There have been some interesting developments in the world of spam and malware in the past couple of weeks.
Various organisations1 that monitor internet traffic, have found an alarming increase in the amounts of spam, malware and phishing emails being sent out recently.
They also found that it was not just one type of spam either, there are a number of different ‘flavours’.
Remember the 419 email and letter scams? Typically from Iraq, South Africa or somewhere in West Africa, these advance-fee scams ask for your help to transfer money out of a country in return for a fee. The fraudster requests your bank details for the transfer, and takes the opportunity to empty your account! These scams still seem to be serving up a bad taste in their victims mouths, just when we thought they were off the menu.
There was an increase in the amount of ‘ransomware’ emails being dished out, containing a link which when you click on it allows the scammer to encrypt your files and data, essentially holding your files and data ‘hostage’ until you pay the ransom payment for their decryption. These been rather successful in the past, not only infecting individual’s machines, but also large organisations too. An American hospital got a taste of this and ended up paying thousands of dollars to get their files decrypted.
Scare stories have been emailed to customers of two credential services or password vaults, referring recipients to data breaches by LinkedIn and Tumblr. The emails purporting to be bone-fide support, informed people that their accounts had been hacked and that they needed to re-enter their personal details. These scam emails contained links which directed people to the hackers fake web site, serving up yet another phishing email attack.
There is also new type of fraud that is gaining notoriety, called BEC (Business Email Compromise). Estimates are that tens of thousands of people have been scammed and billions of dollars have been lost world wide. There is such a huge growth in this type of fraud that the FBI issued out a Public Service Announcement. This scam targets employees in an organisation, usually in finance, accounts or procurement, with a message purportedly from a senior finance or accounts manager requesting an urgent payment to be made to a supplier. When the employee takes the bait, the ‘senior manager’ will email and ask for the payment to be made to a different account – the scammers account.
Many of these scams require an increasingly elaborate amount of research and reconnaissance, combined with sophisticated social engineering. As the awareness of scam methods increases and protective measures are taken to avoid them, scammers are devising ever more ingenious ways to trick people. Some are conducting more research into their intended victims, to try to make their messages and requests more appealing.
Just like the canned meat, email spam isn’t going to go away anytime soon. So we all need to be aware and take care when opening attachments, clicking on links or receiving instructions from colleagues that appear to go outside the regular procedures.
Graeme Wolfe, Information and IT Security Officer, 27/06/2016
1 Cloudmark, IC3 and FBI
This month Graeme Wolfe, Information and IT Security Officer, looks at Windows 10 and at the options for upgrading.
If you use a personal Windows based PC / Laptop / device running Windows 7, 8 or 8.1, you will no doubt have seen the icon in your task bar inviting you, for a limited time, to upgrade to Windows 10 for free.
Your University supplied Windows PC / Laptop will not show this icon as we have suppressed it. We are working on a new ‘build’ to upgrade to Windows 10 at some point, but this has to be done in conjunction with checking that all the various software products on our estate still work as expected with Windows 10 and that there are no conflicts on our network.
I have been asked by a few people whether they should upgrade to Windows 10 on their personal device, or not, especially as there have been some issues raised with the information it gathers and uses about you, plus the deadline imposed by Mircrosoft for a ‘free’ update is July 29th 2016
This really is a personal matter for you and your appetite for moving to a new OS, as there are potential benefits and possible drawbacks to each action. There are many articles and reviews on line, which list the ‘pros’ and ‘cons’ of Windows 10. Just do a search for them if you want to know more, before deciding to take the plunge, or not.
Here are links to a couple of articles to get you started:
I was also asked what the support position was for Windows OS and can reply as follows.
Windows 7 went out of mainstream support in January last year and Windows 8 will join it in January 2018, though they will both continue to receive security patches and updates until they go out of extended support.
Microsoft will be withdrawing extended support for Windows 7 in January 2020 and Windows 8 in January 2023, which may seem a long way off, but there is talk that this may happen earlier than that and this may be a reason why you would want to upgrade to Windows 10.
If you are still unsure as to whether to upgrade or not, but don’t want to make a decision before the July deadline; then you can download and install Windows 10 on your device, then you can ‘roll back’ to your previous OS, Windows 7 or 8. Make sure you take a backup of your files first. You shouldn’t lose any files during the changes, but better to be safe than sorry. This will register you as being a Windows 10 user, so ‘beating’ the deadline and you can go back to Windows 10 when and if the fancy takes you, at a later date.
Graeme Wolfe, Information and IT Security Officer 13/05/2016