Latest News

Hear from the experts – Scam Awareness Fortnight

Protecting both people and businesses against scam attempts is more important than ever. Whilst the current COVID-19 crisis has caused chaos for many businesses, one thing it hasn’t diminished is scam attempts.

Around Scams Awareness Fortnight a selection of industry experts have shared what it means for the industry and how consumers and businesses can protect themselves.

Petter Nylander, CEO at Besedo 

“As customers continue to rely on online shopping as we move out of the pandemic, online retailers shouldn’t take their eye off the ball when it comes to preventing scams on their platforms.

“With the world beginning to open up and social activities, ticketed events and even holidays looking like a possibility once again this summer, fraudsters are continuously shifting and refining their scams. They will adapt to new behaviour, and online platforms need to adapt, too.

“This is about more than avoiding one-off losses: protecting users online builds greater customer loyalty and stronger reputations. Automated content moderation coupled with human moderators can protect users against harassment and the display of personal details as well as vetting listings for legitimacy. A content moderation solution built around platforms’ specific requirements which uses both of these methods will ensure that harmful content that does not adhere to the rules is removed, giving users a better, safer, user experience.  

“This year’s Scams Awareness Fortnight is a vital reminder of the ever-changing scam landscape and the importance of taking action now, as scammers’ methods grow more sophisticated by the day”. 

Raj Samani, McAfee Fellow, Chief Scientist. McAfee

“With many of us now splitting our professional lives between our homes and the office, cyber criminals will be quick to adapt their tactics – creating a whole host of new scams which businesses must be aware of. The threat for businesses is also intensified by the fact that many employees are accessing work files and information across both corporate and personal devices. This is why Scam Awareness Fortnight is now more important than ever. The initiative serves as a reminder that everyone must remain aware of and vigilant against cyber threats to avoid making it too easy for criminals to cash in on our data. 

“While businesses need to educate their workforce on best practice such as reporting any suspicious activity, questioning whether a link is dodgy or thinking before accepting a stranger’s invitation to connect on LinkedIn, there is also an onus on the organisation to protect themselves.

“One way to improve protection against cyber threats is to build an open, flexible architecture that can adapt as needed without the need for bolt-on security. Businesses must also adopt a Zero Trust mindset that can help them to maintain control over access to the network and all instances within it, such as applications and data, and restrict them if necessary.  By taking these measures, organisations can rest easy knowing they have taken the correct steps to protect themselves and their workforce from cyber-led scams.”

Rory Duncan, Security Go To Market Leader UK, NTT Ltd

Following the events of the last year, we must do more than ever to protect people against scams. Cyber criminals will continue to exploit significant global events such as the pandemic for their own malicious gain and, unfortunately, in many cases vulnerable individuals have been their target.

“Attacks have included the use of fake COVID-19 information campaigns to implant malware, redirect users to hostile sites and steal email credentials. One example of this is cyber criminals using Internet browsers to display alerts for a fake COVID-19 information app they claim is published by the World Health Organization (WHO) and leverage information-stealing malware to access personal information. Some users reported browser windows opening on their own, subsequently displaying a message prompting them to download the ‘COVID-19 Inform App,’ allegedly from the WHO. It’s not just Covid-19 scammers capitalise on to trick unsuspecting users. The 2020 Olympics Organizing Committee, for instance, continues to see phishing scams and other criminal activity as we approach the delayed 2020 Olympics.

 “Beating scammers begins with education. Many phishing emails are easily identifiable, with glaring errors like incorrect spelling or grammar and overly sensationalist language. But this is not always the case. It’s important that people are wary of emails coming from an unknown source at all times. This especially applies to sources relaying information – and possibly misinformation – about any significant event. With this in mind, we recommend that users do not click on links in emails, but instead that they manually enter the address of the website they need.

“We’ve seen an increase in the number of text message-launched scams, and not all of the links in those text messages are identified as links to (download) malware. Some are to encourage you to share your bank details for unpaid delivery charges or to rearrange a delivery for a parcel. While a number of these are obvious, like phishing, the perpetrators are getting smarter and more convincing, making it harder to identify the threat. People also need to be careful with sharing innocent-sounding data in responses to social media posts – why does this survey want to know what your first car was or where you went to school? It’s probably because they can mine that data and add it to the knowledge they have about you, enabling them to potentially work out your answers to security questions required to reset account access.

