malware.

Why wait for you to open an attachment if the hacker can get you with any click? This one is fairly easy to spot and a dead giveaway.

10. The email is from a public domain

If you get an email claiming to be from a business you know and trust, but the sender’s email address is from a public domain like @gmail.com or @outlook.com, this is another red flag.

Businesses that frequently send out emails have their own domain names, and all emails should come from that domain. If Jill is claiming to be from Vodafone, but her email is Jillydill@yahoo.com, you know it’s at least spam but very likely a phishing attempt.

What should you do if you’re not sure?

If you get a puzzling email, pause before doing anything with it. Go over this list and look for clues. If you’re still not sure, the best thing you can do is contact the company in question directly, not through that email.

Go directly to the company’s website or call the company and explain what you saw in the email.

It’s possible you’ll alert the company of a fraud scheme it is unaware of. You may also learn the email is legitimate. Either way, by contacting the company directly, you’ve avoided the unnecessary risk from a phishing attack.

How do I report a phishing email?

If you’re fairly certain you have a phishing email on your hands, you can report it to the NCSC forward it to the Suspicious Email Reporting Service (SERS) using report@phishing.gov.uk

Keeping a watchful eye on your inbox and reporting suspicious emails is your best bet to fight back against phishing.

A rogue agent within Trend Micro has been selling its customers' data to unknown criminal third parties, the cyber security company has announced.

A blog post on the company's website revealed that a Trend Micro employee was discovered to have harvested the personal details of around 70,000 customers, which they then sold to an "unknown third-party malicious actor".

The insider infiltrated a Trend Micro customer support database containing names, email addresses, support ticket numbers and some customers' telephone numbers. The company stated that it has found "no indication" that the culprit accessed any financial or payment information, and stressed that the attack exclusively affected its consumer customers, as opposed to enterprise or government clients.

Trend Micro was first alerted to the issue in August this year, after customers using its consumer security product started to complain about fraudulent calls from scammers claiming to represent Trend Micro support agents. The subsequent investigation, which concluded at the end of October, identified a specific employee who was immediately locked out of the system and summarily terminated.

"Our open investigation has confirmed that this was not an external hack, but rather the work of a malicious internal source that engaged in a premeditated infiltration scheme to bypass our sophisticated controls," the blog post stated.

"That said, we hold ourselves to a higher level of accountability and sincerely apologise to all impacted customers for this situation. Based on the current status of our investigation, we believe that all of the consumers who were potentially affected have already received individual notices from Trend Micro, but we will continue to investigate and provide further notices in the event that any further affected customers are identified."

The company has warned customers it will never call them unexpectedly and that any supposed support calls which have not been pre-arranged are the work of scammers. Trend Micro has also reminded customers that any further assistance or technical issues related to the incident should be referred to its technical support team and will be covered by their existing license.

For Paul Watts, Domino's UK & Ireland CISO and IT Pro Panellist, this case underlines the risk that insider threats can pose.

"This is a perfect example of what happens when you focus all your energy on protecting the perimeter of your fortress without considering the potential enemy from within," he said. "It is never an easy conversation to have but when it comes to insider threats in your business, trust isn't enough to manage the risk to any level of adequacy."

Trend Micro could also find itself in hot legal water over the breach. Supermarket chain Morrisons is currently embroiled in a Supreme Court battle over whether or not it is liable for the actions of an employee who stole and leaked the data of tens of thousands of staff members; if the case does not go in its favour, companies like Trend Micro who get hit by insider data breaches could find themselves sued by victims.

Over a third of Neighbourhood Watch members are more concerned about cyber crime than physical crime, according to a survey of over 14,000 Neighbourhood Watch members. In fact, one in five of those members has been a victim of cyber crime.

As such, the new Cyberhood Watch initiative is being launched with Avast, an antivirus and virtual private network (VPN) provider.

For households across England and Wales, cyber crime is steadily becoming more of a threat than physical crime, and only a minority of about 15% of the 14,000 research participants would disagree. Roughly 50% believed the threat level was similar, and 34% thought cyber crime was the greater concern.

The result is "Cyberhood Watch", a partnership between Neighbourhood Watch and Avast to provide online cyber security courses for local communities that wouldn't otherwise have access to resources keeping them informed on the latest scams.

"Neighbourhood Watch is about making sure that fewer people feel afraid, vulnerable or isolated in the place where they live," said the organisation's CEO, John Hayward-Cripps. "Our members recognise that the threat of cyber crime is very real, and they tell us that there is a definite need for simple advice and resources so they feel better equipped to defend themselves against it and advise others."

Those affected by cyber crime have experienced financial loss, data loss, and emotional distress. About 38% of those surveyed know at least one victim of cyber crime, and an additional 33% had heard of victims they didn't know personally. Half of the participants were above the age of 65, indicating a significant threat for a demographic traditionally less tech-savvy, but sometimes more dependent on digital means of communication due to social isolation.

Avast's contributions to the initiative will include a process of training and accreditation for Neighbourhood Watch representatives, local educational events, downloadable resources, and updated information on emerging threats.

"Avast has always believed that being safe online should be a basic right for all, which is why we have free versions of our cyber security products so that everyone can get great online protection at no cost," said Peter Turner, senior vice president of consumer security for Avast. "We are delighted to provide our support by working with [Neighbourhood Watch] to deliver a cyber security accreditation programme with training courses to help members become more confident and knowledgeable in supporting their community cyber security requirements."

Cyber criminals are stealing the login credentials of Microsoft Office 365 users using a phishing campaign that tricks victims into believing they've been left voicemail messages.

In the last few weeks, there's been a surge in the number of employees being sent malicious emails that allege they have a missed call and voicemail message, along with a request to login to their Microsoft accounts.

The phishing emails also contain an HTML file, which varies slightly from victim to victim, but the most recent messages observed include a genuine audio recording, researchers with McAfee Labs have discovered.

Users are sent fake emails that inform them of a missed call and a voicemail message

When loaded, this HTML file redirects victims to a phishing website that appears to be virtually identical to the Microsoft login prompt, where details are requested and ultimately stolen.

"What sets this phishing campaign apart from others is the fact that it incorporates audio to create a sense of urgency which, in turn, prompts victims to access the malicious link," said McAfee's senior security researcher Oliver Devane.

"This gives the attacker the upper hand in the social engineering side of this campaign.

This Office 365 campaign has made great efforts to appear legitimate, such as through designing the phishing site to resemble the Microsoft login page. Another trick the cyber scammers use to look real is by prepopulating victims' email addresses into the phishing site and requesting just the password.

The phishing site appears virtually identical to the actual Microsoft login prompt and preloads victims' emails

Users are presented with a successful login message once the password is provided, and are then redirected to the office.com login page.

Researchers found three different phishing kits being used to generate malicious websites, Voicemail Scmpage 2019, Office 365 Information Hollar, and a third unbranded kit without attribution.

The first two kits aim to gather users' email addresses, passwords, their IP addresses and location data. The third kit uses code from a previous malicious kit targeting Adobe users in 2017, the researchers said, and it's likely the old code has been reused by a new group.

