Spam evolves - Is less annoying, but more dangerous

Over the last 3 years, the sort of spam we used to get has essentially disappeared[ . No, not the tinned food product, but the unsolicited and quite franking, irritating e-mails.
However, commercial advertising is still alive and well! (Business to business unsolicited e-mail is still legal)
Laws have been passed in the USA and Europe which have allowed law enforcement to move in swiftly to close down the companies who used to send millions of messages advertising cheap drugs etc.

Some spam is just plain annoying, however it can also be used as a means to access personal details and fraud. AKA phishing.

Sadly, this variety of spam is on the rise along with e-mails whose sole intent is to trick the recipient into downloading malware.

Here at Digievo, we filter out and delete e-mails for our customers which are clearly identifiable as spam. The percentage of all e-mails which are filtered has grown from around 45% - 60% since 2012.

Unfortunately, the
miscreants that send these spam messages evolve  their techniques just as quickly as the technology we use to block them.
Years ago, spammers would run their own servers, but as the bulk of spam is now essentially either fraud or malware (an offence under the Misuse of Computers Act), they no longer do this.
Instead, they compromise individual computers which belong to private individuals and use those machines to send the phishing malware e-mails.
The miscreants will have hundreds to thousands of compromised computers under their control at any one time. This means that filtering spam has become harder because every spam message comes from a different (and generally legitimate) sender.

From the mid noughties through to 2012 the content of phishing and malware e-mails remained consistent.
Today, the content is often on trend and short lived. For example, during the first 2 weeks of 2014, almost 50% of phishing e-mails were targeted towards owners of new Apple devices.
Thefts of personal information from large internet companies and retailers mean the miscreants have accurate lists of data.
They are therefore able to send targeted content to specific groups of users.

As companies get more into using cloud solutions and social media to connect with their customers, the awareness of phishing and malware are key to keep everybody safe.

The nightmare scenario with phishing is that a company is locked out of their cloud
systems or social media accounts. This can be detrimental to a company who use social media as the attackers then often post malware or dodgy content which appears to be posted by the company.
While these events are indeed criminal. Getting the police involved is extremely difficult as such cases are incredibly complex.
Some of the malware doing the rounds is hugely damaging. Cryptolocker and variants silently install on the attacked computer and encrypt (password protect) all the companies files before demanding a ransom.

If this were to happen to you and you are unable to recover from your back up, then that data is probably lost forever.

Although anti-virus software should detect the malware, this cannot always be guaranteed. The best protection against malware is the use of a good anti-virus alongside staff training.

As in the previous blog post when I wrote about spam, a number of measures exist which can secure e-mail and alleviate the issues. Sadly, the amount of people who still don’t implement these security measures is in the majority.

If you wish to get your e-mail hygiene and security checked out, why not give us a call on 0845 805 4870 or contact us via our website
www.digievo.co.uk



Phishing e-mails from Co-Operative Bank?

Over the last few days, we have seen a large volume of e-mails proclaiming to be from the Co-Operative Bank. They are asking their customers to confirm their banking details for a whole variety of reasons, most recently stating that there is a transfer pending which they are unable to receive until the user confirms their details by clicking on a link within the e-mail message.

To begin with, these e-mails came from a relatively believable address -  co-operative-system.coop-uk.co.uk – but then subsequent e-mails have arrived from - co-operativebank.co.uk – which is the legitimate domain for the bank.

These emails are 100% fraudulent, they are solely designed to trick the recipient into handing over sensitive banking details.
The fraudsters are then able to gain access to your online banking information.

 

If you receive one of these emails, do not respond in any way. Just delete the messages.
Banks do not contact their customers for personal account details via e-mail. If in doubt, call the bank to enquire about your account directly.

For a full technical analysis see below;

 

 

The initial giveaway that this is a fraudulent e-mail is if you examine the link you are being requested to click on. It claims to take you to the Co-Operative Bank’s website, instead, it takes you to http://beirutdiscounts.com which has been hijacked, but thankfully, as of this morning, displays an error message rather than capturing people’s details.

