January 2022 NewsletterPosted By: Mark Monday 31st January 2022 Tags: cloud solutions, computer backups, Cyber Safe, Cyber Security, hybrid working, Newsletter, phishing, SharePoint, smishing, technology
A reminder to stay alert for Phishing and Smishing scams. A warning of the uptick in cyber attacks. Consider the use of Sharepoint to enhance hybrid working. The UK toots it’s horn for a booming Tech sector!
Phishing Scams Alive And Kicking
Not long in to the New Year and we have already seen the reappearance of an old scam email problem. One of our clients received a fake email purporting to be from the new lead accountant at a supplier’s accounts team. They claimed to be dealing with unpaid and outstanding invoices and requested certain documents and financial information.
Our client noticed a few red flags, to raise the suspicions, and quickly confirmed that no such person worked at their supplier, but it’s easy to imagine some of these slipping through some company’s emails when many are already dealing with heavy workloads, staff shortages and genuine personnel changes caused by the current pandemic-affected business climate.
Beware of Phishing Emails
Be aware of fake emails from ‘new’ contacts at any business you deal with. It’s always worth contacting the company, with a quick call or email to somebody you already know at the place, to confirm the new staff member. Get that confirmation before sending anything, especially sensitive information.
Common Phishing Scams
The Fake Invoice
Probably the most common phishing template out there is the fake invoice. This scam relies on creating fear and urgency on a pressured end-user to submit a payment for goods or services they’ve never even ordered or received.
Check your own paperwork for anything relating to any invoice received and never click on any link within the email itself that says it will take you to the details of the invoice/order.
Colloquially known as the Nigerian Prince scam. You’d think these outlandish stories of huge sums that you can help release, in return for a percentage as compensation, could never work. But, there’s a reason this scam has been running for years – it works enough.
Don’t give out your account details. You’re not receiving a windfall – they’re taking their own windfall
Email Account Upgrade
Seeing a message from your IT department telling you that you need to click on a link to immediately upgrade your account so that you can carry on using it.
Don’t just click on any links in such emails. The email account upgrade scam can appear to be trusted and internal, but be aware of how your company operates with its IT management.
Internal Document Files
Many companies rely on their HR departments for keeping up-to-date with business changes, news, plans, personal data, etc. They may often be sending out specific documentation and forms relating to employees. These emails intend to install malware on the machine/network via the fake attachments.
Don’t download/open any unexpected internal documents. Check with HR that you’re due to receive anything.
Cloud Account Sharing
An email from a ‘work colleague’ looking to share content online, through the likes of Google Docs, Microsoft 365, Dropbox, etc. The sender will be spoofed and a fake link included that pretends to be to be the legitimate site/account.
Again, don’t click on these links and check the actual email address of the sender rather than just reading the name.
Spotting Phishing Emails
Check the email address of the sender. It’s usually easy to see that the email is not coming from the company it pretends to be from.
Read spelling and grammar. There’s generally something slightly off about the writing style of even the most carefully planned fake emails. The majority, though, are hastily created and littered with spelling mistakes. That should be a huge red flag to the recipient.
Don’t click on any link within an email. The link shown will usually be a completely different address. Hovering over the link should show you the actual address.
It’s Likely A Phishing Scam If…
- it seems too good to be true – for example, a holiday that’s much cheaper than you’d expect
- someone you don’t know contacts you unexpectedly
- you suspect you’re not dealing with a real company – for example, if there’s no postal address
- you’ve been asked to transfer money quickly
- you’ve been asked to pay in an unusual way – for example, by iTunes vouchers or through a transfer service like MoneyGram or Western Union
- you’ve been asked to give away personal information like passwords or PINs
- you haven’t had written confirmation of what’s been agreed
(From Citizens Advice)
While Phishing scams are a long-running problem, the mobile phone age has given rise to an offshoot in the form of the Smishing scam – fake and malicious SMS text messages. Now seems a good time for a refresher of this annoying problem.
The sending of fake text messages attempting to trick the recipient into clicking a link or downloading a virus in an attempt to steal money and personal data. Commonly look like your bank, your utilities, a government department, or a courier company. They’re usually reporting a problem, payment issue, failed delivery attempt, etc, and trying to get a malicious link clicked.
Smishing Scam Safety
Most companies like to keep in contact via text message nowadays, so it’s an area ripe for exploitation by scammers. The best way to avoid scam emails is to be wary of any text message you receive, especially unexpected ones.
Like with email scams, check for spelling mistakes and unusual grammar. Be wary if the message addresses you in general terms, such as ‘Sir’ or ‘Madam’, rather than by your actual name. Also, while many of the more sophisticated scammers will hide/spoof the sender details, you can often check the telephone number that the message is coming from. If it’s a common scam number there’ll be information online, and at the very least it’s easy to rule out as a legitimate number from the company it pretends to be from.
Avoid Becoming The Victim Of A Smishing Scam
Never click on any link in any received text message, especially for logging into your bank or other financial business. When it comes to banking and credit cards, etc, get in touch with them using the number written on the back of your bank/credit card.