A wide range of employees across several industries, from middle management to executive level, have been targeted, although the predominate victims are in the financial and IT services fields. There's also evidence to suggest several high-profile companies have been targeted.

McAfee has recommended as a matter of urgency that all Office 365 users implement two-factor authentication (2FA). Moreover, enterprise users have been urged to block .html and .htm attachments at the email gateway level so this kind of attack doesn't reach the final user.

"We urge all our readers to be vigilant when opening emails and to never open attachments from unknown senders," the researchers added. "We also strongly advise against using the same password for different services and, if a user believes that his/her password is compromised, it is recommended to change it as soon as possible."

The use of audio in this campaign points to a greater tenacity among cyber fraudsters, who are adopting more sophisticated social engineering techniques. For example, earlier this year artificial intelligence (AI) combined with voice technology was used to impersonate a business owner and fool his subordinate into wiring 200,000 to a hacker's bank account.

Credentials for unhacked Windows RDP servers are just one of the rising commodities being pawned off by cyber criminals whose dark web antics are becoming more sophisticated every year.

Windows RDP servers can be used by attackers to gain a foothold in a victim's network to subsequently launch ransomware attacks and these are being sold for as little as 16 per server. That's according to a new black market report from Armor.

The proliferation of RDP server credential sales are just one branch in a wider tree of dark web nefariousness; elsewhere, cybercrime as a service is thriving given the relatively low price criminals can pay for such devastating services.

A targeted DDoS attack costs just $60 per hour but ransomware can cost a little more. Of the services listed in the report, prices vary depending on the product.

For instance, a generic copy of ransomware can cost between $225 and $660 while a copy of the Megacortex enterprise ransomware, which has already racked up millions in successful ransoms, can cost upwards of $1,000 plus 10% of the ransom.

If a 'set it and forget it' approach is what you're after, the long-running ransomware as a service (RaaS) Ranion can be run for as little as $120 per month, according to the data taken from English and Russian-speaking forums in the first half of this year.

The industry has been touting the rise of ransomware and RaaS for years now but a sharp rise has been observed in the number of reported cases, specifically in the UK.

Businesses reported a 195% increase this year in ransomware attacks - an attack vector that consistently scores highly in terms of most common threats to enterprises.

Financial fraud is still as prolific as it ever has been on the dark web, but a recent trend has emerged whereby criminals can monetise stolen card details without ever having the money enter their accounts.

Using a transfer service like Western Union, a legitimate service infamous for enabling scams and fraud, a user can send a criminal vendor $800 and receive $10,000 in return, the report reveals.

"For those scammers who don't possess the technical skills and a robust money mule network to monetise online bank account or credit card credentials, this is an offer that can be very attractive," said Chris Hinkley, head of Armor's threat resistance unit.

"The threat actors are still selling financial account and credit card credentials outright, but this clever service gives them an additional channel for monetising the large amounts of financial data available on the underground.

"Plus, they still reduce their risk because ultimately, they are not taking possession of the stolen funds."

Other services include Visa or Mastercard data for as little as $15 dollars (more for additional information such as date of birth) and ATM skimmers from $500.

Amazon gift cards with a $1,000 balance can also be purchased for as little as $100 and changes to credit history cost just $130.

As these services are being peddled on the dark web, it's notoriously difficult to track these criminals through their traffic alone and as their methods get more sophisticated, the battle only becomes more difficult.

"Having this intelligence is key in helping us protect our clients from current and emerging cyber threats," said Hinkley. "And although it feels like a never-ending battle, it is a fight worth fighting."

Hackers are regularly using highly customisable online resources to add social engineering components to render their attacks more effective, according to new research from Malwarebytes.

One website identified by the team features an expansive toolkit that has drawn more than 100,000 visits in the past few weeks, offering design and framework support to attackers.

The resource, dubbed Domen, is built around a detailed client-side script serving as a framework for various update templates designed for both desktop and mobile users in almost 30 languages.

"Over time, we have seen a number of different social engineering schemes," said senior security researcher Jrme Segura.

"For the most part, they are served dynamically based on a user's geolocation and browser/operating system type. This is common, for example, with tech support scam pages where the server will return the appropriate template for each victim.

"What makes the Domen toolkit unique is that it offers the same fingerprinting, and choice of templates thanks to a client-side script which can be tweaked by each threat actor.

"Additionally, the breadth of possible customisations is quite impressive since it covers a range of browsers, desktop, and mobile in about 30 different languages."

The toolkit is loaded as an iframe from compromised websites, most of which run via WordPress, and is displayed over the top as an additional layer. The campaign works by encouraging victims to install updates, like a Flash Player update, but, instead, when clicked, downloads a malicious file.

The campaign also resembles another from 2018 known as SocGholish. Although they are different, both campaigns run on the same principles; in that, they can be found on the same compromised host, abuse a cloud hosting platform like Dropbox, then download a fake 'update' before delivering the NetSupport remote administration tool.

Variants of the social engineering toolkit include Flash Player updates, as well as prompting users to update Chrome, Firefox, or Microsoft's Edge browser.

Social engineering has become a more prominent component of malicious campaigns in recent years due to victims becoming more astute about clear giveaways when it comes to browser-embedded malware and phishing attempts.

An example arose earlier this year of a sophisticated attempt to target C-suite executives within organisations. This featured attackers sending a fake email to executives, centred on rescheduling a board meeting. By following a link, the targets were sent to a page that resembled a Doodle poll, but actually stole their Office 365 credentials.

More recently, the CEO of a UK-based energy firm was tricked into making a fraudulent payment over the phone by AI-powered voice manipulation software. He wired 200,000 to a "Hungarian supplier" at the behest of cyber criminals who were actually mimicking his parent company's chief executive using AI.

With cyber attacks becoming more personalised and sophisticated, it's crucial that organisations become more vigilant over potential threats received via email or while browsing online.

GCHQ director Jeremy Fleming has said the agency will begin sharing real-time intelligence with banks in a bid to help fight cyber crime.

The decision will ensure that banks have more tools in their arsenal when it comes to protecting customers against card and account fraud while also helping the banks themselves in pre-empting and mitigating cyber attacks on them.

Fleming, who made the announcement at a CyberUK event in Glasgow on Wednesday, said the move illustrates GCHQ's ambition to work more closely with businesses.

The agency monitors online activity on a 24/7 basis and will now share this information with banking groups, an idea which aims to reduce the number of cyber attacks GCHQ has to deal with itself.

Figures revealed in October last year showed that the agency fights around ten serious cyber attacks every week, most of which were either "directed, sponsored or tolerated" by hostile foreign governments.

"This move from GCHQ illustrates how collaboration across all industries involved in the fight against fraud is crucial to facing today's threats and keeping customers safe," said Marck Crichton, senior director of security product management, OneSpan. "The fight against fraud today relies heavily on the analysis of vast amounts of real-time data [and] with technology-enabled financial crime increasing, banks need to be able to act fast".

