I was recently asked by Computer Weekly for my thoughts around the biggest threats facing us in 2014. Unfortunately my predictions are far from optimistic, as criminals begin to target individuals on an unprecedented scale.
2013 saw an alarming rise in clever spear phishing techniques that companies and ISPs were simply too slow to respond to, identify, and block. Over the past few months alone, criminals have sent me spoof emails / phish whilst masquerading as a number of high profile organisations, such as:
- Vodafone claiming I've a £750 phone bill from last month.
- Companies House claiming my company has not filed a return and will be struck off.
- NatWest refusing my mortgage application.
- DHL keeping Christmas presents in customs.
In all these examples, a ZIP file was attached that most likely contained a Cryptolocker variant that would encrypt the contents of my PC (if I had one!) and hold me to ransom to recover its contents. But what's more alarming is the relevance. Some criminal somewhere has put effort into working out which mobile phone provider I use (I never get phish from O2 or 3), when 2-sec's company compliance deadlines are, and probably has a hook into some third party list that my mortgage supplier has put me on (it wasn't NatWest, but yes, I was applying for a mortgage at the time). The DHL / customs phish is probably just a good guess that no doubt thousands of people received.I look at this and think somebody somewhere is taking the effort to correlate publicly available information, add a dose of supposedly private information, made public following one of the bigger data breaches of 2012 / 2013, and start targeting high net worth individuals. If the modest owners of 2-sec are now targets, then it goes without saying that most small businesses and their directors are being targeted in the UK as we're all on the same public listings.
This problem is not going to go away. It's going to get worse. The increase in these activities will mean companies and ISPs are even slower to respond, and it's down to you as an individual to ensure you are not fooled into opening attachments.
To help protect you against this new wave of attacks, bear in mind the following three points:
- Just because you have anti-virus does not mean you are 100% protected from attack. It takes anti-virus vendors time to identify and update their systems to protect you from viruses, as there are simply too many variants for them to keep up with.
- Never open an email attachment that you're not expecting, even if it's from a trusted source (like your mobile phone provider). Large consumer service providers do not send you attachments and this simply isn't normal behaviour.
- Never click on links sent to you in emails that you're not expecting. These can take you to malicious websites that will instantly infect your computer, without you knowing.
Spread the word. The government, police, employers and service providers aren't going to help, it's down to YOU.