November 28, 2018 Be cyber safe in 2019
Black Friday sales, Christmas parties, tinsel appearing around the photocopier….. inescapable signs of the run up to year end. Unhappily it also appears that a less welcome end of year tradition is still on the rise; fake HMRC scammers.
On the BBC’s ‘wake up to money’ programme on 28 November, HMRC’s head of cyber security, Mike Fell, revealed that scams by people pretending to be from the tax office have risen by 20%. Moreover, the fraudsters are becoming more sophisticated; calling from numbers which appear to match those of HMRC and talking about late payment of tax or an investigation into incorrect tax returns or fraud. The wording used is designed to create a sense of panic and immediacy as well as tying in with the end of year/New Year period in which tax returns and payments are due.
With individuals and businesses being targeted it is important that internal security procedures are in place and that individuals are briefed not to click on links or provide secure information on the telephone. Equally importantly, any payment request which appears to be outside normal run of events should be double and triple checked.
That follows a warning from the South West regional cyber crime unit on the dangers of business email compromise. Typically an email may appear to come from a senior executive requesting the urgent transfer of funds to a new destination. Employees may well feel that they can’t query such an instruction from a senior member of the team, especially if that would mean interrupting them at their home over the holiday period. So the payment is made and the fraudsters celebrate.
In order to be cyber safe not only over the holiday period but also in 2019 the cyber crime unit has come up with some handy hints under the banner of ‘take five’:
- Check all correspondence for inconsistencies in spelling, grammar and content, especially any which appear to convey a sense of urgency or intimidation.
- Educate and train your people to recognise and defend against phishing attacks.
- Minimise the amount of sensitive data available online about your organisation.
- Agree secure processes to be followed when payments are requested or payment details changed.
- Install and regularly update antivirus and anti-malware software.
Most importantly, if something doesn’t feel right then educate and encourage your people to Take Five, giving themselves time to question before they act.