Fleming said that only 15% of people know how to protect themselves online and GCHQ wants to take the burden away from the individual, despite efforts more widely to make people more cyber aware. "We will share intelligence with banks to enable them to alert customers to threats in close to real time," he added.

The two-day CyberUK event, which kicked off on Wednesday, is hosted in partnership with the NCSC and aims to bring together security industry professionals, the private sector and public bodies to hear from and interact with industry leaders and learn about emerging trends.

During the conference, the once super-secret Five Eyes intelligence alliance formed of the UK, US, Canada, Australia and New Zealand will all field representatives to feature on a panel discussion delivered to attendees. It's likely they will be fielded questions about the latest development in the UK's relationship with Huawei's infrastructure.

Bank fraud is becoming an increasingly more troublesome issue for customers. TSB recently announced that it will be refunding all of its customers who fall victim of cyber fraud which, according to figures from 2018, affects one in four Britons, costing an estimated 1.2 billion.

Earlier this year, Metro Bank made the news for all the wrong reasons after it emerged that hackers had intercepted the bank's 2FA customer text message to gain access to UK customer accounts.

Hackers were able to exploit the SS7 protocol used by telecoms companies to securely route text messages to customers - a highly sophisticated method of attack previously thought to be out of the realms of possibility for cyber criminals.

A man posing as an official Microsoft tech support worker has swindled victims out of $3 million over the course of four years through a scam campaign.

Court documents reveal that Bishap Mittal created a company called Capstone Technologies LLC along with an unnamed accomplice through which the pair bought Google and Bing adverts to promote the site in the respective search engines as well as appearances on adware popups from various global developers.

If a user were to land on the website or be greeted with the man's sponsored adware, they would be met with an official-looking message disguised as one from Microsoft, telling users to contact a customer support number.

The adware which the site sponsored would "temporarily lock users out of their computers and show an inflammatory and misleading representation of diagnostic systemic network infirmities such as viruses", read the court documents.

Once the number was called, users were directed to a call centre in New Dehli, India and on the end of the phone operators would remotely connect to a victim's computer and follow a script to convince users that their computer was having issues. From there, users were told that they needed to pay for unneeded tech support the price of which ranged between $200 - $2,400.

During the call, it's understood that call centre operators would reiterate the falsehood of the Microsoft guise to convince users that they were, in fact, speaking with a genuine Microsoft employee.

"Defendant Bishap Mittal knowingly participated in an international conspiracy to place malicious pop-ups on victims' computers, inducing them to call the conspirators' technical support front companies to purchase purported 'technical support' services," read the court documents obtained by ZDNet. "The conspiracy caused more than $3,000,000 in actual damages to hundreds of victims throughout the United States".

The scheme ran between November 2014 and August 2018 with Capstone Technologies also operating under various other names including Authenza Solutions LLC, MS-Squad Technologies, MS-Squad.com, MS Infotech, United Technologies, and Reventus Technologies.

IT Pro has contacted Microsoft for a statement on the matter but has not immediately replied.

Staff at Bristol City council have unleashed a wave of spoof phishing attacks on their own colleagues as part of wider efforts to bolster the organisation's cyber resilience.

The council's cyber security risk is considered "higher than should be expected", according to a report recently prepared for the organisation's resources scrutiny committee.

The reasons for this cited include a lack of investment in appropriate technologies, reliance on in-house expertise and self-assessments, alongside a lack of formal approach to risk management, and a historic lack of focus.

As a result, the council has taken the extraordinary step of targeting its own staff through a phishing attack exercise, in which IT staff are sending emails to staff to see how users react to this form of cyber attack.

Anybody who succumbs to one of these council-borne phishing emails will be redirected towards targeted training via a link, the report said. The outcome of this exercise will then inform how the council improves its non-technical controls and training in future.

"Like all organisations, we face increasingly sophisticated and varying threats to our digital systems," a Bristol City Council spokesperson told IT Pro.

"This report provides assurance that of the threats we are aware of, measures are in place to maintain the security of our systems.

"We continue to work closely with a range of organisations to ensure our systems can effectively respond to the risk of cyber- attacks and that all data remains safe and secure."

The resources scrutiny committee oversees Bristol City council's digital transformation programme and IT infrastructure, as well as back-office functions like finance and human resources.

Its members were updated on the council's increased cyber security threat, among other risks being monitored, for the third quarter of 2018/19 at a meeting in late February.

The council's novel strategy to combat cyber threats makes sense in the context that employees themselves are often considered a threat to any organisation's cyber resilience. Analysis by Coalfire, for instance, demonstrated that human error was the weakest security link in an organisation given the prevalence of phishing attacks.

Although Bristol City Council's cyber security risk had been deemed 'red' for the last four quarters, this consistently scored "3x5=15" using the council's own metric - where '3' on a scale of one to four is likelihood and '5' on a scale of one to seven is the impact.

But the risk increased to '3x7=21' for the last three months of 2019. This means while the likelihood of the council suffering an attack has remained the same, the potential fallout of any cyber threat is now considered much greater.

The cyber extortion landscape is far more diverse and varied than businesses have previously acknowledged, with tiers of malicious actors building an entire 'micro-economy' around sensitive corporate information.

Gangs of cyber criminals are trading stolen company secrets and intellectual property (IP) for cash to less sophisticated outfits, which are then monetising the information in increasingly innovative ways, according to research by Digital Shadows.

The report titled 'A Tale of Epic Extortions: How cybercriminals monetise our online exposure' examined the emerging trends in the cyber extortion landscape, and how lax security practices - by both individuals and organisations - enable corporate theft.

The more sophisticated cyber extortionist groups are increasingly pivoting to recruitment, offering vast salaries to perform certain actions. They are also supplying less sophisticated groups with valuable information they can then use to extort companies and individuals.

Selling "access" in this way to an organisation, a server, or an email inbox, for instance, is one of several ways in which more advanced groups are monetising the data they steal, both post-extortion, or because their attempts were unsuccessful.

"More sophisticated actors would often perform an intrusion, steal information, and then monetise it by selling it to less sophisticated, more novice extortionists," Digital Shadow's senior strategy and research analyst Rafael Amado told IT Pro.

"So there's a sort of micro-economy, or a mini-market, that is developing within the extortion market itself where extortionists are servicing each other. The more experienced ones are either recruiting or enabling the low-level groups.

"The hardest thing for an extortionist is to get that initial compromising or sensitive information, that sensational data or story you can use to extort someone. For me, that is the key, and one of the most difficult things for an aspiring extortionist to get their hands on. But if you've got more sophisticated people offering it to you, selling it, then the barriers to entry are far, far lower."

This new as-a-service model is also evident when it comes to ransomware and distributed denial of service (DDoS) attacks, where less sophisticated actors are recruiting groups with better capabilities to act on their behalf.

The Digital Shadows report also explored how innovative 'crowdfunding' models for monetising stolen corporate documents are beginning to take off, with cyber gangs seeking alternative ways to raise revenues following a breach.

Instead of relying on victims to pay ransom demands - which may or may not be successful - documents, which may contain content that could excite the wider public, are instead being offered on platforms like KickStarter.

