Defenses down while working from home

By Euan Henderson Cyber Security Apprentice It’s easy to drop our guard and become vulnerable to online threats while working from home. Thousands of new phishing scams have emerged during the Covid-19 crisis and the National Cyber Security Centre (NCSC) is working to remove malicious sites used for phishing and to spread malware. Common scams …

Phishing alert

By Jason McNicholas Cyber Security Technologist Over the last few months we have seen a new trend in phishing emails during investigations in our malware lab. These emails will often link to a login page for a common account such as a Microsoft or  Google account. The login pages look identical to the real login …

Phishing and how not to get caught

By Euan Henderson Cyber Security Apprentice Phishing Attacks could fool anyone, especially when targeted at groups who are expecting an important email about funds around this time of year. The Student Loans Company (SLC) has issued a warning about phishing campaigns that happen each September, January and April. In the last two years, it has …

Organised Cyber Gangs and how they operate.

By Euan Henderson Cyber Security Apprentice For most people, the word ‘hacker’ conjures images of hooded loners sitting in darkened rooms focused on lines of codes on a computer screen. You may be surprised to learn that many hackers form part of an Organised Criminal Group (OCG) or ‘Cyber Gang’ with designated roles and even …

Anti-spoofing controls – stopping the email impostors

By Euan Henderson Cyber Security Apprentice Three controls that should be configured are: Sender Policy Framework (SPF) DomainKeys Identified Mail (DKIM) Domain based Message Authentication, Reporting & Conformance (DMARC) records NCSC recommends the following: That all domains have the SPF and DMARC records in place, regardless of whether the domain is or is not used …

‘We have your password’

By Jason McNicholas Cyber Security Apprentice A Family member came to me saying that they received this Scam email from their own account which included her actual password, the Email however, went into spam. This is an example of credential stuffing for blackmail/extortion. If you receive an Email like this it’s extremely unlikely that they will …