July 2022

Welcome to this month’s edition. We’ve been listening to your feedback, and this month – it’s shorter. Inside, you’ll find a briefer version of the threat assessment than you’re used to, along with the usual detail of upcoming events and offers. And there’s a short paragraph about SWCRC too, to let you know about our plans and progress. We hope you find it useful, and as ever, feedback is gratefully received. Contact us at enquiries@swcrc.co.uk.

Threat assessment

We’re aware of lots of phishing emails being sent out over the last fortnight, purporting to be from Dorset Council’s accounts team, and seeking payment of an invoice.  If you do business with the council, check the sender address is right, and ask yourself if you were expecting a bill. Our advice is always to contact the sender of any invoice you’re not expecting, and not to click on any links or attachments. 

 A recent phishing campaign has focused on security software, manufacturing supply chain, healthcare, and pharmaceutical sectors.  It involves a voicemail-themed notification and when you click through to hear the voicemail, you’ll find yourself on a scam page which invites you to input your office 365 credentials. Your best defences: check the page that you’re on, and ensure your accounts are also protected by multi-factor authentication. If you can, get something called DMARC in place, which helps weed out spoof emails; you can ask your IT provider, or get in touch with us and we’ll direct you to someone who can help. 

More phishing: we’re aware of a recent targeted HR payroll phishing scam, in which an email was sent direct by a named individual to their payroll team, using personal email, and asking for their account details to be changed for salary purposes. These kind of emails don’t have suspicious links, they’ll just fool people (or not). Be aware that individuals have a lot of their details on line and it’s not too hard to find the right targets for campaigns like this. Brief your staff, and consider if you might like to review and print out the National Cyber Security Centre’s infographic for the office. 

Passwords: a slightly jaw-dropping report from Digital Shadows this month which shows that 24,649,096,027 usernames and passwords have been leaked by cyber threat actors and are available for use on the surface and dark web. That’s a 65% increase on the previous year. 6 billion of these records were unique password/ username pairings. The rest weren’t. Most people, in other words, are still using the same password across multiple sites. And the most common password was 123456. Please, use three random words, save your passwords in your browser or on a password manager, and reinforce with multi-factor authentication. Ask us if you don’t know how.   

 Breaches of note this month. Our advice as ever is to change the password associated with accounts relating to these companies, implement multi-factor authentication if they support it, and be wary of communications purporting to come form the company in the near future.  

Delivery company Yodel went offline as a result of cyber attack in the latter part of June. The extent of breach is not yet clear. 

Wiltshire Farm Foods also hit the headlines at the same time, and for the same reasons. They provide ready meal deliveries with a focus particularly on elderly persons.

SWCRC progress

A quick update on what we’ve been up to, and on our immediate plans. 

You’re in good company: there are getting on for 650 businesses and charities now signed up for our free protective services. And we’re starting to expand what we do. We’ve created a 12-week ‘how to’ email guide for our newer members, and we’re looking into offering some short one-to-one sessions for those that might need support. Let us know if these aspects are of interest to you, and we’ll see what we can do. We’re also shortly convening a regional ‘cyber experts’ group for those in the industry, to share details of cyber criminality and try to support the sector in keeping all of you safer. 

This year, we’re making increased efforts to reach out to larger businesses, given that a recent survey showed that 93% of them were compromised in the previous 12 months via one of their suppliers. Our suggestion is that those suppliers, just like you, should be aware of the latest threats, and how to protect themselves better. So we’re encouraging larger companies to invite their business networks to join up too. It’s something that we do for free, and it makes everyone safer. 

And lastly, we’re working hard to expand our virtual offering. Many of you have already joined us on our regular cyber webinars. And we’re working towards launching a closed community for members on facebook later this year. If you have feedback about that, to help us design it, please let us know. 

Dates for your diary

July 19th 0830   Staying Safe in a Digital World

Do sign up for this free webinar we're running.

We're privileged to be joined by Mark Shelford, Police and Crime Commissioner lead for fraud and cyber, alongside South West Business Council and Business West. 

Find out more from industry insiders about how your data is used against you, and how phishing is still used so successfully.