Stopping the fraudsters!
In times of crisis and uncertainty there is often a spike in opportunistic cyber threats and attacks. Our head of IT security and compliance, Steve Witty, tells us what to look out for and how to stay safe…
At Willmott Dixon we take security extremely seriously, whether it’s data security, personnel security, infrastructure security or physical security. This extends across our own business, to our customers and our supply chain partners. In times like these it has never been more important for businesses and individuals, to be aware of the cyber threats around them and be extra careful when it comes to sharing information. There are a host of different scams out there trying to take advantage of our current situation and turn it to the scammers advantage. One term you may not be familiar with, but one that places any business at risk, is Typosquatting.
What is Typosquatting?
Sometimes known as cybersquatting or URL hijacking, it is the deliberate act of registering misspelt popular website domains.
For example, willmott-dixon.co.uk or wilmotdixon.co.uk, both of these may look legitimate if given a cursory glance but, on closer inspection, are obviously not a real domain for Willmott Dixon.
The risk is, instead of visiting the correct website, users will be taken to an alternative website intended for malicious purposes, including the theft of personal information, fraud and the installation of malware.
What can happen, and we see this frequently enough to be of concern, is one of our supply chain partners, or customers, will receive an email from one of those misspelt domains either placing an order, requesting payment, or informing them we’ve changed our bank details. This can often be positioned in relation to a current risk, such as Covid-19 to make the user think it is a real request for payment or information.
The attackers are generally sophisticated enough to ensure the email will look very much like it’s come from Willmott Dixon, using our formatting and images. If they’re sending a fake purchase order for example, it will almost certainly look like our standard templates. They are relying on people being busy and not taking a thorough look, and this can easily end up with people being defrauded.
So, what can you do to stop being tricked into providing goods or money to these criminals?
The best advice is be vigilant. Double check any URL spellings or email addresses before accessing a website, responding to or actioning an email. Contact us or the company requesting the information via your usual channels if in any doubt – don’t use the contact details provided on the email. We’ve seen fake POs with a mobile number to contact, so make sure you only use what you know to be a genuine contact.
As a business, we would never change our bank account details and send you an email informing you of this, so if you ever get an email like that, please call us and check.
Some top tips
- Don’t open suspicious emails or click links in them - if in doubt, do not click any links or open any attachments
- Type out URLs to sites, rather than clicking links – it’s safer to type it than click a link. Bookmark your favourite sites
- If something appears even a little strange, it probably is, so check
- Keep your devices updated (latest updates from Microsoft, Apple, Android etc)
- Use security software on your devices – Antivirus software will help keep you protected and for larger organisations, firewalls can help protect you by blocking malicious domains
An excellent source of guidance and advice can be found at the Government run National Cyber Security Centres website: www.ncsc.gov.uk/collection/10-steps-to-cyber-security. This guidance and advice is applicable to any business, large or small, that uses computers in any capacity and is well worth a browse.