The e-mail originates from the IP address 122.62.112.4 which is located in New Zealand and I highly doubt therefore authorized to send messages on behalf of the Co-Operative Bank;

 

inetnum:        122.62.0.0 - 122.62.255.255

netname:        PLV-TELECOM-NZ

descr:          Telecom New Zealand Ltd

country:        NZ

admin-c:        IA42-AP

tech-c:         IA42-AP

notify:         nic@netgate.net.nz

mnt-by:         NZTELECOM

changed:        dbk1@netgate.net.nz 20090826

status:         ASSIGNED NON-PORTABLE

source:         APNIC

 

The most concerning factor of these phishing e-mails is that they claim to be from a legitimate Co-Operative Bank domain. But if we look at the Co-Operative Bank’s sender Policy Framework* (SPF) records then we get the following;

v=spf1 mx:cfs.co.uk a:apps.co-operativebank.co.uk a:applications.co-operativebank.co.uk include:foretelsystems.com –all

The final section tells the SPF checking to look for SPF records for fortelsystems.com and include those in the search. However, unfortunately, at this time, this domain has no SPF records. This means the verification of the Co-Operative Bank’s email’s security fails.
This is what has allowed the fraudsters to send these e-mails from their own domain.

What a sobering thought. A high street bank has failed in its duty to protect its customers.
A simple mistake to make, but it comes with serious consequences for its trusting customers.

 

*Sender Policy Framework (SPF) is a validation system for e-mail. It is able to detect fraudulent e-mails and checks that incoming messages are arriving from a valid domain authorized by that domain’s administrators.

Police Warn of Malware Bearing Their Name

A number of users have reported a new scam whereby their screen locks up and a message is show saying the computer has been locked by the police.  This is a scam and under no circumstances should you use the contact details on the screen.

With up to do windows updates and anti-virus software this issue should not arrise and can be dealt with by us very easily.  Call us on 0845 805 4870 if you encounter this issue.

The full message from the Police is shown below;

 

Police have asked computer users in Nottinghamshire to be on their guard after a number of suspected internet frauds were reported to the force.


Nottinghamshire Police have received a number of calls in relation to an internet scam where members of the public receive an online pop-up message claiming to be from Strathclyde Police or the Metropolitan Police.


The message states that the individual's computer has been locked by police, and that they will need to call a given number or pay a fine online for viewing inappropriate or illegal content online.


The computer screen locks in most cases.


Samantha Hancock, of Nottinghamshire Police’s Pre-Crime Unit, said: “Various police forces across the UK have informed the public that this is an internet scam and has absolutely nothing to do with them.


“The police would like to make it clear that they would never ask the public for money under such circumstances and urge anyone who receives the pop-up to not to follow the payment instructions or call the number given.


“They should definitely not pay any money or divulge personal details.”


Action Fraud and the National Fraud Intelligence Bureau are aware of the scam and are in the process of updating their websites with the correct information.
If you receive such a message on your computer, rest assured that no one has discovered any illegal material on your system. 


Removal of the virus needs to be done with care using the operating system’s ‘Safe Mode’ as an incorrect removal could easily lead to your computer becoming unusable and all your data and files being lost. 


If you do not have specialised knowledge in this area, you are advised to seek professional advice in unlocking the computer and removing any associated virus.
In a separate scam reported in the county, a man paid £260 to secure a £1,500 loan after receiving an unsolicited telephone call from a company who knew he had been researching loans on the internet.


He never received the loan, and was verbally abused when he rang the company to enquire about it.


In several other cases, PC owners have been contacted by callers claiming to represent software companies, including Microsoft.
The callers have offered to install security packages on the computer and have been able to access the computer remotely. 


The packages were installed, but it is not clear whether they are genuine packages or ‘trojans’ – computer programmes which contain viruses or damaging malware.