If you do end up being directed through to a website that looks like the company you’re dealing with, check the url and the general layout/content of the website you’re on. Again with the mis-spelling, grammatical errors, plus low quality images. If in doubt, close down the tab/page, open a new one, and type in the web address of the company you’re supposed to be dealing with. Check the numbers on the website match those on any genuine paperwork you have from previous dealings.
Reporting Potential Smishing Texts
If you’re unsure about the content of any text message you receive, get in touch with the company who allegedly sent the message. This’ll check its authenticity, and, if it’s fake, give them the chance to alert other users to the scam.
You can also report smishing crime to Action Fraud on 0300 123 2040, or by visiting their website.
Get further information about reporting text message scams from the National Cyber Security Centre and stay safe!
Sharepoint & Hybrid Working
As the country gears up for a return to the office, hybrid working is likely here to stay for many companies across a variety of sectors. It’s probably worth a refresh on the uses of Sharepoint in aiding a good collaborative environment. Let’s revisit a useful product.
What Is Sharepoint
SharePoint in Microsoft 365 is a cloud based service and will help your company distribute and administer content, knowledge and applications. The focus of SharePoint is based around collaboration; a paramount feature of hybrid working.
What does SharePoint offer?
SharePoint is typically used for some or all of the following:
- Document Management
- Project Management
- Business Intelligence
- Customer Relationship Management (CRM)
- Human Resources
- Website Integration / management
- Social Networking
Content and files can be shared with those in your team and even customers.
There’s nothing worse than having documents scattered all over. SharePoint uses libraries and lists allowing for straightforward management.
This facility allows you to determine specific user groups to both view and collaborate content.
Business processes are fundamental for any company. SharePoint gives you the opportunity to automate processes through workflow and alert creation.
Sharepoint Business Benefits
SharePoint also provides a rich set of tools to help you create and maintain your company’s intranet. And, while the out-of-box features and functionality will likely meet the majority of business needs, Sharepoint also offers a wide range of options for customisation.
Sharepoint is a powerful tool, but there’s a learning curve and good training is essential to have a solid understanding of its uses and getting the most out of the software.
Fortunately, we’re experts in Microsoft 365 & Sharepoint and can advise on whether it’s something that could improve your work environment. We have all the knowledge to explain any benefits Sharepoint could bring to your business practices. Get in touch today to get in the know about Sharepoint in Microsoft 365.
2021 Was Boom Year For UK Tech Sector
The UK Technology sector is enjoying a boom period, and it’s not just a London thing. With more venture capital investment, more unicorns (tech companies worth more than $1bn), more jobs and more futurecorns ($250-$750m and growing), it’s a healthy looking industry nationwide.
As the Government reports:
With more money than ever flowing into UK tech — £29.4 billion this year, up 2.3x from last year’s figures of £11.5 billion — almost £9bn of all VC invested went into startups and scaleups outside London and the South East and the regions are home to nine of the 29 unicorns formed this year. The combined value of UK tech companies founded since 2000 is now £540bn, after the biggest year-on-year increase since 2013/14.
The top 10 UK regional tech cities are:
Cambridge is the leading regional tech city in the UK. Software developers are still the most in-demand tech role across the UK, with positions make up 9% of all tech jobs.
The UK’s total unicorn figure has risen to 115, meaning 25% of the UK’s total unicorns were created in 2021 alone.The majority of the money coming into UK tech is from the US, with 37% of all funding coming from the States, up from 31.5% last year, with the majority of it going into fintech and health tech companies. 28% of capital is domestic.
Digital Minister Chris Philp said: “It’s been another record-breaking year for UK tech with innovative British startups helping solve some of the world’s biggest challenges”.
Read the full report at the Gov.uk website.
Cyber Spike – Cyber Attacks At All-Time High
Cyber Security researchers report that 2021 saw a 50% year-over-year increase in cyber attacks. December alone saw a global peak, with a record 925 attacks per week, per organisation. The spike was likely related to the news of the discovery of the Log4j vulnerability.
No Sector Safe From Cyber Attacks
Companies in the Education & Research sector experienced the highest volume of attacks in 2021, with an average of 1,605 attacks per organization, which is a 75% increase on 2020. Government & Military sectors, followed by Communications companies, were the next most targetted, but Distribution, Utilities, Manufacturing, Financial, Legal, Leisure, Consultancy, Transportation, Retail, Wholesale, Software and Hardware sectors all saw significant increases in cyber attacks.
Attacks on organisations based in Europe were up 68%, totalling 670 weekly attacks.
Cyber Security In A Hybrid Working World
Corporate networks are at constant risk from hackers and organised cyber criminals, and it’s unlikely that this year will see any let up in this trend.
The era of hybrid working expands the cyber security remit beyond the basics of email, servers, web browsers and data storage within the bricks and mortar office environment. Mobile apps, cloud storage, external storage, connected devices and ‘Internet of Things’ devices need to be considered.
Stay Cyber Safe
As usual, there’s a lot of sage old advice to abide by. Stay up to date with security patches, apply strong firewall protocols in a segmented network environment, and educate employees to good cyber safety practices.
Now’s as good a time as any to check the state of your company’s cyber health. We provide effective IT Support, with effective cyber security services, effective backup solutions and the effective cyber essentials to keep your business secure. Contact us today for an audit or a chat about keeping your business cyber safe.