Copy
U.K. Arrest in ‘SMS Bandits’ Phishing Service

UK authorities have arrested a 20 year old man for allegedly operating an online service that distributes large scale phishing campaigns via text messages. The service that has been marketed under the name ‘SMS Bandit’ and is responsible for a large volume of phishing lures including those spoofing the Covid-19 pandemic, PayPal and tax revenue organisations. Currently the NCA have declined to name the arrested individual but confirmed that the individual from Birmingham was detained by the Metropolitan Police Services Cyber Crime Unit in connection to a business that provided “criminal services related to phishing offences.”
 
Over 500 million Facebook users' phone numbers are for sale through a Telegram bot

The phone numbers of over 500 million Facebook users have been stolen and are being sold on dark web forums as a result of a vulnerability that was originally patched in 2019. Potential buyers can look up details in the database using a Telegram bot set up by the persons responsible. The bot allows individuals to look up a user’s phone number providing they have their Facebook ID or alternatively they can find their Facebook ID from just a phone number.
 
Mensa Website Hacked After Britain’s Smartest Folk Failed To Secure Passwords

The society for people with high IQ's, British Mensa, have suffered a hack after failing to appropriately secure the passwords on its website. The hack resulted in the theft of members’ personal data and subsequently resulted in the former director and technology officer at British Mensa, Eugene Hopkinson, stepping down claiming that the company had failed to properly secure the data of its 18,000 members. According to Hopkinson, the passwords of British Mensa members were not hashed and therefore could be deciphered by malicious actors.

The Mensa website reportedly stored other sensitive information including, instant messaging conversations, IQ scores of current members and failed applicants and payment details.
 
Police have seized thousands of computers running one of the most dangerous hacking networks worldwide.

Law enforcement and judicial authorities worldwide have disrupted one of the most significant hacking networks of the decade known as Emotet and seized thousands of computers in the process.

The Emotet botnet gains access to an individual’s computer via malicious email attachments. This access is then sold to malicious actors who install even more dangerous malware.

The operation to disrupt Emotet was the result of a collective effort between authorities in the UK, the US, France, Canada, Lithuania, Ukraine and the Netherlands, coordinated by Europol.

Europol Press Release
Safer Internet Day

Tuesday the 9th of February marks the 18th edition of Safer Internet Day. This event takes place across the world with the goal of bringing stakeholders together to make the internet a better and safer place for all, especially for children and young people. For Safer Internet Day 2021, the theme revolves around exploring reliability in the online world. Below are some of helpful tips from the Safer Internet Day website that could be useful to you or your family.

What are the risks to children online?

  • Their own conduct - Children need to be aware of the impact their online actions can have on both themselves and other people.
  • Content - A lot of online content may not be appropriate for children. Harmful or inappropriate content does not have to be searched for but may be stumbled upon accidentally via social media networks, online games or websites.
  • Their contact with others online - As we know, lot of people online are genuine, but some people use the internet to chat to young people for all the wrong reasons. Visit Think You Know to discover ways educate children around online friendships. 

Tips for parents, carers and those who work with children and young people

  • Communication - Knowing what children are doing online is the first step in understanding how you can help and support them. Talk regularly with the individual about the types of people and pages they follow. Are they appropriate? In line with this year’s Internet Safety Day theme, ask yourself, is the information they are consuming reliable?
  • Lead by example - If you come across a fake news story or receive a phishing email, make it a learning opportunity for a child. Discuss with them how you spotted it and let them know how you dealt with it. If you see an unreliable article or resource, you could show them how to fact check using reliable websites or books.
  • Educate - Teach them about their digital footprint and privacy online. It is important that they are aware of who can see the content they post. Ensure that you highlight the importance of keeping personal information safe by not sharing it with strangers. Finally, while we never want them to have to do such a thing, it is vital to discuss with children the importance of why and how they should report inappropriate conversations, messages, images and behaviours to a responsible adult or service. 
  • Check in with them - Misleading or false content can have adverse effects on a child, for example harmful claims. Therefore, it is best to regularly check in and reassure them.
For more information, visit https://www.saferinternet.org.uk/ where you can find range of age specific resources and information, details regarding training opportunities, advice services and free virtual events. 
Cyber innovators help protect UK connected places
 
The latest NCSC Cyber Accelerator cohort has been announced.

Tech entrepreneurs are receiving support from the UK’s top cyber security experts to help protect the country’s connected places of the future.
 
Global VoIP (Voice over Internet Protocol) is rising with mobile VoIP users exceeding 1 billion in 2017 and current predictions have estimated the number is as high as 200 billion users in 2020.

However, in spite of its growing popularity, there is also a genuine security concern, as over half of cyber security attacks target VoIP systems, according to IBM.
The Rise of Ransomware
 
From the first case seen in the late 1980's to modern day attacks such as 2017's WannaCry, ransomware is constantly evolving and remains a major concern today to individuals and businesses alike.

The NCSC have released an article detailing the history and rise of ransomware as well as some useful advice on how to protect yourself against it. 
Sprite Spider emerging as one of the most destructive ransomware threat actors
 
The Sprite Spider Group is now utilising a ransomware code suite that is both effective and difficult to detect. Sprite Spider has grown rapidly in sophistication since its start in 2015 and is currently thought to be one of the biggest ransomware threat actors of 2021. Their attacks are often undetected, primarily due to its code appearing harmless and hidden in open-source projects, for example Notepad++.
What can we offer you?
Get in Touch
Click here to subscribe to the Cyber Crime Sentinel Newsletter!

Virtual School and Education Cyber Aware Training Events

Join our online webinar aimed at schools and educational organisations and discover how cyber attacks and ransomware are being used to target them. Get the latest advice and cyber awareness training for all staff.

Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

Cyber Choices: Virtual School and Education Events

Join our online webinars aimed at schools and educational organisations for advice and support on how we can help young people make informed cyber choices and use their cyber skills in a legal way.

Please note: All participants are screened before being invited to the event. Please use your corporate school email address when registering.

Cyber Aware - Training for staff: Sports Organisations

Join our monthly online webinars aimed at sports organisations and discover the latest attacks businesses are facing, the social engineering tactics being used to gain data and the latest awareness training that staff need to know.

Please note: All participants are screened before being invited to the event. Please use your corporate sports email address when registering.

If you think you may have been the victim of fraud or cybercrime and incurred a financial loss or have been hacked as a result of responding to a phishing message, you should report this to Action Fraud 

Spotted a suspicious email? If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS): report@phishing.gov.uk

Alternatively you can call 0300 123 2040
to report and obtain advice about fraud or cyber crime
Our lives are relying on technology more every day. Join us each week for your bitesize cybersecurity podcast. In this increasingly technical world we deliver non-technical cyber news, and identify the current threats we’re facing.
https://cyberthreatweekly.buzzsprout.com/
 

 

The WMCRC work with local Universities and Police forces in Staffordshire, West Midlands, West Mercia and Warwickshire to provide you access to the latest information on emerging cyber threats, criminal trends and best practice to protect your business.
Facebook
Twitter
Website
Spotify
YouTube
Apple Podcast
LinkedIn
Facebook
Twitter
Link
Website
Copyright © 2021 West Midlands Regional Cyber Crime Unit, All rights reserved.


Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

Email Marketing Powered by Mailchimp