“Businesses also have a large role to play, and it’s important that they remain vigilant both as information providers sending notifications to their customers and for the security of their own organisations. Constantly updating your organisation’s threat intelligence, detection, response and business continuity plans is vital for protecting individuals against scams.”

Ramses Gallego, International Chief Technology Officer, Cybersecurity, Micro Focus

“Faced with a constantly evolving threat landscape, made even more complex by a rising number of cyber-attacks amid the global pandemic, organisations are under more pressure than ever before to keep their workforce safe from scams. As a result, Scams Awareness Fortnight is a great opportunity to highlight the additional challenges that businesses are now facing, particularly with the shift towards a hybrid workforce. A distributed workforce not only creates new attack vectors for cybercriminals, but also risks employees who are still adjusting to a changing workstyle falling victim to a clever scam.

“Within this new reality, becoming cyber resilient requires organisations to educate their workforce on popular scams and how to protect themselves from them. This must go hand in hand with making extensive plans to effectively prepare for, respond to and recover from cyber threats. This often means making the most of technologies that offer robust threat intelligence. Understanding whether the threat actor has been seen before and if that pattern of behaviour is specific to an industry is crucial to safeguard what matters most: people and data. 

“Additionally, businesses need to ensure that the right people have the right access to resources at the right time. More than ever, it is imperative that we have full control and visibility of what’s happening across the in and out vectors of corporations. Teams must critically evaluate established security concepts, as traditional perimeter-based approaches are no longer holding up. By factoring in application security and identity governance processes and tools, organisations can protect sensitive information regardless of where it‘s stored.

“Ultimately, it’s about getting the balance between people, process and technology right – deploying suitable security solutions and processes as well as training staff on how scammers are most likely to target them. If both IT professionals and the wider employee-base remain vigilant against scams, organisations can improve their security posture and set themselves up for long term success.”

Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business, Nuance Communications 

“Scams Awareness Fortnight acts as a reminder to businesses and consumers alike that cyber security solutions and fraud prevention tools are no longer optional, especially in our current climate. Indeed, new global research from Nuance has found that on average victims of fraud lost over £3,200 each in the last 12 months – three times higher than two years ago.”  

 “In fact, with the current, necessary shift towards remote working – it has never been more important to look to experienced security and fraud solutions providers that demonstrate a strong track record of protection against scam attempts and other threats to security. It is high time PINs and passwords are confined to the history books, so that technology – such as biometrics – can be more widely deployed in order to robustly safeguard customers.   

“Biometrics authenticates individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by scammers and providing peace of mind, as well as security, for end-users.” 

Steven Chung, President Worldwide Field Operations, Delphix

“With scam attempts on the rise, this year’s Scam Awareness Fortnight is timelier than ever before. Take ransomware as an example. The latest spate of attacks highlights the impact that a scammer can have not only on a single person or business but on the population as a whole. Whether it’s a shortage in the food supply chain or the inability to access critical healthcare services, the world is realising that successful scams could have serious implications for us all.“ 

“Although many companies have strengthened security controls, the number of ransomware victims continues to rise. Attacks are becoming increasingly sophisticated and often include data theft which target business critical applications and their associated data. To complicate matters, employees either aren’t aware they could be violating security policies or don’t understand how shortcuts can put customers’ data (and their company) at risk. All of this strengthens the hand of the attackers and forces businesses to pay ransoms.”

“Modern technologies – such as data masking – could help mitigate data theft and other security risks.  Data masking can automatically identify sensitive data across every system including non-production environments for development, testing, and analytics, and replace the original values with fictitious but realistic equivalents in an irreversible way. This prevents hackers from getting hold of valuable data and decreases the risk of a breach. The more masked data your company has, the less there is for scammers and other bad actors to steal.”

“Recovering quickly from a ransomware attack is key to reducing its impact. IT teams need to identify attacks early and have processes and technology in place to recover data just prior to an attack in minutes rather than hours or days. If we reduce the impact on business continuity, we can avoid ransom payments, and break the economic premise of ransomware.