Welcome to the latest edition of the Neu Cyber Threats, a weekly series in which we bring attention to the latest cyber-attacks, scams, frauds, and malware including Ransomware and DDoS, to ensure you stay safe online.
Here are the most prominent threats which you should be aware of:
Cyber Criminals and Fraudsters are exploiting easyJet Cancellations
The recent spate of cancellations by easyJet has led to cyber criminals and fraudsters targeting customers who are looking for refunds. Anyone who has had their flight cancelled by the airline needs to be take precautions when contacting the airline online, and ensure they are only communicating with the airline’s official channels.
Scammers have targeted customers affected by the recent flight cancellations by easyJet, utilising fake customer service Twitter accounts. Following the airline’s announcement of cancelling 1,700 flights scheduled to depart from Gatwick Airport during the summer, scammers wasted no time attempting to take advantage of the situation. Individuals need to be able to identify and report these Twitter scams effectively.
Various fake easyJet Twitter accounts have emerged since the cancellations were announced, although some have already been shut down. However, an investigation revealed the existence of five active fraudulent accounts. These accounts, created recently, include links redirecting users to phishing websites in their bios. Scammers attempt to extract personal information from unsuspecting victims on these deceptive sites.
What to look out for to identify this scam?
Additionally, the fraudsters have infiltrated ongoing Twitter conversations between frustrated easyJet customers and the airline itself. In responding to complaints, these fake accounts prompt customers to send direct messages (DMs). When investigators engaged with one of these accounts, they were swiftly asked to provide their phone number and personal details. Genuine customer service representatives typically request booking or reference numbers initially, so it is important to be cautious when someone asks for personal information.
How to spot a fake social media account
While legitimate companies may ask customers to send DMs for assistance, careful examination reveals that the messages from the accounts mentioned above do not originate from easyJet’s genuine Twitter account. The airline’s official account is @easyJet, which bears a gold verification tick. Checking the number of followers is another useful method for identifying fraudulent accounts. Most fake accounts have only a handful of followers, whereas easyJet’s legitimate account boasts over half a million followers.
When questioned, easyJet stated to Which? that they are continuously monitoring and aware of these fraudulent accounts. The airline reports fake accounts to Twitter and advises customers to exclusively follow and engage with their official Twitter channel, @easyJet, for the latest updates or to seek support. They strongly caution against engaging with or clicking on any links from other accounts.
How to report the scam and protect yourselves and others
Users can click on the three dots above the account’s bio to report a suspicious Twitter account and select the “report” option. Individual tweets can be reported by clicking the three dots above the tweet and selecting “report.” If personal details, such as an email address, were shared with scammers, it is crucial to change the passwords on any affected accounts immediately.
Furthermore, individuals should remain vigilant against suspicious calls, as fraudsters may attempt vishing scams after obtaining their phone numbers. Lastly, if money was lost to scammers, individuals should promptly contact their bank using the number on the back of their card and report the scam to Action Fraud.
Online scams are being reported every five seconds
Online scams in the UK are being reported at an alarming rate, with an average of one every five seconds, according to the National Cyber Security Centre (NCSC). In their sixth annual report from the Active Cyber Defence (ACD) program, researchers revealed that 7.1 million suspicious emails and websites were reported to authorities in 2022.
The report highlights the significant contribution of UK organisations and citizens in flagging nearly 20,000 suspicious emails and URLs per day. This collective effort resulted in removing thousands of malicious links from the internet. The NCSC’s Suspicious Email Reporting Service (SERS) played a crucial role in this process. Launched in April 2020, it was the first service of its kind globally and allows individuals to report suspicious links and emails free of charge.
Since its inception, the NCSC has eliminated around 235,000 malicious links from the internet. The agency’s “whole-of-society” approach to combating cybercrime has prevented millions of high-volume cyberattacks targeting UK organisations and citizens annually. This collaborative approach emphasises the role of small businesses in creating a safer online environment.
Jonathon Ellison, the NCSC Director for National Resilience and Future Technology, emphasised the importance of small businesses in enhancing cyber resilience. Despite constituting 99% of the UK’s business ecosystem and being vital to national prosperity, small companies often need more expertise and financial resources for robust cybersecurity. In response, the report shows a 39% increase in organisations signing up for ACD’s free services in 2022. Two new tools were launched to support small organisations: Email Security Check, which assesses email security aspects, and Check Your Cyber Security, a scalable vulnerability check tool.
