CyberScotland Bulletin

The public can now report scam websites direct to the NCSC

You can now help in the fight against malicious cyber criminals thanks to a new scam website reporting service.

The National Cyber Security Centre’s new website reporting tool allows people to send them a link from websites which they think are trying to scam the public, regardless of how they got to the site.

The NCSC – which is a part of GCHQ – then analyses the site, and if found to be malicious a notice may be issued to the hosting provider for the site to be removed, preventing members of the public falling victim in future.

NCSC Threat Report

The NCSC produces weekly threat reports drawn from recent open source reporting. View this week’s report here.

The NCSC’s Suspicious Email Reporting Service

The Suspicious Email Reporting Tool was launched by the NCSC in 2020 to allow members of the public to report suspicious emails. The public have reported over 6 million suspect emails to the NCSC in this time. As of 30^th June 2021, the number of reports received stands at more than 6,500,000, with 97,500 individual URLs linked to 50,500 sites having been removed.

Please forward any suspicious emails to: report@phishing.gov.uk. Suspicious text messages should be forwarded free of charge to 7726.

CyberFirst Girls Competition 2022

With schools coming back from the summer holidays this month, it’s time to start thinking about getting ready to enter the CyberFirst Girls Competition later this year (registration opens 18^th October).

The CyberFirst Girls Competition provides a fun but challenging environment to inspire the next generation of young women to consider a career in cyber security.  The competition is a team event, with each one made up of 4 students that identify as female from S2.  They are supported by a responsible adult appointed by the school who acts as the team guardian (no prior cyber experience is required and you don’t have to be an IT/Computing Science teacher to be one).  You can find out more on the NCSC website.

No More Ransom turns 5

The No More Ransom project, which was launched in Summer 2016 celebrates its fifth birthday next month.

Originally founded by four organisations with an aim to help victims of ransomware retrieve their data without paying ransom, it now works with multiple partners across all sectors world-wide, including Police Scotland.

The project provides support and advice to the victims of ransomware as well as educating the general public on how ransomware works and what measures can be taken to prevent the infection. The project’s website also directs to decryption tools for some types of ransomware.

The general advice is not to pay ransom, as it likely funds other criminal operations and there is no guarantee that paying ransom would lead to the decryption of your files.

Interactive Learning For Children and Young People

The NCSC have an educational game for teaching cyber security at primary schools, clubs and youth organisations.

The free CyberSprinters game and resources teach children aged 7 to 11 how to stay secure online.

Malware warning about fake Windows 11 preview versions

Get Safe Online have issued a warning to Microsoft Windows users to be on their guard against offers of a preview version of Windows 11

Trading Standards Scam Share

Other scams to be aware of are identified in this week’s Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here

Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland and this week’s newsletter here

#ScamWatch Week 2021 – 30th August – 5th September

With information being more readily available online, and methods of contact being more accessible, scammers are in a better position than ever to engage with us.

The more vulnerable members of our communities are often the preferred targets of scammers because of the belief that they will be easier to deceive, and that they will have additional difficulty in seeking help – This campaign aims to change this.

Throughout the course of Scottish #ScamWatch Week 2021, Advice Direct Scotland will be shining a light on the scams impacting Scottish consumers and the ways that the public can reduce exposure to scammers and avoid being caught out.

From 30^th August to the 5^th of September, Scottish #ScamWatch Week will be focusing on different types of scams such as financial and investment scams, cyber scams, and blackmail. This includes raising awareness of malware and tips on how to be cyber-aware, such as ensuring anti-virus software is kept up-to-date, that adequate passphrase protections are in place, and that important data is backed up.

The campaign, will highlight practical steps that consumers can take to prevent letting the scammers in, and what to do in situations where they slip through the net.

Scottish #ScamWatch Week 2021 is brought to you by Advice Direct Scotland through consumeradvice.scot, the official consumer partner of the Scottish Government.

More information on the campaign,  and campaign materials available for download can be found by visiting www.consumeradvice.scot/scamwatch21

NCSC, Small Organisations Newsletter – Coffee Break Cyber

SME’s cover a huge range of businesses and make up to 99% of all businesses in the UK.

Often SME’s do not have the budget of large organisations to spend on cyber security. This Newsletter aims to break down cyber related issues into bitesize learning which can be read in your coffee break. The NCSC want to provide you and your business with the advice and tools to minimise the risk of a cyber-attack. Each month will cover a different topic and will offer advice and links to further information. This month’s newsletter covers: What action you need to take to secure your email accounts,  how to manufacturers can assist NCSC by participating in an anonymous survey and certifying your business with Cyber Essentials.

Sign up for the NCSC newsletter

Get Safe Online

Get Safe Online’s campaign this month is focusing on children and social media.

