Plain English Cyber in 3 articles, 2 numbers and 1 action.
This week: Another ransomware attack on an Irish firm, how scammers are increasingly using SMS text messages to get us to part with our money, and how the departure of KBC and Ulster Bank from Ireland isn’t helping the situation.
This week’s action: Don’t trust that SMS message.
If you’d prefer to listen to Cyber 3-2-1: This week’s episode is accessible from https://www.codeinmotion.ie/podcast or wherever you get your podcasts.
1: Another week. Another ransomware attack.
The Journal has reported that “an Irish Company which has contracts for several State infrastructure projects suffered a cyber attack last month by suspected Russian-based hackers. It is understood that the firm was targeted by cyber criminals in a malware ransom incident in the middle of July this year. It is thought the attack is a criminal effort to hold data to ransom rather than a broader attack on Irish infrastructure.” It appears that the victim of this attack has responded appropriately so far, including notifying Gardai and the Data Protection Commission.
This latest attack reminds us that ransomware continues to be a rampant problem for all organisations.
2: The increasing problem of scam text messages
The Sunday Times reported last weekend on the increasing problem of scammers targeting people through fake text messages, known as ‘smishing scams’. These smishing messages try to fool us into revealing valuable information, especially our bank or credit card details, by pretending to be from a legitimate source – e.g. our bank, the taxman, the post office, or any one of a myriad of other organisations.
Apparently, help is on the way in Ireland at least, with a new SMS SenderID Protection Registry now being put in place to “stem the tide of ever more convincing scam texts”.
In the meantime, while we may all be aware of phishing emails and the red flags that tell us an email is a scam, it is more difficult when we receive a short text message. I suggest a few things to watch out for in this week’s action.
Read more: https://www.thetimes.co.uk/article/dont-be-taken-in-by-scam-text-factories-warns-bank-of-ireland-85b0h6d0z [subscription required]
3: The departure of KBC and Ulster Bank from the Irish market makes the problem even worse
Following on from that previous article about smishing messages, the fact that many of us in Ireland are going through the fun of moving our bank accounts as a result of the imminent department of KBC and Ulster Bank does not help, as we are not as familiar with what a ‘genuine’ message from our new bank looks like.
And The Journal reported on this very issue earlier this week. According to the Banking and Payments Federation Ireland (BPFI), “Fraudsters are experts at taking advantage of changing situations to commit fraud and with two retail banks leaving the Irish market and hundreds of thousands of personal and business customers moving bank accounts, [financial institutions] are anticipating we may see a rise in impersonation fraud attempts which will be based around the process of verifying and updating bank account details.” [..] “[BPFI] are warning consumers to be on the lookout for text messages that flag fraud on your bank account or impending cancellation of your salary, standing orders, or direct debits to utilities and which then go on to ask for personal information or account details”.
The number of messages sent per day by a Dublin ‘smishing factory’ raided by the Garda National Crime Bureau in June 2022, according to the Sunday Times.
The percentage of people who gave their bank or credit card details after receiving a smishing text from a cyber criminal, according to the Banking and Payments Federation Ireland (BPFI) and also reported in last week’s Sunday Times.
Putting the two statistics together, it suggests 200 people in Ireland were providing their bank and credit card details to this one Dublin smishing factory every day.
Combine this figure of 200 victims with the BPFI’s statement (quoted in The Journal) that a consumer loses an average of €1700 if they are a victim of this fraud, and it suggests this one smishing factory was stealing €34,000 per day.
Read more: https://www.thetimes.co.uk/article/dont-be-taken-in-by-scam-text-factories-warns-bank-of-ireland-85b0h6d0z [subscription required] and https://www.thejournal.ie/fraud-scam-warning-5836896-Aug2022/
1: Don’t trust that text message
Hopefully, you know the red flags to look out for in a cyber criminal’s phishing email. Looking out for these red flags should reduce the risk of you falling for a scam email.
Spotting a fake text message is more difficult. There is less information in a text message, and it is not difficult for a criminal to make the message look like it came from a legitimate source (e.g. your bank ; Revenue Commissioners; An Post).
You need to be very careful before you respond to, or act upon, any text message.
If the message is trying to get you to act urgently, this is a significant red flag. Urgent means you have less time to think and less time to realise you’re being scammed.
If you are in doubt, ignore the message. Call the organisation on a phone number that you already have on file (e.g. printed on the back of your bank card; printed on an official document received from the organisation).