Fishing gear seller caught in hacker's net

The UK's biggest fishing shop has been hacked, with its website redirecting keen anglers to an adult website. Angling Direct, which sells fishing gear online and through stores, said it was hit by the attack late on Friday. The company’s Twitter account has also been compromised and the attacker used it to post a mocking tweet claiming the company had been sold to adult website Pornhub. Angling Direct have said it is not clear if any personal data has been compromised - and that no payment data could be. The attacker also posted an email address where they could be reached, along with an offer to return "information and access" to the site.
Robinhood trading app hit by data breach affecting seven million

US share-trading app Robinhood has been hit by a security breach that has exposed the names or email addresses of more than seven million people. Despite the number of affected customers, the company says it doesn’t believe the more sensitive information such as US social security numbers and financial information have been revealed. Robinhood said it had rejected a demand for payment and reported the attack. The breach happened on the 3rd November using the social engineering tactic which is designed to trick employees into divulging login details or other sensitive information.
REvil: Day of reckoning for notorious cyber gang

A global police operation has dealt a devastating blow to one of the most prolific cyber-crime gangs in history. The co-ordinated action against the REvil gang was announced on Monday by Romanian police, the US Department of Justice (DOJ) and Europol. The raids, which took place both on and offline, led to the arrests of two alleged hackers in Romania and one from Ukraine. REvil has been blamed for major hacks on global businesses in recent years. The US also announced that it had successfully retrieved more than $6m (£4m) in cryptocurrency from the gang in a so-called "claw back" hacking operation. In recent weeks the leaders of REvil announced that pressure from authorities had forced them to shut down operations.

Lottery Scam Protection Tips
Following a recent spike in Lottery related scams in the UK we thought it was best to have this week’s protect section focus on good practices we can all use to ensure we avoid falling victim to a scam such as this.
SO in order to understand how to protect ourselves from a Lottery scam, let’s have a quick look of what the actual scam entails:

  1. Victim receives an email detailing they have won a large sum of money in an (overseas/ online) lottery draw. This email may have been obtained through a data leak online (Click here to read more about this). This lottery is either a fake company the fraudsters created, or they will use an existing lottery company and pose as that trusted entity to gain the victims trust.
  2. When the victim responds to the fraudster, they’ll be asked to supply personal information and copies of official documents etc.
  3. Once the victim has provided their personal information, the fraudsters will ask you to pay various fees – for example: taxes, legal fees, banking fees etc. – so that they can release your non-existent winnings.
  4. Each time the victim makes a payment, the fraudsters will come up with a reason why the winnings can’t be paid out unless you make another payment
  1. This cycle will continue until the victim realises it’s a scam and can put a stop to their transactions.
Now that we have established the process of falling victim to this scam let’s see what we can do to prevent and protect ourselves from it:
  1. Never respond to communications such as the one described above: if you haven’t entered that lottery then you can’t have won it.
  2. An enquiry of a fee payment for winnings is a good indication of a fraudulent scheme taking place; this is because no certified lottery organisations will ask for this fee.
  3. Many fraudulent emails have bad spelling and grammar – see this as a warning that fraudsters are at work.
    1. In any kind of scam that involves email communication there may be indicators in spelling/ grammar that may help you spot a scammers email.
    2. Click here to learn more about what to look for when analysing an email from a fraudster
If you have been a victim of this type of fraud click here for NCSC guidance in order to proceed safely.


BazarBackdoor now abuses Windows 10 apps feature in 'call me back' attack

A Microsoft Windows 10 app feature is being abused in a new phishing campaign spreading the BazarBackdoor malware. On Thursday, researchers from Sophos Labs said the attack was noticed after the cybersecurity firm's own employees were targeted with spam emails -- but rather than being run-of-the-mill, these emails were written with at least a basic level of social engineering. The email contained a link to a PDF file but really was used by the attacker as a rap to bait in their victims.
Hacking group says it has found encryption keys needed to unlock the PS5

Hacking group Fail0verflow announced Sunday evening that it had obtained the encryption "root keys" for the PlayStation 5, an important first step in any effort to unlock the system and allow users to run homebrew software. Extracting the PS5's system software and installing a replacement both require some sort of exploit that provides read and/or write access to the PS5's usually secure kernel.
Invisible characters could be hiding backdoors in your JavaScript code

A security researcher has shed light on how invisible characters can be snuck into JavaScript code to introduce security risks, like backdoors, into your software. Earlier this month, University of Cambridge researchers revealed a clever attack dubbed 'Trojan Source' for injecting vulnerabilities into the source code, in a way that the malicious code cannot be easily detected by human reviewers.
Average ransomware payment for US victims more than $6 million, survey says

A new report has found the rates of which ransomware victims pay if fallen victim to one of these attacks: In the "State of Ransomware Readiness" study from Mimecast, researchers spoke with 742 cybersecurity professionals and found that 80% of them had been targeted with ransomware over the last two years. Of that 80%, 39% paid a ransom, with US victims paying an average of $6,312,190. Victims in Canada paid an average of $5,347,508 while those in the UK paid nearly $850,000. Victims in South Africa, Australia, and Germany all paid less than $250,000 on average.
What can we offer you?
Click here to subscribe to the Cyber Crime Sentinel Newsletter!
Get in Touch

UK Education and Childcare Sector Alert and Resources

The National Cyber Security Centre has released the following guidance to schools - Cyber Security for Schools.  This page houses free resources for everyone working with schools. The education sector has recently been affected by a number of cyber incidents. 

Alert: Further targeted ransomware attacks on the UK education sector by cyber criminals

Support for UK education sector after growth in cyber attacks

New NCSC guidance aimed at the UK Early Years education and Childcare sector
The new guidance, produced in association with key stakeholders in the Early Years sector, will help organisations protect the growing amounts of sensitive information held on children and their families, from both accidental damage or from online criminals.

Keeping children safe in education 2021

Please get in touch with us if you'd like to know more about the free education sector cyber protection support services we provide. 

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
The West Midlands Regional Cyber Crime Unit will be taking part in this years Cyber Fringe Festival on the 23-27th November 2021. Get your free delegate pass today!

On the fringe of Cyber & Security: 5 days of Strategic, Operational and Technical sessions, covering: Cyber industry, Defence & Emergency services, Diversity, Government, Acceleration, and Skills.


The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Apple Podcast
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp