First up though I did a short video recently explaining why loss of mobile devices (including laptops) is a Data Breach under #GDPR. Have a quick watch and then come back here.

Why was the laptop not encrypted?

They’ve not specified exactly what happened, but I surmise that eir use a third party package to secure their mobile devices and some of the many problematic monthly updates that Microsoft released in July caused them issues. It must have been bad for them to have to decrypt 1,500 laptops. In fairness to eir, they at least notified the Data Protection Commission (DPC) about this on the 10th of August.

What happened next?

At some point between 10th August and last weekend one of the 1,500 unsecured laptops was stolen outside. In other words an employee/contractor removed one of the laptops from eir’s premises and then fell victim to a thief.

What was on this eir laptop?

According to the report from the DPC – names, email addresses, mobile numbers & account numbers for 36,642 customers and names & contact details for 177 eir employees.

That doesn’t sound too bad … does it?

As I say to people in my training, it’s all about the context. If you are a florist and you lose a list of names and addresses of your customers, there may not be a significant risk to those individuals in respect to their rights and freedoms. So you probably won’t need to notify them about the breach. It might be a borderline call as to whether you would need to notify the DPC. I would say you should.

Now lets say that list of names and addresses are for clients of a sexually transmitted disease clinic. The context now shifts dramatically as there is now a significant risk to the individuals rights and freedoms. If that list became public, there would be much embarrassment to those people. So you would definitely be reporting to the DPC and also notifying the affected people.

In the eir laptop case, the fact there are emails and account numbers is quite concerning. If an evil doer uses all of the available information, they could craft an extremely plausible phishing e-mail, which they could con the victim into doing something that is not in their best interests.

Also, if the bad guys combined the detail from the eir laptop with some information they gleaned from answers to fun quizzes, they may be able to impersonate the eir customer to an eir customer service agent and effectively take over the customers account.

What should have happened?

Once eir were aware that all of these devices were unsecured, they should never have been allowed to leave the premises. They should have been locked to the employees/contractors desks and the keys stored in the kennel of a hungry rottweiler until the issue with the patch was rectified.

What have eir done?

Well they had been busily working away re-encrypting their laptops and according to the DPC’s statement they had all but 46 completed as of 22nd August.

They have also notified the affected customers, by email from a “no-reply” email address, which is pretty crappy. They really should have a specific email address and freephone telephone number for those impacted customers.

What should we all learn from this?

The most important thing we should all learn from this eir laptop theft case is that, if you have a mobile device of any type, even if it doesn’t currently have personal data on it, encrypt the thing! If it’s not encrypted, keep it securely stored in your premises – don’t ever take it off premises.

If you want to learn more about good security practice send an e-mail to info@L2CyberSecurity.com and we can talk to you about training and practical steps to improve your cyber security set-up.

#LetsBeCarefulOutThere

#SecuritySimplified

The post Eir laptop theft – could have been worse appeared first on L2 Cyber Security Solutions Ltd..

At times of crisis, such as right now in Bangladesh and Nepal, where some 1,200 people have died and millions have lost their homes, charity organisations call out for financial and material support to help them in their disaster relief efforts. These organisations have a lot of experience (unfortunately) in helping the less fortunate following these disasters and their collection of money and material is (usually) efficient and effective.

What also happens are well meaning people who want to help with fund raising for a disaster, they set up a page on a fundraising website or on social media and ask for donations, which they intend to go to the victims. This is very laudable, but how can you be certain of these people’s bona fides.

This has also given the bad guys a way of making easy money, by similarly setting up bogus fund raising pages and pocketing all the cash that comes their way. You can be absolutely certain that none of the monies go where they are most needed.

So treat any e-mail or Facebook message from a “charity” with the same contempt that you reserve for any unsolicited message (according to Commandment 5) and simply delete/ignore it.

If you want to give funds towards a specific disaster, the proper charities usually have a way of enabling you to specify where you want the donation to go. So go directly to their websites and donate there. Don’t click links from social media, text messages or e-mail.

So look up the big guys such as The Red Cross, UNICEF and Oxfam, donate to them and don’t fall for the Disaster Relief Charity Scam.

If you want to give to a lesser known/unknown charity then you can check them out with the likes of the Irish Charities Regulator, Wise Giving Alliance, Charity Navigator or Charity Watch.

