Re: Winter 2016 | Page 7

emails that pretend to be from
someone else. The aim is often to
persuade the recipient to give the
sender information or money to which
the sender is not entitled. These emails
are also commonly used as a means of
delivering malware, with the program
disguised as an attached document or
link.
• ‘Vishing’ is ‘voice phishing’. It is
the same as phishing, but using a
telephone, for example to ask someone
to sit at their laptop and provide
information that enables the Fraudster
to gain access to bank details.
• In addition to impersonating someone,
criminals sometimes modify emails
directly. This requires them to be able
to intercept emails between one party
and another, usually by hacking into the
email system of one of the individuals.
• The most common type that solicitors
know about is ‘Friday afternoon
fraud’. This involves criminals
accessing and altering the client’s
emails to the solicitor. The aim is to
alter bank details, in order to redirect
conveyancing completion funds to the
criminal rather than the client. It does
not occur only on Fridays, but that is
a time when many completions take
place. (This is why we will not rely
solely on account details contained
within e-mails)
• Malware – these are viruses that can be
inadvertently be allowed by users to sit
within their computers, and which can
record everything that is typed over
a period, including passwords, copy
data on the computer , or be part of the
criminal’s system that is used to attack
other computer systems
• Ransomware – this is becoming
increasingly common. It involves
malware infecting a computer system,
scrambling any files it can access,
and enabling criminals to require a
ransom to unblock the encryption and
allow the business to function again.
Ransomware can also steal files and
data. The cost of these attacks to
business is, of course, not limited to
the ransom. The consequences can
include lost files, a significant loss of
time and damage to their reputation
and client relationships. Ransomware
is very profitable for criminals. One
type alone, the Cryptowall program
made its controllers US$325m from
its first appearance in early 2014 until
October 2015. Should you ever be
unlucky enough to have a problem
with Ransomware, it is worth looking at
the No More Ransoms website, which
hosts around 160,000 decryption keys
that could help you recover data and
files without paying a ransom.
• Hacking – this is when criminals
exploit weaknesses in systems to gain

unauthorised access, for example, the
Panama papers, where 11.5 million
documents relating to activities of
offshore shell companies were leaked.
The access to the system was gained
via the law firm’s e-mail server, which
had not been updated for three years
and had multiple weaknesses. Such
methods can be used for industrial
espionage, and although that sounds
like a Big Business problem, one
published case in 2015 involved a
commercial laundry service employing
35 people, hacked by a competitor
to find out pricing and customer
information, using an off the shelf
hacking toolkit.
Online crime cost UK business £1 billion
between March 2015 and March 2016,
including 96,000 instances of Malware,
77,000 instances of Phishing and 32,000
instances of Hacking. In the same period,
nearly one third of all crimes against
individuals reported to the Crime Survey for
England and Wales were cyber related.
It is important to remember that most
cybercriminals target people rather than
IT systems, because that is where most
of the vulnerabilities are. We need to be
able to recognise common scams, but at

the same time acknowledge that they are
always changing. Very few people now
would fall for the e-mail from an official
ousted by an African government during a
coup, trying to find a home for his millions
of dollars fund that will help him move his
money to a safe harbour, but how many of
us would question an e-mail that looked
as if it was from our friend attaching a
photos they thought would be funny for us
to see, or an e-mail from a trusted supplier
attaching an invoice that looked absolutely
genuine, but where the bank details at the
bottom of the invoice had been altered?
And of course there are vulnerabilities in
the systems too, which is why we should
always use the most up to date versions
of the software we use, often containing
patches for security issues found in
previous versions. If you are a business
or a private individual, and are worried
about some of these issues, make yourself
familiar with the Cyber Essentials scheme,
and report any attempts to misuse your
information to Action Fraud, which is run
by the City of London Police, the lead force
in this area.
In the words of Sergeant Phil Esterhaus,
“Let’s be careful out there” (how many of
you can name the show?)

5