Martin McTague, National Chair of the Federation of Small Businesses, praised the NCSC’s efforts to make their services accessible to small businesses. He highlighted that cybercrime is considered the most impactful crime in terms of cost and disruption to small businesses’ operations, with one-fifth of them recognising its significance.
The ACD report also sheds light on the prevalence of phishing scams as the most common type of attack hosted in the UK, despite declining global phishing campaigns originating from the country. Additionally, opportunistic attacks targeting the UK government decreased by 17% in 2022, while cryptocurrency scams exploiting the war in Ukraine remained a consistent threat throughout the year.
NHS Data may have been compromised in University Cyber Attack
Recent reports suggest that NHS patient data may have been compromised in a cyber attack on the University of Manchester. The university’s systems were believed to be accessed, potentially exposing information on 1.1 million patients gathered for research purposes. This breach raises concerns as some patients may need to be informed that their data was included in the university’s database. Neuways reported on the cyber attack at the University of Manchester a few weeks ago, and every week more information is coming to light which we are including in our weekly cyber threats updates.
The extent of the breach is still being investigated, and it is uncertain whether patients’ names have been accessed or how many individuals have been affected. Initial findings indicate that around 250 gigabytes of data were compromised. NHS numbers and the first three letters of patients’ postcodes are among the details that could potentially be exposed.
When did the data breach originally happen?
The University of Manchester experienced a previous breach in June, where unauthorised access was gained to some of its systems. The attackers copied a small portion of data related to students and alumni. Following the breach, the university received an email threatening to sell personal data on the black market if their demands were unmet.
What are the University doing about the breach?
The university is working diligently with internal and external experts and relevant authorities like the Information Commissioner’s Office, the National Cyber Security Centre (NCSC), and the National Crime Agency to address the situation and investigate further. Regular updates can be found on their cyber incident information page.
It is essential to note that the university has not yet commented on the recent revelation that NHS data was affected by the breach. This incident serves as a reminder of the increasing cyber threats the healthcare sector faces. SonicWall reports an 8% rise in ransomware attempts globally in the healthcare sector, with over 11 million attempts between 2022-2023.
Healthcare organisations, including the NHS, must remain vigilant and take proactive measures to protect sensitive patient data from cyber attacks.
Financial sector has faced a considerable surge in ransomware attacks last year and it is continuing this year
According to experts, advisers need to prioritise cyber security and take measures to protect themselves and their clients from cyber threats. This week, it was revealed how prominent and valuable the financial sector was for criminals, as data was released about how many ransomware attacks there were in the last year.
While major UK advice firms have yet to experience high-profile hacks, the risk is significant, as seen in other sectors such as pensions administration, healthcare, and airlines. The financial industry, in particular, witnessed a surge in ransomware attacks in 2022, making it the second most targeted industry globally. This shift highlights the evolving tactics of cybercriminals, emphasising the need for vigilance and adaptable cybersecurity strategies.
The vulnerability of pensions to cyber crimes is especially concerning for advice firms heavily reliant on these investments. Recent incidents involving major wealth managers in Canada demonstrate the sophistication of cybercriminals. The Clop gang, a notorious ransomware group, has been linked to these attacks, exploiting vulnerabilities in data transfer systems. These examples underscore the importance of addressing cyber security within advice firms and third-party suppliers responsible for handling client data.
Despite the risks, many advice firms have slowly prioritised cyber security. Factors such as naivety and focusing on efficiency over risk aversion contribute to this lack of urgency. Practices like sending critical client documents through unsecured email pose significant dangers. Firms must invest in digital measures, enforce clear-desk policies, and secure document storage practices. The use of encrypted email or secure portals is essential to protect sensitive information and comply with regulations.
Experts suggest adopting best practices such as securing third-party authentication and conducting regular training exercises to educate staff about potential cyber threats. Accreditation programs, like the UK government’s Basic Cyber Essentials, can serve as benchmarks for advice firms. The Consumer Duty, a regulatory initiative, may push the sector toward greater cyber security measures. Ultimately, investing in robust cyber security measures is crucial to safeguarding both the business and clients from the devastating consequences of cyber attacks.