The post Disaster Relief Charity Scam – watch out! appeared first on L2 Cyber Security Solutions Ltd..

The report shows that people are clicking on e-mails with the above subjects (which could potentially be business related). However some of the other subject lines are not very “business-like” at all and people are still going into them and potentially bringing things like Ransomware into their employers networks.

1. 21% Security Alert
2. 14% Revised Vacation & Sick Time Policy
3. 10% UPS Label Delivery 1ZBE312TNY00015011
4. 10% BREAKING: United Airlines Passenger Dies from Brain Hemorrhage – VIDEO
5. 10% A Delivery Attempt was made
6. 9%  All Employees: Update your Healthcare Info
7. 8%  Change of Password Required Immediately
8. 7%  Password Check Required Immediately
9. 6%  Unusual sign-in activity
10. 6%  Urgent Action Required

Clearly #4 above is not in anyway a business related e-mail (unless you are a United Airlines employee, obviously ?). However #3 and #5 could also be unrelated to your company’s day-to-day business.

The e-mails in the research actually made it passed any spam or malware filters that the surveyed organisations had in place, showing that technology cannot be completely relied upon to give 100% protection against the many evils on the internet. Your staff will be your last line of defence.

Of course you could avail of our Internet Security Awareness and Safety Training. This will show your staff what to watch out for and how to handle such dodgy e-mails. It will also give them a very comprehensive insight into what threats are out there and how they can prevent downtime in your business

If you don’t want to go down that road, then at least have a read of Commandment 5 of our very own Top 10 – The Ten Commandments of Cyber Security, which will give you plenty to think about in respect to handling e-mail with any type of phishing subject lines.

The post Phishing subject lines – Top 10. appeared first on L2 Cyber Security Solutions Ltd..

The first occurred on Friday, late afternoon. I was speaking with a client on my business phone, when a call came in on my personal phone. It was a UK number +44-141-846-1617. I didn’t answer and let it go to voicemail, which a minute or so later showed that I had a message. When I finished speaking with my client I dialed 171 and listened to it.

There was silence for a long time and then “Hi. A free Euromillions Lottery ticket is waiting for you at the upcoming 45 million Euro jackpot draw. To redeem, press 1.”. This was repeated until the voicemail cut out. Here is a recording:

There was probably some sort of auto-dialler that was cycling through a set of numbers and playing the message at them. Presumably if somebody pressed 1, they would be connected to an “agent” who would kick off the sales-pitch, with “Oh good news, you have won a thousand Euro in a special draw, just give me all of your bank account details and PIN number and we can transfer that money for you.” and then proceed to empty your account. 

There were some reports in May about these calls coming from an Irish number, but this week it was a UK number.

The second of the phone scams came yesterday and was the old SMS text message with a link to a photo (apparently), and here is said offender:

It would be so easy to click on that link, but as I am a firm believer in Commandment 5, I resisted the temptation to click and instead fired up a sacrificial machine and typed the link into that instead .  After a moment of the web address changing in the browser (also known as a redirect) I was presented with, what appears to be, the start of a movie trailer and then this message:

So like a good sucker, I clicked on OK and was presented with:

Anybody who read last week’s post, will know that these kind of sign-ups, will usually mean entering a credit card number somewhere, which will then be milked dry by the evil doers. I traced the original link to a company based in the Seychelles, so at least the money would be going somewhere nice 

So, please don’t fall for these phone scams. There are many others, so if in doubt, just remember “If it sounds too good to be true, then it probably is.” and follow Commandment 5 for unsolicited e-mails, texts or social media messages with links.

The post Phone scams – some current examples appeared first on L2 Cyber Security Solutions Ltd..

Essentially this is where the bad guys have a web page at an address that is very very very close to the spelling of a popular or well known webpage and they count on you having a typo and either missing a letter (e.g. instgram.com) or hitting an adjoining letter (e.g. facebooo.com) in error.

Don’t try this on your desktop/laptop/tablet/phone. I have a separate, sacrificial machine which I can use for such things.

I tried to access www.instgram.com (missing the “a” in the middle) and received the following page:

Notice the address where it is going to (circled in yellow) – that is not an Instagram address, but some sort of ad/advertising address.

When I clicked to continue, I got:

I didn’t continue any further, as I googled gr8musik.com and the results indicated it was a scam site, which if you registered with it, would take money from your credit card, even though you were supposed to be in some kind of a free trial period.

