Author Mark Fairlie
In late July 2017, a massive cyber attack took place against global credit reference agency, Equifax. After several weeks of investigation, regulators and the company discovered that the personal details of 143,000,000 US citizens and 400,000 British citizens may have been compromised. The National Cyber Security Centre has now released an update.
At the moment, unlike in the US, it does not appear that any credit card numbers or identification documents have been stolen in the UK but the investigation is ongoing.
The National Cyber Security Centre released an update
The National Cyber Security Centre, part of GCHQ, released an updated statement on the Equifax hack.
They do not believe that password-related data for UK citizens have been involved in this breach and are advising that they do not think it is necessary for people to change their passwords on other internet services.
The National Cyber Security Centre has warned that there is an increased risk of phishing and telephone fraud incidents, however.
What is “phishing”?
Typically, hackers will send out millions of fake emails with the aim of trying to get victims to visit a web page they control. This web page will look almost identical to the website of the company they’re claiming to represent, like Amazon, PayPal, eBay, and so on.
Once the victim has inputted their details, the spoof web pages then send the login details to the hackers, meaning they log into the genuine sites with your payment and personal information.
- poorly-formatted emails (that is, they don’t look “quite right”),
- The language may not be natural-sounding (like someone who is not fluent in English has written it),
- The grammar may be incorrect, and
- The biggest sign is that they don’t use your real name in the email.
The National Cyber Security Centre is worried that, if the breach has been significant, they will send out phishing emails with your real name on them and other information, like your date of birth. Their belief is that the more correct information that is contained in a phishing email, the more likely someone is to fall for the attack.
What is telephone fraud?
Telephone fraud or phishing, according to Which? is when a malicious party communicates with a victim to convince them they are someone else. Depending on how much information they have on you from the Equifax breach, they could know far more than someone chancing it making them sound more plausible and believable.
For example, a hacker calls someone about their bank account. They phone claiming to be from the bank’s fraud department. The conversation then leads to the victim giving over their bank username and passwords as part of a wider “security check”.
Once the hacker has this information, other types of cybercrime, like identity fraud, can become a lot easier to successfully pull off.
If you receive a suspicious call or email…
…trust your instincts, according to The National Cyber Security Centre.
You know how these companies communicate with you by email and phone. If something is in an email or said over a phone which doesn’t marry with your experience of that company, cease communication.
If you receive an email asking you to log in, do not click the links in the email. Any page you go to may be a spoof and when you put your details into this spoof site, it will stop working once you’ve logged in.
If you receive a phone call and someone asks you for full passwords or wants you to prove who you are in a way that’s different from other times they’ve called, hang up. At this point, make sure the receiver is down and the phone call has ended. When you are convinced that the call has ended, phone up the organisation directly to check for yourself, if possible from another phone.
Reporting a suspected attempt at fraud
The Action Fraud helpline is available day or night on 0300 123 2040. Alternatively, you can visit their website at www.actionfraud.police.uk.