In all three cases, the computer owner was asked to make payment at shops with a Paypoint or Ukash facility or at a Western Union money transfer shop. Another similarity was that the callers all had telephone numbers with 0203 dialling codes.


Samantha Hancock added: “There is a real warning here about internet security. We all know that when we go online our security is compromised to a certain degree, but you should always exercise caution if you receive a cold call from someone who appears to know exactly what you have been searching for.


“There is always a risk in accepting offers from cold callers in any event. It is also highly unusual for companies to request payment in this way. Certainly, in the case of the loan, we know that this has proven to be a fraud. 


“There is nothing illegal about charging a fee to install a computer security package for someone or to resolve any other problem, as long as the service offered is legitimately provided. However, many genuine security packages can be easily downloaded free of charge.


“There are undoubtedly individuals around the world who have identified this as a potential cash-generating enterprise, but it is difficult to know whether they can be relied upon to do what they offer.


“If you are also suspicious that the caller is not the person they purport to be, it should sound alarm bells. Do not reveal personal financial information to anyone whose identity you cannot verify and trust. Loans should only be taken out with reputable, recognised companies.”
If anyone has any information about a similar incident, they should telephone Nottinghamshire Police on 101 or Crimestoppers on 0800 555 111.

Message sent by
Lindsay Donnelly (Police, Administrator, Nottinghamshire)

Netgear Releases 2011 Results

We've been a Netgear partner for some time now and recommend their network, wireless and storage solutions to our customers as our vendor of choice so it's nice to see that they are continuing to grow 20% year on year and continuing to innovate in their product range.

It would be fair to say that in the past, most likely because of their stength in the home and SOHO market, people have tended not to think of Netgear as a vendor for SME and corporate equipment but we are finding increasingly their switching, wireless and storage solutions offer significant featuresets and performance directly comparable with those of high end vendors such as Cisco at highly competative prices.

If your network is feeling slow and Gigabit or 10 Gigabit upgrades are calling, if your wireless is performing poorly or hard to manage or if you are running out of storage space we have some great solutions at very afforable prices so give us a call on 0845 805 4870.

Don't just take out word for it - Netgear's official line on 2011 reads as follows;

 

NETGEAR® REPORTS RECORD FOURTH QUARTER AND FULL YEAR 2011 RESULTS

·       Record fourth quarter 2011 net revenue of $309.2 million, as compared to $258.5 million in the comparable prior year quarter, 20% year on year growth

·        Fourth quarter 2011 non-GAAP net income of $26.5 million, as compared to $16.1 million in the comparable prior year quarter, 65% year on year growth

·       Fourth quarter 2011 non-GAAP diluted earnings per share of $0.69, as compared to $0.44 in the comparable prior year quarter

·       2011 net revenue was $1.18 billion, as compared to $902.1 million in 2010, 31% year on year growth

·       2011 non-GAAP net income of $105.2 million, as compared to $62.9 million in 2010, 67% growth

·       2011 non-GAAP diluted earnings per share of $2.77, as compared to $1.74 in 2010

·       Company expects first quarter 2012 net revenue to be in the range of $310 million to $325 million, with non-GAAP operating margin in the range of 11% to 12%

 

 

Increased Theft Incidents

The hard times of late, it seems, have brought with them an increased risk of both business premises and homes being burgled. 

The press have recently reported a 13% raise of burglary to signal the end of the otherwise 16 year fall in such crimes and recent events with our customer base have accelerated way beyond what we’d expect to see over a year but in the last quarter.

A local police man commented to one of our customers who was recently burgled at home that over 30 burglaries had occurred in Wollaton alone in the previous week.  Clearly levels of crime which we would be amiss to ignore as a threat to our businesses.

Obviously we all need to be vigilant to observe sensible and reasonable security provisions but at a few key things need to be understood with relation to business IT equipment.