Similarly, I tried www.facebooo.com (an “o” instead of the “k”) and got the following:

This was just some kind of survey. But you never know what you will get. A subsequent attempt to go to www.instgram.com brought me to the survey, followed by the survey (again), followed by a sign-up form for mcplayz.com (identical to the above gr8musik.com). So these crooks are randomly sending you to different pages trying to compromise you in someway.

According to this post, the victim’s typo sent him to a “Technical Support” page, where he was advised that his PC was locked and he needed to telephone for support. If he did this, the scammers at the other end of the line would have talked him through giving them remote access to the PC and then they would have totally locked him out and looked for his credit card details to “fix” the problem.

Some pages reached by a typo try to apparently show you a video, but then indicates there is a problem and that you need to download a specific video player to watch it. For example, the following headline is tempting you to watch the video to get your hands on software worth $7,000.

These will typically download what is referred to as adware, and if you read our last week’s post about the Fireball adware, you can see  how insidious that adware can be. Adware will take control of your browser and fire ads at you while you are trying to use the internet. It might also re-direct your searches to odd search engines, which will likely attempt to track you and violate your personal privacy on the internet.

So just be careful when typing addresses. Better still use bookmarks.

If you do inadvertently get taken to some page that you never intended to go to, just close the browser immediately by way of the X in the top right-hand corner of the window. You might get warnings about losing data, just ignore them and close that browser. It would do no harm to run a spyware check on your PC at this point, in case any adware did manage to sneak in without your knowledge or permission. There are free tools from Malwarebytes or Safer Networking that can do this for you, but you might want to also talk to some real life technical support (a techy friend or the IT team in your place of employment) about it and have them give your PC a once over.

Whatever you do, don’t continue to engage with a website that you weren’t intending to visit and stay safe.

The post How a typo can cause you problems. appeared first on L2 Cyber Security Solutions Ltd..

Fortunately there was nothing destructive in this phishing campaign, but it did cause quite a lot of consternation because it could have been very nasty. It was quite clever in how it fooled it’s victims.

What the evil doers did was to create an app called “Google Docs” … not to be confused with the official one from Google called … errrrr … “Google Docs” ?.

They then sent out their phishing e-mail, which looked like this:

In later occurrences of the phishing campaign, the blurred out name in the image above, was probably somebody you know or at least you were on their contact list. If you click on the “Open in Docs” button above, you launch the app called “Google Docs”, which sounds like the right kind of thing to happen – right? Then you get the following pop-up, which looks fairly legitimate, because it is:

The reason it’s legitimate is because this is the standard screen from Google in regards to this “new” app that you want to execute. The app developers (the bad guys) had to specify what permissions their app needed to carry out it’s nefarious deeds on your e-mail, and so Google helpfully popped up this window to ask you to give permission to the app for the parts of your GMail profile that it needed. Don’t freak out, there could be genuine reasons an app needs these particular permissions, so this would not have been a red-flag to Google … the app name on the other hand … ?.

Anyway, if you click “allow”, the app goes ahead and uses your contacts to e-mail a new copy of the phishing e-mail to all your contacts.

Fortunately Google resolved the issue reasonably quickly. If you think you might have been a victim of this attack, you can check very quickly by going to this link https://myaccount.google.com/permissions and if there is something in the list called “Google Docs”, then left-click on it and hit the “Remove” button. You’ll then be safe again, for now.

This was really clever because the evil doers were able to create a sneaky app, with a ridiculously trusty name, which then fooled people into granting seemingly required permissions in the platform (Google in this instance) to enable the app to do something bad. There are other platforms that use a similar set-up – Facebook and LinkedIn, so be on the lookout for any messages which try to execute apparently genuine “apps” that may try to give you a very bad day. Treat all messages that want you to do something that is out-of-the-ordinary with great suspicion. Or you could go all biblical on them and follow Commandment 5.

BTW – Google didn’t reveal the number of affected users, they just said less than 0.1% of the GMail accounts were affected – a tiny fraction, right? Well given they had over a billion users this time last year, means the not insubstantial figure of 1 million is how many were affected. ?

The post GMail had a bad case of the phishers. appeared first on L2 Cyber Security Solutions Ltd..