Thedarkoverlord (TDO), a notorious cyber extortion group, meanwhile, served as an ideal case study for Digital Shadows' examination of the emerging cyber extortion supply chain and as-a-service cyber crime models.

Digital Shadows cited a case study in which TDO which stole documents relating to 9/11 from insurance provider Hiscox in April 2018. The 10GB cache of documents, which mainly concerned litigation papers and the insurance claims of victims, was released as an encrypted set of files, with TDO then releasing the encryption keys as and when crowdfunding milestones were hit.

Digital Shadows' report also shone a spotlight on sextortion campaigns running throughout 2018, with a sample of 792,000 emails tracked by researchers showing that extortionists used exposed credentials to convince people they had been compromised.

Using passwords or other credential data normally found on public lists and paste sites, extortionists convince users they have access to compromising photos or video footage - quite often a bluff - before using this to extract cash.

Salaries, meanwhile, averaging the equivalent of $360,000 (275,300) per year are being offered to accomplices who can help cyber criminals target high-worth individuals, such as company executives, lawyers, and doctors. These salaries can even reach as high as $1 million for those that have demonstrable skills in network management, penetration testing, and programming.

Digital Shadows has recommended that organisations develop a ransomware playbook that outlines a regime for regularly backing up data and sensitive files in storage detached from the main network. Among other suggestions, the researchers also advise businesses to shrink the potential attack service by, for example, making remote-access systems accessible only over a virtual private network (VPN).

"What we mean by a ransomware playbook is, hypothetically, or say let's do it practically in the office sometime this week," Digital Shadows' Amado continued.

"Let's say you have a ransomware attack - what are we going to do? How do we respond? Do we have our systems backed up? Do we have our files backed up in the right places? That's just one step.

"Who is going to call lead that process? Is somebody going to go around the office and explain to people what's going on? Do we have backup systems in place? What are the PR teams going to do? Do we need to get the lawyers involved? Do we have cyber insurance?

"All these different types of questions; they're really not the questions you want to be asking yourself in the middle of a ransomware attack. Which, I suppose, is what most people did in the middle of the WannaCry attack. Nobody had ever considered anything like that happening before."

Amado added that having such a playbook in place, ensuring that key decision makers know how to respond and reducing one's digital footprint, would ensure organisations would be able to mitigate the effects of such attacks far more effectively.

Nigerian cyber criminals have extended their reach into the UK as part of a wider campaign to target chief financial officers (CFOs) from businesses of all sizes and sectors.

The 'London Blue' hacking gang managed to generate a list of more than 50,000 high profile targets from a broad range of companies during a five-month period this year for future business email compromise (BEC) phishing campaigns.

Executives and financial leaders from several of the world's biggest banks are listed, according to researchers from cyber security firm Agari, while London Blue is predominately targeting mortgage companies. Such scams will focus on stealing real estate purchases or lease payments.

Moreover, the BEC attack emails London Blue launches typically contain no malware; the group instead sends fraudulent payment requests to finance teams. As a result, the emails are difficult to detect by the range of counter-measures firms typically employ to block harmful material.

"In our analysis of London Blue, we identified the working methods of a group that has taken the basic technique of spear-phishing - using specific knowledge about a target's relationships to send a fraudulent email - and turned it into massive BEC campaigns," the report said.

"Each attack email requesting a money transfer is customised to appear to be an order from a senior executive of the company.

It added: "Conventional spear-phishing requires time-consuming research to gather the info needed for the attack to be successful - identifying individuals with access to move funds, learning how to contact them, and learning their organisational hierarchies. However, commercial lead-generation services have allowed London Blue to shortcut gathering the necessary data for thousands of target victims at a time."

Of the 'London Blue' hit list, 71% of targets held the title CFO, while the remainder were senior members of finance teams including finance directors, controllers and members of accounting. The majority of targets are based in the US, with remaining targets based in a host of nations including Spain, the UK, Finland, and Egypt.

The group itself also operates through an organisational structure resembling that of a generic corporation, with members carrying out specialised functions. These include business intelligence, financial operations, human resources, sales management, email marketing and sales.

Firstly, London Blue members would generate leads for potential targets before engaging in open source reconnaissance to gather any missing information such as their email addresses or names.

Test emails will be sent to other London Blue members to make sure attack emails are sent before the BEC attack emails are sent, and mule accounts that are set up to receive funds share the spoils to the key players in the group.

According to Agari researchers, lead generation is also dependent on business with commercial data providers, with attackers most recently relying on one San Francisco-based firm to collect names, company, titles, work email and personal email addresses.

"This report demonstrates that cybercriminal groups continue to evolve and are using formal business strategies and structure to more effectively carry out their scams," the report continued.

"London Blue's use of legitimate commercial sales prospecting tools shows the out-of-box thinking these groups employ to identify new targets. The pure scale of the group's target repository is evidence that BEC attacks are a threat to all businesses, regardless of size or location."

Researchers have uncovered a sophisticated botnet perpetuating a cryptocurrency scam in one of the most wide-reaching studies of the Twitter ecosystem to date.

Comprised of at least 15,000 bots in a three-tiered hierarchical structure, a team of Duo Security researchers observed how the crypto-scam botnet worked to spread a fake 'cryptocurrency giveaway', and evolved over time to remain undetected.

Duo's principal R&D engineer Jordan Wright and data scientist Olabode Anise published their findings in a report titled 'Dont @ Me: Hunting Twitter Bots at Scale', ahead of a presentation at the 2018 Black Hat cybersecurity conference in Las Vegas tomorrow.

As part of the process, the researchers analysed more than 88 million Twitter accounts - one of the largest random Twitter datasets to date - between May and July 2018, and processed their APIs in a machine learning model to differentiate a human account from a bot.

The crypto-giveaway botnet, according to Duo, would first involve bots spoofing a legitimate cryptocurrency-associated account by stealing its display name and avatar. These accounts would subsequently spread fake links in replies to genuine users' tweets, and were also seen to take on the identity of a celebrity, or news organisation.

The team then learned many of them followed the same Twitter accounts, declared "hub accounts". They were unclear as to the exact contribution these accounts made to the botnet, but theorised they are "randomly chosen accounts which the bots follow in an effort to appear legitimate".

Amplification bots, fake accounts that exist purely to like tweets to artificially inflate their popularity and visibility, comprised the final tier of this structure and were deployed to raise the prominence of the tweets promoting the scam, as well as afford them legitimacy.

They mapped the relationship between the amplification bots, and the bots they support, to discover previously unknown accounts; in turn performing further analysis to unravel a sophisticated structure. In this process they established it was possible to follow a thread "that can result in the unraveling of the entire botnet".

"Users are likely to trust a tweet more or less depending on how many times it's been retweeted or liked. Those behind this particular botnet know this, and have designed it to exploit this very tendency," Duo's Anise said.

"Malicious bot detection and prevention is a cat-and-mouse game," Wright added. "We anticipate that enlisting the help of the research community will enable discovery of new and improving techniques for tracking bots. However, this is a more complex problem than many realize, and as our paper shows, there is still work to be done."