The campaign is asking “how does what your child sees and does on social media make them feel?”  Get Safe Online has offered advice on how to help your child be true to themselves on social media.

Stop It Now! Campaign

Stop It Now! Scotland are a child protection charity who believe the key to preventing sexual abuse is awareness among parents and community members. In addition to working with the Scottish Government to develop cyber resilience and online safety training for kinship carers, the charity has produced a guide for parents and carers which includes information about speaking to a child about their online life, helping build children’s understanding of safety online and what to do if you are worried about risks to your child online.

Stop It Now Scotland are also the partner for Police Scotland’s 2020-21 national campaign: #GetHelpOrGetCaught which is aimed at perpetrators  and have developed the Upstream resource, an online one stop shop for parents, carers and professionals on preventing child sexual abuse and exploitation.

Neighbourhood Watch Scotland

Sign up to the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

RBS Fraud Awareness Webinars

The Royal Bank of Scotland (RBS) are running another series of their excellent Fraud Awareness webinars.

Tackling topical subjects like money mules, ransomware and the dark web, as well as general fraud awareness, these free events are a great opportunity to hear from the RBS fraud experts.  Open to non-RBS customers with a range of dates available.

Exercise in a Box “Digital Supply Chain”  – hosted by the Scottish Business Resilience Centre – August dates

SBRC are encouraging organisations to sign up for one of their free ‘Exercise in a box’ online sessions.

A FREE, 90-minute non-technical workshop which will help organisations and charities find out how resilient they are to cyber attacks and practise their response in a safe environment. The August scenario is focusing on the impact that an organisation’s digital supply chain can have in relation to cyber security. Find out more information on SBRC’s website.

Book to join an upcoming session here.

Exercise in a Box: Digital Supply Chain Session  17^th August

Exercise in a Box: Digital Supply Chain Session  19^th August

Each issue, we aim to bring you real-life examples of scams, phishing emails and redacted case studies. If you have had an issue and would like to share your experience and what you have learned with others, please contact us to discuss:  CyberFeedback@gov.scot We are happy to anonymise case studies.

Some scams can be a roller coaster!

Katie  is a big fan of social media and spends a lot of time communicating with friends and family on Facebook, sharing photographs and tagging herself at venues when she is on a night out.  That said, Katie is fairly savvy about her digital footprint and was a little concerned when she saw her friend Mary tagging her in a Facebook competition to win an all expenses trip to Alton Towers.  Mary was encouraging Katie to “like”, “comment” and “sign up” to this amazing sounding competition.

Katie looked at the source of the competition – an impressive looking Facebook page set up with Alton Towers branding on 13^th July – it already had 74,000 likes and looked very genuine with authentic logos and seemingly original content.

Whilst mindful of the old adage… “if it sounds too good to be true, it probably is”  Katie clicked on the sign up page which took her to a broken link, with no competition details.  Immediately suspicious, Katie searched the internet and quickly found information about this being a scam from Which?, one of our well known trusted sources.

The report by Which?  suggested that, whilst no attempt to extract payment were made, the competition could be a tool to gather names, so that the owners of the website could harvest the credentials to spam the unsuspecting entrants with adverts.  Katie was interested to note that Which? had observed that often these competitions become a vicious circle, with the more people liking the page adding to the feeling of authenticity.  Katie was pleased to read that this page, and another scam involving Centre Parcs, had been reported by Which?  to Facebook and the fraudulent pages were removed.

Katie was suspicious, rightly so, that this may have been a scam.  Things you can do if you suspect a page you are looking at may be fraudulent include:

• Think is the deal ‘too good to be true’? – If the deal or competition is too good to be true, it probably is. A quick Google search will tell you if the legitimate company is promoting the giveaway.
• Check the URL – If you’ve followed a link, does the URL look suspicious? If it does, leave the site.
• Check your social timeline – Is there a high number of people posting or sharing the same thing? They may have been scammed.
• Check the branding – Scammers are becoming more and more sophisticated but there might be telltale signs, such as inconsistencies in the branding, that could give them away.
• Send a message – If someone you know has posted or shared something suspicious, ask them.  Send them a message to make sure, as it may have been unintentional
• Contact the company directly – Reach out to the company on social media, via email or over the phone to check whether the competition or giveaway is real.

If you think you’ve come across a scam online or on social media, read the Which? guide on what to do if you think you’ve spotted a scam.  The link to the full Which? report can be found here:

The CyberScotland Technical Intelligence Bulletin is designed to provide information about emerging or escalating cyber threats and is created in conjunction with SBRC’s Cyber Incident Response team. You can sign up receive the technical bulletin.

Read the latest bulletin here

• Cyber Security Information Sharing Partnership
• NCSC launches early warning notification service