Even though it is written in the scam-iest possible language with the bad spelling and poor English, because it is addressed direct to you, you are going to sit up and take notice. So much so, that you might be very tempted to open the attachment to see what other information this person has on you. You should know me by now – Just DON’T open the attachment on an e-mail from a stranger – delete the damned thing, as set out in Commandment 5.

If you did open it, it will ask for the password, which is specified in the evil e-mail:

And after you enter that, it will want you to disable all of the security protections in Microsoft Word, so it can attempt to do it’s nasty work on your desktop/laptop:

If you follow through and do what it asks you to do, you wont see any further information about you, you will see an “alternative fact” – It will tell you the file is corrupted and can’t be opened:

In fact this is a sign that the evil e-mail has done it’s worst and may be scrambling your files and locking you out of them. The payload can vary, depending on what the evil doers decide they want to achieve. Trust me on this, it will not be anything in your best interests.

So please, JUST DON’T do anything with the e-mail! Delete the damned thing and go on with your life.

The fact that they have your name and address, while concerning is maybe not terribly surprising. After all in 2016, there was at least 3.1 billion records reported as being leaked in various data breaches. So it is possible that your name, address and e-mail have made it into the hands of the criminals who are now trying to exploit the data in this nasty phishing scam.

Delete the e-mail and move on.

And let’s be careful out there.

The post Evil e-mail has your name and address! appeared first on L2 Cyber Security Solutions Ltd..

Here’s the best possible protection for your GMail password

The post Scary new way to have your GMail password and account stolen. appeared first on L2 Cyber Security Solutions Ltd..

The post Could the attempted theft of €4.3m from Meath County Council happen to your business? appeared first on L2 Cyber Security Solutions Ltd..

I yearn for the days when evil e-mail was so easily identified “becuse it wuz ritten in, gud, inglish wit grate spellhng an pun.tation”. ?
In the last couple of days, the evil doers have been varying their scam e-mails fairly wildly and it’s bound to catch out some people.
I’ll run through three sneaky methods that have been attempted on others over the last 48 hours.

(1) Non-Delivery Receipt.

You know these e-mails. You get them when you send an e-mail, but you make a mistake and send it to an address which doesn’t exist or the mailbox has a size limit and your e-mail breaches that limit. This is the text of the Non-Delivery Receipt (NDR) in this instance:

Your message was not delivered due to the following reason(s):

Your message could not be delivered because the destination server was
not reachable within the allowed queue period. The amount of time
a message is queued before it is returned depends on local configura-
tion parameters.

Most likely there is a network problem that prevented delivery, but
it is also possible that the computer is turned off, or does not
have a mail system running right now.

There is a ZIP file attached to the NDR, which of course has some nasty software that does not have your best interest at heart. ?
Just delete the scam e-mail.

(2) A Microsoft Sharepoint Notification.

This is a particularly sneaky one, as lots of larger organisations depend on Sharepoint’s sharing abilities.
The e-mail looks something like this:

The Link in the body text would take you to a not particularly nice website. No doubt it might attempt to infect your computer. ?
Just delete the scam e-mail.

(3) Somewhat abusive attempt to get you to open the attachment.

Please be warned, there is a profanity ahead. I wanted to leave it in as it does generate something of a visceral reaction when you read it.

Subject: credit card charge from <your company’s domain name> 

What is this fucking charge on my card?
I never visited or bought anything from <your company’s domain name>.
I have attached a screenshot of my statement.
I want my money back!!!
I have attached my card statement, please get back to me ASAP.

Thank you

company name

person name

phone

fax

There is a Word document attached to the e-mail, which of course has … nasty ransomware, which will scramble all of your files and leave you with a very bad day ahead. ?
Just delete the scam e-mail.

Conclusion

I hope you noticed that I was pretty consistent in my recommended action … this is because it is from Commandment #5 in our Ten Commandments of Cyber Security.
If you wish to train your staff on how they can spot these type of e-mails, then have a read of this course outline and contact us on the number or e-mail address at the end of that. We’ll be happy to discuss your training requirements and provide a quotation to cover same.
And lets be careful out there.

H/T to the SANS Institute’s Internet Storm Centre @ https://isc.sans.edu/

The post There is a lot of variations in scam e-mail the last couple of days. appeared first on L2 Cyber Security Solutions Ltd..