The tools and techniques the pair used to uncover the cryptocurrency scam botnet, which they are set to highlight at Black Hat, are being made publicly available via Github following their presentation.

Although botnets can be structured in different ways, the paper noted the structure and appearance of this particular one resembled the 'diet-spam botnet' discovered by Symantec in 2015 - with dedicated roles assigned to different clusters. Alternatively, botnets may exist in a 'flat' structure where each fake account exhibits the same behaviour.

"Twitter is aware of this form of manipulation and is proactively implementing a number of detections to prevent these types of accounts from engaging with others in a deceptive manner," a company spokesperson said.

"Spam and certain forms of automation are against Twitter's rules. In many cases, spammy content is hidden on Twitter on the basis of automated detections.

"When spammy content is hidden on Twitter from areas like search and conversations, that may not affect its availability via the API. This means certain types of spam may be visible via Twitter's API even if it is not visible on Twitter itself. Less than 5% of Twitter accounts are spam-related."

Writing in a blogpost, the principal researchers said they were pleased with Twitter's initial response to their findings, and the company's announcement that it would be challenging "more than 9.9 million potentially spammy or automated accounts per week".

"We're excited to see these efforts by Twitter and are hopeful that these increased investments will be effective in combating spam and malicious content," the pair wrote.

"However, we don't consider the problem solved. The case study presented in this paper demonstrates that organized botnets are still active and can be discovered with relatively straightforward analysis."

//

Of the trillions of searches Google processes every year, 15% are brand new. Nobody has ever typed those specific queries before. It's unlikely they'll produce fake search results because they're not common enough to attract the attention of fraudsters. Scammers aim big, aiming to exploit search terms that are typed millions of times every day. To avoid those traps, make sure you never search for any of the following.

Software that's been discontinued

When companies stop supporting software and remove download links to it, scammers see a chance to con people who still want to use the program. Search for it on Google and you'll see results promising to provide a download, but it's often malware.

Sometimes the link does download the genuine program, but charges a fee when previously it was free. That was the tactic used late last year by fraudsters tempting searchers with Windows Movie Maker, which Microsoft stopped offering in October. Click the link in the search result (see screenshot) and you'll be charged $29.95 to unlock the "full version". It's a crafty con that preys on people's natural desire to stick with software they've got used to.

Tech support for Microsoft

Many tech-support scammers actively target you over the phone. They claim to be calling from Microsoft, and declare in a doom-laden voice (often with an Indian accent) that your computer is riddled with malware. The 'miracle' cure is to give them control of your computer. Once in, they waste no time stealing your sensitive info, such as banking passwords.

Other ne'er-do- wells set a trap on Google, waiting for naive searchers to fall in. Type 'Microsoft tech support' and typically one of the top paid-for results is for GuruAid (see screenshot). Its headline sounds promising: 'Tech Support for Microsoft - Call Now (UK Toll Free) - UK.com'. At first glance, that sounds like official support for Microsoft products. Click through to their (very ugly) website and you're asked to phone a number for "toll-free assistance". But instead of contacting UK experts, you'll reach workers at an Indian call centre who'll subject you to the hardest of hard sells, pestering you to cough up hundreds of pounds to fix minor problems.

GuruAid has been around for some time. Back in 2011, someone on the Microsoft Forums asked whether they could trust the company. Complaints last year show it's as awful as ever. For genuine help from Microsoft, bookmark its support page or ring 0344 800 2400.

Charities' phone numbers

We're not saying you should stop donating money over the phone, but searching Google for the correct number is fraught with risk. In November last year, the RSPCA complained to Google and Ofcom about sites appearing in results that were advertising expensive premium-rate phone numbers for the charity. People calling the number are put through to the RSPCA's National Control Centre, so they may not realise they've been scammed.

The RSPCA said it found eight rogue sites in the first 10 pages of results. It's hard to remove such sites completely from results, but the charity asked Google to make sure they don't appear too highly.

As this proves, scammers don't just abuse people's curiosity and confusion; they also take advantage of their kindness. Only phone charity numbers that you find on the official websites.

The web's most popular sites

In 2016 Google removed 1.7bn fraudulent adverts from its results (2017 figures haven't been released yet), but some still sneak through, particularly those for the world's most popular sites. Amazon was a favourite of criminals last year, and they're very good at making the scams seem convincing. In February, the top paid-for result when searching for 'Amazon' was 'www.amazon.com/Amazon'. Cleverly constructed to fool even careful clickers, this link directed people to a Windows-support scam.

The scam reappeared in November, a few days before the Black Friday sale frenzy began. The greedy fraudsters were hoping to steal some of the millions spent by shoppers. Some people also spotted a similar scam using YouTube search results.

Scammers will always exploit the popularity of such sites, so bookmark them if you're likely to visit them regularly. That applies not just to Amazon and YouTube, but also eBay, Facebook, Wikipedia, Yahoo and Netflix.

Local services on Google Maps

This is the kind of scam that makes you mourn the passing of the Yellow Pages. In April last year Google said it would crack down on criminals listing fake businesses in its Maps service. This scam peaked in 2014-15, when Google detected 100,000 fake listings.

The company said fraudsters were posing as "locksmiths, plumbers, electricians, and other contractors". When customers phone them, they are quoted a very cheap price. But when the work is done, they are charged a much higher fee.

Google now says it detects and disables 85% of fake listings before they even appear on Google Maps. And to check that a new listing is genuine, it sends a postcard to the company's claimed address. When a business has new owners, Google phones them to verify the change.

While these measures are reassuring, nothing beats word of mouth when booking a local service. A friend's recommendation can't be hacked.

Bitcoin investment advice

Scammers love it a fad becomes a hysteria, because they know it makes people less cautious when clicking results in Google. And nothing generates more hysteria at the moment than Bitcoin, the cryptocurrency which rocketed 1,000% in value last year.

There's nothing wrong with searching Google for more information about Bitcoin, or the Blockchain technology behind it. The safest option is to type a question, such as 'What is Bitcoin?' You'll have a choice of hundreds of safe websites, all explaining how it works and examining (ie, speculating) whether it's a real investment opportunity or a bubble waiting to burst. Here's our own take on both Bitcoin and Blockchain. Importantly, nobody really knows - and don't trust anyone who says they do.

But what you shouldn't search for is 'Bitcoin investment advice', or a similar phrase. This will produce many dubious get-rich-quick schemes guaranteeing a crypto-fortune. Don't get sucked in.

Threat detection specialists have uncovered a new trend of malicious actors using GDPR compliance as a cover to target businesses with email phishing attacks.

Hackers, according to cyber security company Redscan, are impersonating well-known companies to send fake emails warning about imminent changes to privacy settings in an attempt to spread malware or steal personal data.

Redscan said it first encountered this GDPR-inspired scam in an email sent by attackers disguised as Airbnb's customer support, asking recipients to update their personal information to continue using the service.

This technique is particularly opportunistic, with it taking advantage of the growing sense of urgency spreading among businesses as they race to comply with GDPR less than a month until its 25 May deadline.