Data Backup

A key thing often overlooked is that when computers are stolen the data they contain may be lost if it’s not regularly backed up.

Whilst staff using computers in offices generally save data to network drives it’s also common for people to mistakenly (or for perceived convenience) save documents to their desktop which in most scenarios will then not be backed up and therefore would be at risk of being lost.

Another common situation is laptop users such as sales people and directors who spend most of their time out of the office and therefore save exclusively locally on their laptops either to their desktop or local “my documents” folders. 

A key point is that there are solutions for all of these issues and though they most likely all include some level of cost it’s really important to weigh up this cost against the costs that will be incurred by the business should the data be permanently lost.

Be sure to check out our cloud backup product which provides a low cost managed solution for both mobile users and other backup needs - more details here

Data Protection & Theft

If a business computer is stolen the directors of the company must be made aware and it is their duty to ascertain whether any private and personal data was held on the stolen device(s) which may put their staff, suppliers or customers at risk. Breach of the Data Protection act can lead fines both for the company and personally for the directors.

All companies processing private and personal data must have a Data Protection Register entry and also have a duty to report breaches where data is lost to the Data Protection Agency under certain circumstances.  These duties and regulations can be hard to understand and would recommend that advice is taken by directors before they take any actions directly whether this involves contacting the individuals, whose data has been lost, contacting the Data Protection Agency or otherwise making public statements.

We provide a full service to check your registration is correct and assist you with managing your data proactively and also dealing with breaches.  Our service is fully confidential so please feel free to contact us either by using our contact form or by calling us on 0845 805 4870.

Network Security

Standard precautions such as requiring passwords to access computers can go a long way to ensuing that your business data is protected in the event of theft but the implementation of strong and comprehensive security procedures is a detailed and complex process.

We are currently providing free security audits for local businesses so if you would like to ensure that your IT security is up to scratch again give us a call and we’ll arrange a visit.

Physical Security

A range of options exist to physically secure your computers with solutions available for desktop computers, server and laptops.   These solutions range in price from roughly £30 for a security cable to lock a laptop to a suitably secure point right up to roughly £900 for a “laptop safe” which protects up to 50 laptops or netbooks.

Although these are obviously additional costs to bear when purchasing equipment against the hassle and time cost of replacing equipment they will quickly bear returns should theft occur.

A recent theft of laptops from a customer’s office showed us just how quickly 10 laptops could be removed from an office unless they are physically secured.

Advice & Support

If you need any advice or would just like to discuss options and risks please feel free to give us a call.

We cover a wide are but we are local to Beeston, Wollaton, Bramcote, Long Eaton etc and fast and friendly with years of experience in ensuring that security needs are properly taken care of.

 

The Internet of Things

Back in the 90's computer with an Internet connection was a strange thing.  

Here we are nearly 15 years later and you can even get an Internet connected fridge!

The good guys a Cisco have ably illustrated this with the following Infographic

 

BT Scam

Hot on the heels of this years round of scam e-mails purporting to be from the Inland Revenue and offering healthy refunds we've seen a new one today which pupports to be from BT.

This is a perfect example of phishing scams whereby scammers attempt to lure you into giving over your personal or preferably credit card details by playing the age of confidence trick and pretending to be someone that you trust

Here's a sample of the e-mail:

 

Looking at this it appears to come from ebilling@bt.com but looking at the headers tells us a completely different story....

This e-mail originated from an address in China and reached us via an compromised computer.

 

This type of scam is not new and it won't be the last time we see it.   If you are one of our customers and recieve a suspect message always forward it to us and we'll be more than happy to check it out for you otherwise play by these rules;

  1. Big companies like BT, banks, ebay etc will never e-mail you to ask for details - they will nag you when you next log safely into the site.
  2. Never trust the address that an e-mail purports to come from as this can be easily forged
  3. Before clicking a link in an e-mail hover over it and look at what address comes up - if it's not the address you are expecting then it's most likely a fraud.