In our first blog on cyber security, we talked about the rise of cyber crime in a time of increased interconnectivity and in light of the Covid-19 outbreak, which has led to more people working from home – and a whole new series of scams.
Phishing emails – fake communications by email that appear credible – are the most common form of cyber crime, whether designed to convince the user to reveal private information and data, or containing links that can introduce malware on to your computer or network.
As detailed in our blog on firewalls, malware is damaging software that can detect passwords and bank information, infect individual files or a whole network, and install itself on your system to carry out illegal activity.
One form of malware is ransomware. This is where your files are taken over so that you no longer have access to them. The instigator will then threaten to delete them unless you pay a ransom.
Phishing and ransomware – consequences and what to do
Cyber crime can have serious consequences for individuals and businesses.
Phishing emails can lead to people inadvertently:
- Passing on personal data such as their date of birth, address or bank details
- Clicking on links that download malware on to their computer
A recent example of this was an email claiming to be offering online shopping slots to those shielding due to Covid, which contained a link that introduced malware on to the user’s computer.
For businesses, the risks can include:
- Security breaches such as hackers gaining access to customers’ personal information
- Infecting a company’s computer network and halting its operation
In one high-level example, in 2018 the Italian football club Lazio was tricked by an email phishing scam into paying £1.75m into a hacker’s account, thinking they were paying the final instalment of a transfer fee for defender Stefan de Vrij.
The National Cyber Security Centre (NCSC) has advice on Phishing attacks: Defending your organisation.
Ransomware is designed to lock you out of your account(s) or take over websites that you run. The NCSC offers help with how to recover an infected device and advises not to pay any ransom, as there is no certainty that you will be given back access to your data or device and your computer may remain infected. On top of this, you will be funding criminal gangs and will be more likely to risk future attacks as you will have shown yourself willing to pay ransoms.
Cybercrime in the gaming world
Millions of people play online games, but they can come with a security risk if you don’t protect your connection with the appropriate cyber security features.
Computer Weekly recently reported that video gamers are being “barraged with cyber attacks” (September 2020). The magazine mentions research by Akamai Technologies and DreamHack that suggests that in the past two years the gaming industry has experienced a staggering 152 million web application attacks and 10 billion credential stuffing attacks.
Credential stuffing is where attackers use login information stolen from one source to get access to further accounts across multiple sites, using automated login. The best way to avoid it is to create strong passwords and to avoid using the same password across a range of accounts.
There are also cases of gamers using “boosters” to attack other gamers’ routers, causing overload and crashing their internet connection.
In addition, many online games today feature “loot boxes”, which are bought with real money without the player knowing their contents. As children can purchase loot boxes while playing an online game, the Gambling Health Alliance (GHA) is currently campaigning to have this activity classed as gambling.
Parents and carers should be aware that young people might be spending money on loot boxes – they should also be conscious of the risk of children playing games that are unsuitable for their age, especially when they are communicating with adults online as part of the game.
Where to go for help
The UK charity YGAM offers free online training to those who work with young people, to educate and protect them over online gaming and gambling.
The National Cyber Security Centre (NCSC) provides advice and practical guidance on cyber security for individuals and businesses.
Serious cyber breaches should be reported to the police or through Action Fraud, the National Fraud and Cyber Crime Reporting Centre.