Many businesses routinely handling personal data, including Airbnb, are in the process of complying with requirements set out in the new set of data regulations, with many contacting their personal and commercial users with updated terms of service and privacy policies.

"The irony won't be lost on anyone that cybercriminals are exploiting the arrival of new data protection regulations to steal people's data," said Mark Nicholls, director of cyber security at Redscan, adding: "The skill level in launching phishing attacks is generally quite low so it's difficult to estimate the scale of such scams."

In a fake email sent by scammers using the address 'important@mail.airbnb.work' - resembling an authentic message sent by Airbnb (noreply@airbnb.com) - recipients were told they could not accept new bookings or send messages until they accepted the company's new Privacy Policy.

The email read: "This update is mandatory because of the new changes in the EU Digital privacy legislation that acts upon United States based companies, like Airbnb in order to protect European citizens and companies."

Airbnb, unsurprisingly, did not look kindly on its band being used for phishing attacks: "These emails are a brazen attempt at using our trusted brand to try and steal user's details, and have nothing to do with Airbnb."

"We'd encourage anyone who has received a suspicious looking email to report it to our Trust and Safety team on report.phishing@airbnb.com, who will fully investigate. We provide useful information on how to spot a fake email on our help centre and work closely with external partners to report and help remove fake Airbnb websites," the company said in a statement to IT Pro.

Nicholls noted that such attacks are commonplace: "Using current events and trends as bait for social engineering attacks is a common tactic. Scammers know that people are expecting exactly these kinds of emails this month and that they are required to take action, whether that's clicking a link or divulging personal data.

"It's a textbook phishing campaign in terms of opportunistic timing and having a believable call to action."

He told IT Pro the phishing email Redscan came across was targeted at a generic business address, suggesting the attackers may have scraped addresses from the web.

"As we get closer to the GDPR implementation deadline, I think we can expect to see a lot a lot more of these types of phishing scams over the next few weeks, that's for sure."

The cyber security firm warned that businesses concerned with the risk of phishing should implement measures to prevent them falling foul to such scams, including multiple email-validation and authentication systems designed to prevent spoofing, as well as holding regular training sessions for staff.

Martin Lewis, founder of MoneySavingExpert.com, is suing Facebook over fake advertisements sporting his name and face that have been popping up on the platform over the past year.

The ads promote get-rich-quick schemes with titles like 'Bitcoin Code' and 'Cloud Trader'. Also published on sites such as BBC, the Metro, Yahoo and Outbrain, the ads link to scam websites for binary trading companies.

On his blog, Lewis called binary trading a "financially dangerous, near-certain money-loser".

This online investment model, where investors bet on whether the value of an asset will be above or below a set price in the future, more often than not turns out to be a scam, costing UK investors over 87,000 a day, according to Action Fraud.

The Advertising Standards Authority, however, was not able to act against the alleged scammers since they posted the ads from outside the EU.

Facebook simply stated that it does not allow false ads on its platform and that it has told Lewis to report such ads, which it will then remove. This is despite Lewis saying that all ads referencing him are fake, since he does not put his name on advertising. He claimed that one woman lost 100,000 after an advert using Lewis's name and face persuaded her to invest it.

"Enough is enough," Lewis said. "I've been fighting for over a year to stop Facebook letting scammers use my name and face to rip off vulnerable people - yet it continues. I feel sick each time I hear of another victim being conned because of trust they wrongly thought they were placing in me."

Lewis's case hinges on proving that Facebook is a publisher and that the UK has jurisdiction over the fake ads Facebook ran.

"It's time Facebook was made to take responsibility," Lewis said. "It claims to be a platform not a publisher - yet this isn't just a post on a web forum; it is being paid to publish, promulgate, and promote what are often fraudulent enterprises."

"Facebook is not above the law," said Mark Lewis, of Seddons law firm, representing Martin Lewis. "It cannot hide outside the UK and think it is untouchable."

He announced that they will seek "exemplary damages", which will be large enough that Facebook feels the impact and does not write the charge off as a cost of doing business.

Martin Lewis said he will donate any damages won to charities combatting fraud.

IT Pro has approached Facebook for comment.

Google, Facebook, Twitter and other websites have recently banned adverts for Bitcoin and initial coin offerings, where investors pay real money for virtual tokens representing a new cryptocurrency, on the basis that scammers are taking advantage of public appetite for investing in these speculative financial services by promising quick returns that often don't materialise. Meanwhile, the EU has threatened to regulate cryptocurrencies if the huge fluctuations in the value of currencies such as Bitcoin is not addressed.

Picture: Shutterstock

Italian football club Lazio has reportedly been scammed out of 2 million by email fraudsters claiming to be a team negotiating the transfer of a player.

The Serie A team was duped into releasing funds after it received an official looking email from what appeared to be representatives from Dutch club Feyenoord, demanding a final payment for the transfer of a player in 2014.

Fraudsters with knowledge of the deal, which saw defender Stefan de Vrij transfer to Lazio from Feyenoord, were able to trick Lazio's accountants into sending the outstanding balance of 2 million (1.75m) to their own bank account, according to Italian newspaper Il Tempo.

Feyenoord claims it had no knowledge of any such communication, and that it never received the funds. According to prosecutors speaking to the newspaper, the money has been tracked down to a Dutch account, but it isn't owned by Feyenoord.

IT Pro has contacted Lazio for comment.

Hackers are frequently falling back on phishing as a means to scam users out of their cash, as fears around the spread of ransomware and DDoS attacks have led to increased spending on website security, making it harder to hack into a site.

It's also another example of how lucrative phishing scams can be, particularly when fraudsters have knowledge of high profile deals, or those involving large transfers.

London art dealers were defrauded out of hundreds of thousands of pounds when an email scamming campaign emerged in November last year. In that case, fraudsters were able to intercept PDF invoices after hacking into the email accounts of clients, replacing the bank details with their own to divert cash.

The scam against Lazio is a "classic case" of email phishing involving a compromised business deal, according to Barry Shteiman, director of threat research at Exabeam.

"Using social engineering, hackers convince employees to wire money to their accounts without the employee knowing this request did not come from within their company. Low tech, but high yield!" he said.

Image: Shutterstock

As the old saying goes, you are nobody without a name. It isn't enough for Arsenal to have a stadium, it has to be the Emirates Stadium. Apparently the marketing people believe that we will look more kindly on their brand of airline if we believe they are supporting football. For myself, I'm minded to think less critically about a neighbouring country that finally allows women to drive. But what do I know about marketing?

So, when bringing a new brand to market a few years ago, we had to give consideration to the URL that people would use to get to our site. This matters financially because there is an e-shop on there where you can buy the products. And every sale counts towards the bottom line.

Unfortunately, at the time, the domain name "manfood.com" wasn't available. I won't say what it pointed to, but let's just say it wasn't something one would want to associate with a range of delicious, award-winning pickles, condiments and sauces. Since we needed a URL, we settled on welovemanfood.com which, although awkward, has done us well for the past four years.

Recently, I googled "manfood.com" and found that it now pointed to a domain name holding page and appeared to be up for sale. My first reaction was to wonder just how wide the calculator would have be to get all the zeros onto the price tag, but there was no harm in asking.

I emailed the address given and made my enquiry. The prompt reply told me that the domain was indeed up for sale, and that it could be mine for $1,800. Not the sort of small change you might find down the back of the sofa, but not a price that demanded the arms and legs of my nephews either.

The vendor then told me he wanted to use escrow.com to do the transfer. This was all new to me, having never bought a domain name from a third party before. But I looked into the site, and it seemed legitimate. It appeared to have a fully automatic process by which the money could be deposited, transfer made, and then when both sides were happy, the ownership title would be released along with the funds.

I dropped the money in, registered and waited for the reply. As part of the paperwork, I put in my joker.com domain name hosting registration details where I host all my other domains. Was this going to be some huge online scam? Unlikely, given that "escrow.com" itself would be a somewhat expensive domain name. Or at least that's what I persuaded myself.

A few days later, a miracle occurred: the domain name was under my control and the vendor had been paid. It couldn't have been smoother. A few tweaks later, and the domain name manfood.com pointed to our existing server.

If only things were as simple when it comes to registering a new domain. Yesterday, I registered a couple of domain names for a new project: "mydigitalhealthavatar.com" and "mydigitalperson.com" seemed like useful domain names to have, despite their long names. So I registered them with Joker in the usual way, using its facilities for the registration information to be held at joker.com itself.

Today, I have received a barrage of emails from website development firms offering their services. It must be over 100 and it's only 1pm. I've also had the pleasure of two international phone calls from Indian call centres and a bunch of companies trying to send me invoices for SEO services that I neither requested nor wanted. One company even pretended to be GoDaddy, sending an invoice for $24.99 for a business logo and website to be delivered in 24 hours. And I have lost count of the number of web design "experts" who have Gmail email addresses. You'd think that a professional web designer would at least have their own domain.

Does anyone fall for this nonsense? Or is it the case that it only requires a micro-percentage to click "yes" to make it worthwhile? This ties in with the worrying rise of sending an invoice for fictitious services in the hope it will be paid. Last month, a UK company sent me an invoice for support for 2018 for a product we had bought a year ago. In the original sale, there was no mention of ongoing support. It just sent it in the hope that it would slide through accounts and get paid. Naturally, there is no way I would do business with this company ever again and have reported it to Trading Standards.

At least the website pimps are easy to spot. If they were just a little cleverer, they'd send an invoice pertaining to be from Microsoft explaining that I'd gone over my hundred "free" clicks of the Junk button in Outlook and I now owe them $24.99.

Shh - what's that? If you listen very, very carefully, you'll hear it; it's the sound of countless security experts smashing their heads against their keyboards in frustration. The cause, as so often before, is the government's laughable attitude to data privacy and cyber security.

Where to begin with this latest shambles? You may recall that First Secretary of State Damian Green was allegedly found to have rude and naughty pictures of the pornographic variety on his government-issued computer, which Green denies.

Nadine Dorries, Conservative MP for Mid Beds, leapt to Green's defence over the weekend, pointing out that if porn was found on Green's computer, it may not have been him who was downloading and/or viewing it on taxpayer time. After all, she said, her staff use her login to access her official computer all the time. Even interns on exchange programmes!

Er, sorry... What?

Yes folks, you read that correctly - Dorries is so free and easy with her access credentials that she even hands them out to visiting exchange students. To make matters worse, several of her fellow MPs admitted they also share their login details with staff, including Nick Boles, Will Quince and Robert Syms.

Of course, Dorries was quick to downplay the seriousness of her actions, stating that all she has on her computer is a shared email account, with no access to government documents. Boles, similarly, said that only the four people he employs to deal with correspondence from constituents have access to the passwords, which are regularly changed.

For the avoidance of doubt, let's be crystal clear: this is a dangerous, insecure and irresponsible practice. Under no circumstances should anyone be sharing one login between multiple staff members. There are numerous ways to ensure staff members can access a shared computer, mailbox or file storage system without having one login that simply gets passed around, and the fact that government MPs are apparently not using any of them is extremely alarming.

Dorries and co claim that sharing their login with staff isn't an issue, but let's take the time to unpick some of the many, many problems with these arguments.

Firstly, there's the issue of lateral movement. Dorries says that the only thing on the computer is a shared email account. Even if that's true, the computer itself is 'Westminster-based', and is likely to be connected to some kind of internal network. This opens up the possibility for lateral movement, using Dorries' machine as a way to gain access to a more important target within the network.

Then there's the issue of data protection. The shared mailbox used by the staff of Dorries and Boles presumably contains at least a partial list of constituents' names and email addresses, along with who knows what additional information shared as part of their correspondence. Behaviour like this puts all of that information at risk.

Last but not least, accountability is the biggest problem with using a shared login - and one that is best illustrated, ironically, by the very issue that prompted Dorries' admission in the first place. She is quite right in stating that if Green's access credentials were shared by his staff, there's no way of proving that it was him that was allegedly looking at porn, but that's a huge problem.

Let's imagine that, instead of perusing some nudes, the First Secretary of State was instead accused of using his computer to leak classified intelligence data to Russian agents. With a single shared login, it's virtually impossible to trace the source of the leak back to the mole. If everyone has their own credentials, it's instantly obvious.

The concept of not sharing your username and password with anyone is a basic, fundamental tenet of cyber security best practice, and the tools to ensure that you shouldn't need to share your credentials have existed for years. Considering that the Tories are supposed to be the party of business, its own staff seem to be trailing laughably far behind the curve when it comes to keeping up with industry security standards - which would be funny if it wasn't so alarming.

The UK is set to lose access to the European Cybercrime Centre, after it was revealed the country will no longer be a member of Europol following its departure from the European Union in 2019.

The European Cybercrime Centre - also known as EC3 - was set up by the cross-border law enforcement group to provide support for EU police forces in tackling cyber crime. EC3 assists national police with intelligence, digital forensics and strategy support, collaborating on cases involving technological elements.

Cyber security experts have expressed dismay at the news. "This is hugely disappointing," McAfee's chief scientist Raj Samani told IT Pro. "Europol have a proven record of success and one would hope a degree of compromise can be reached since the safety of all citizens across the globe is our joint mission."

The government had stated earlier this year that it wished to continue its relationship with Europol following Brexit, but the EU's top negotiator Michel Barnier said that access to Europol would not be possible once the UK leaves the EU, stating that it was a "logical consequence".

Losing access to EC3 will mean that UK police units fighting cyber crime will no longer benefit from intelligence-sharing between EU member states, as well as from the extensive support network offered by Europol's cyber specialists.

"Since before the referendum, the NCA and its partners in policing and wider law enforcement have clearly stated our need to work closely and at speed with European countries to keep people in the UK safe from threats including organised crime, child sexual abuse, cyber attack, and terrorism," a spokesman for the UK's National Crime Agency told IT Pro.

"We are confident that these requirements are being taken into account, and that there is broad consensus on the need to retain our ability to share intelligence, biometrics and other data at speed. It is also vital to ensure we can continue to provide a quick, efficient and dynamic response to crime and criminals impacting the UK and its citizens, be it from serious and organised transnational crime or local level volume crime at the heart of UK communities."

Newcastle University has been forced to warn prospective students of a fraudulent website scammers are using to harvest passport details, personal information and credit card numbers.

The site purports to be run by 'Newcastle International University', but no such educational establishment exists. Instead, it's a fake site mocked up to mimic the real university website, including pages on admissions FAQs, course details and school news.

As well as harvesting students' personal information, including names, dates of birth, email addresses and even passport numbers, the site also accepts online payments for courses.

The real Newcastle University released a statement on Twitter, confirming that it is not affiliated with the site and advising students to only use Newcastle University's genuine website.

"We've reported it to the hosting company, the organisation which provides the domain name, and the non-profit standards organisation, ICANN (The Internet Corporation for Assigned Names and Numbers)," the University told IT Pro in a statement. "The University is working with National Cyber Crime Police team, and the case has been registered with the cyber security team in the National Crime Agency."

"We would urge any students not to access this site and go to our official site: www.ncl.ac.uk or call the University's general number if they have any queries."

The fraudsters have managed to concoct an unusually sophisticated trap, according to RSA's EMEA advanced cyber defence practise director, Azeem Aleem. "Make no mistake, this is an effective scam," he said. "They've put in the time and effort to create a remarkably realistic website. It is well designed, well executed, and it highlights the very real danger of modern spoofing attacks."

"Even more worrying, they are using this spoofed site to harvest everything from credit card info, passport details, and date of birth; all the personal information that you wouldn't want to fall into the wrong hands. They have also been careful about targeting, focusing on overseas students who may not have the local knowledge to spot the difference between this site and Newcastle University's official site."

In fact, even seasoned professionals may be fooled on first glance. When compared side-by-side with the real Newcastle University website (see main image), one could argue that the fraud site is actually the more professional-looking of the two - although there are some telltale giveaways on closer inspection, such as spelling and grammar errors, and poorly-sized images.

American authorities are cracking down on fake tech support scams that fool users into believing their computers are infected and charge them for the unnecessary solution, taking legal action against four more companies and their subsidiaries.

"Operation Tech Trap" has the Federal Trade Commission (FTC) working with local and international authorities - as well as Apple and Microsoft - to prevent such scams and take action against the criminals profiting from them.

Such tech support scams have been running for years, tricking less tech savvy users into paying out for unnecessary repairs and antivirus. Sometimes the scammers cold call victims, other cases see online advertising used to show fake warnings.

Most of the Operation Tech Trap targets followed a similar pattern that will be familiar to many hit by such scams over the years. They show advertisments designed to look like pop-up alerts from Microsoft or Apple, warning that their computers are infected and offering support via a telephone number. " Some of the pop-up ads even included a countdown clock, allegedly representing the time remaining before the computer hard drive would be deleted," the FTC noted.

Call the number, and the person on the other end will outright claim or suggest to be affiliated with Microsoft or Apple, and ask for remote access to the computer to run fake diagnostic tests, which the FTC noted "inevitably revealed the existence of grave problems requiring immediate repair by one of their 'certified technicians'." That would cost hundreds of dollars, and the FTC said such tactics have been used to scam consumers out of millions of dollars in the US alone.

"Tech support scams prey on consumers' legitimate concerns about malware, viruses and other cyber threats," said Tom Pahl, Acting Director of the FTC's Bureau of Consumer Protection.

In earlier efforts to crack down on such support scams, the FTC has filed four complailnts against support companies using such tactics in Ohio, Alabama, Florida, and Colorado. "In three of the cases, the FTC has already obtained temporary restraining orders (TROs) to halt the practices, freeze assets, and appoint a temporary receiver to take control of the businesses," the FTC said.

The FTC has also said it reached settlements with two others. Seven people have been charged, with two pleading guilty already, and the FTC is working with authorities in India to crack down on such support scams operating there.

Main image: Bigstock

Symantec is terminating its partnership with a reseller that stands accused of duping people into believing they were infected by malware, before charging them hundreds of dollars to remove' it.

Silurian, which was a member of the Symantec partner programme, scammed unwitting users by flagging up fake warnings on their PCs that were designed to look like Symantec's Norton Antivirus product.

The alert, hosted on a now-defunct webpage called quicklogin.us/norton, told users: "System Critically Infected. If you are not able to click on this button, immediately contact Support toll Free Helpline 1-855-637-1900."

Senior security researcher Jrme Segura at Malwarebytes, the security firm that uncovered the fraud, said: "This screen is completely fake, but combined with an alarming audio message playing in the background, it may be enough to dupe some users."

The security company phoned the number anyway to see what happened.

A technician advised them to go to a website that would allow him to take remote control of the computer, letting him perform a diagnostic.

Segura said: "This process is a core part of the scam because it allows crooks to tighten their hold on potential victims. With remote access, scammers can literally do whatever they want on the user's machine including stealing documents to installing (real) malware."

The technician quickly pointed to Windows EventViewer, the error reporting tool that tags applications with yellow and red warning lights for problems that are generally benign, but to an inexperienced user look worrying.

He then offered Norton Antivirus to the researchers at two different price options a one-off fix and installation for $199, or a one-year warranty for $249.

The tool can be purchased for 14.99 online, giving users one year of cover.

After discovering Silurian was a member of Symantec's partner programme, Malwarebytes raised the issue with Symantec, which promised to take immediate action.

A Symantec spokeswoman told IT Pro that it is terminating its reseller partnership with Silurian immediately.

She added: "While we can't say conclusively who was behind this particular scam, we can confirm that this particular site has been taken down and that we are also in the process of terminating our partner agreement with Silurian.

"After identifying any abuse of the Norton or Symantec brand, we pursue our rights and defend our intellectual property, and where necessary will work with law enforcement."

Pictures courtesy of Malwarebytes

Despite claiming to have fixed a security hole in Google Drive last year, criminals are still making use of a Google Drive phishing scam that can steal your email address and password in just a few taps.

Last year, it was revealed hackers were using fake Google Drive documents to force you to enter your email and password, but this year's attack seems to be more sophisticated.

You may receive an email from one of your contacts, granting you access to a document stored in Google Drive. Click on the link and you're taken to the normal Google Drive sign-in screen.

Then, after entering your username and password, you're asked to enter your verification - either your mobile phone number if you have one associated to your account, or your secondary email address.

When you've entered this information, you're forwarded to your Google Drive, but there's no document in sight. You've just had your details phished.

Symantec investigated into the flaw last year and found out the login page is actually hosted on Google's servers and is served on SSL, making it seem very convincing.

"The scammers have simply created a folder inside a Google Drive account, marked it as public, uploaded a file there, and then used Google Drive's preview feature to get a publicly accessible URL to include in their messages," Symantec security expert Nick Johnston explained in a blog post.

However, it was reportedly fixed soon after, with Google saying: "We've removed the fake pages and our abuse team is working to prevent this kind of spoofing from happening again. If you think you may have accidentally given out your account information, please reset your password."