· Concern that criminals could look to capitalise on increased use of Internet devices
· Launched ‘Cyber Aware’ campaign promoting behaviours to mitigate threats.
· Created a world-leading scam reporting service for people to flag suspicious emails for the NCSC to assess and take down malicious content
· Revealed they have already taken down 2,000 scams – including 471 fake online shops – trying to trick people looking for coronavirus-related services
· Published new advice for individuals and organisations hosting online video conferences
CYBER experts have launched measures to protect the UK from online harm as the country continues to rely more on technology while staying at home to protect the NHS and save lives.
The National Cyber Security Centre (NCSC), a part of GCHQ, has today launched the cross-governmental ‘Cyber Aware’ campaign, which offers actionable advice for people to protect passwords, accounts and devices.
In addition to the broader campaign, the organisation has this morning published specific advice for personal and professional use of video conferencing services, with top tips on setting up your accounts, arranging a chat and protecting your device.
The NCSC has also today launched the pioneering ‘Suspicious Email Reporting Service’, which will make it easier for people to forward suspicious emails to the NCSC – including those claiming to offer services related to coronavirus.
This will build on the organisation’s existing takedown services, which have already removed more than 2,000 online scams related to coronavirus in the last month, including;
· 471 fake online shops selling fraudulent coronavirus related items
· 555 malware distribution sites set up to cause significant damage to any visitors
· 200 phishing sites seeking personal information such as passwords or credit card details
· 832 advance-fee frauds where a large sum of money is promised in return for a set-up payment
NCSC Chief Executive Officer Ciaran Martin said:
“Technology is helping us cope with the coronavirus crisis and will play a role helping us out of it - but that means cyber security is more important than ever.
“With greater use of technology, there are different ways attackers can harm all of us. But everyone can help to stop them by following the guidance campaign we have launched today. But even with the best security in place, some attacks will still get through.
“That’s why we have created a new national reporting service for suspicious emails – and if they link to malicious content, it will be taken down or blocked. By forwarding messages to us, you will be protecting the UK from email scams and cyber crime.”
Minister for Security James Brokenshire said:
“Criminals are seeking to exploit our greater use of emails, video conferencing and other technologies for their advantage.
“It’s despicable that they are using the coronavirus outbreak as cover to try to scam and steal from people in their homes. We all have a part to play in seeing they don’t succeed.
“I encourage everyone to follow the Cyber Aware advice and to use the Suspicious Email Reporting Service. They provide important new ways in which we can protect ourselves as well as our families and businesses.”
Digital Infrastructure Minister Matt Warman said:
"Technology is helping us work remotely, connect with family and friends and access medical advice online, so we can stay home, protect the NHS and save lives. But cyber criminals are also exploiting this crisis to target people and organisations.
“I urge everyone to remain vigilant online, follow the National Cyber Security Centre's guidance on passwords and account security, and report suspected coronavirus related scams if you see them."
The NCSC’s new guidance on the secure use of video conferencing services builds on a raft of advice published on www.ncsc.gov.uk since the coronavirus outbreak started.
With many people in the UK trying video conferencing for the first time, the advice includes top tips on securely installing the app, creating a strong password and tracking who is joining the chat.
The NCSC also recommends that you do not make meetings public, connect only to people through your contacts or address book – and to never post the link or password publicly.
The Cyber Aware campaign will be delivered by the NCSC working alongside the Home Office, the Cabinet Office and the Department for Digital, Culture, Media and Sport (DCMS) and will aim to help individuals and organisations to protect themselves online.
It urges people to protect their data passwords, the accounts they protect and the devices they use to access them.
The campaign encourages people to ‘Stay home. Stay Connected. Stay Cyber Aware’, and its top tips for staying secure online are;
1. Turn on two factor authentication for important accounts
2. Protect important accounts using a password of three random words
3. Create a separate password that you only use for your main email account
4. Update the software and apps on your devices regularly (ideally set to ‘automatically update’)
5. Save your passwords in your browser
6. To protect yourself from being held to ransom, back up important data
This Suspicious Email Reporting Service has been co-developed with the City of London Police. By forwarding any dubious emails – including those claiming to offer support related to COVID-19 – to email@example.com, the NCSC’s automated programme will immediately test the validity of the site. Any sites found to be phishing scams will be removed immediately.
As well as taking down malicious sites it will support the police by providing live time analysis of reports and identifying new patterns in online offending - helping them stop even more offenders in their tracks.
If people have lost money, they should tell their bank and report it as a crime to Action Fraud, but the new Suspicious Email Reporting Service will offer an automated service to people who flag what they think to be a suspicious email.
The raft of measures announced today by the NCSC to protect the UK during the coronavirus outbreak have been supported by a wide range of organisations.
Commander Karen Baxter, City of London Police, National Lead for Fraud, said:
“As we all stay indoors and spend more time online there is more opportunity for criminals to try and trick people into parting with their money. “Law enforcement are working closely with government to ensure the public, and businesses, are as well-equipped as possible to fight online harms.
“This process will be greatly assisted by the new suspicious email reporting service which empowers the public and enhances police capabilities to step up their response to fraud.
“Officers have already executed a number of warrants across the country to target and disrupt criminals sending emails and texts designed to steal your money.”
Dame Gillian Guy, Chief Executive of Citizens Advice, said:
"Unfortunately scammers see these uncertain and worrying times as an opportunity to prey on people. We’re encouraging the public to report any suspicious emails to the NCSC's new takedown service.
“Through our own Scams Action service - made up of a dedicated helpline and special tool which offer advice for people affected by online scams - we see first-hand the devastating impact these terrible crimes have.
“This initiative will help take down even more harmful sites, which means fewer victims”.
Kevin Brown, Managing Director of BT Security, said:
“As we adjust to the current situation and online services become even more critical, it’s vital that we are all aware of and follow security best practice.
“The NCSC has provided a fantastic set of guidance and resources for the UK’s citizens and businesses, and we’re delighted to be working with them to keep the UK safe online.”
More information on Cyber Aware top tips
1. Create a separate password for your email
· Your personal email account contains lots of important information about you and is the gateway to all your other online accounts.
· If your email account is hacked all your other passwords can be reset, so use a strong password that is different to all your others.
2. Create a strong password using three random words
· Weak passwords can be hacked in seconds. The longer and more unusual your password is, the stronger it becomes and the harder it is to hack. The best way to make your password long and difficult to hack is by using a sequence of three random words you’ll remember.
· You can make it even stronger with special characters.
· Starting with your most important accounts (such as email, banking and social media), replace your old passwords with new ones. Just connect three random - but memorable - words together.
3. Save your passwords in your browser
· Using the same passwords for all your accounts makes you vulnerable - if that one password is stolen all your accounts can be accessed.
· It’s good practice to use different passwords for the accounts you care most about.
· Of course, remembering lots of passwords can be difficult, but if you save them in your browser then you don’t have to.
· Online service providers are constantly updating their software to keep sensitive personal data secure, so store your passwords in your browser when prompted; it’s quick, convenient and safer than re-using the same password.
4. Turn on two-factor authentication
· Two-factor authentication (2FA) is a free security feature that gives you an extra layer of protection online and stops cyber criminals getting into your accounts - even if they have your password.
· 2FA reduces the risk of being hacked by asking you to provide a second factor of information, such as getting a text or code when you log in, to check you are who you say you are.
· Check if the online services and apps you use offer 2FA – it’s also called two-step verification or multi-factor authentication. If they do, turn it on. Start with the accounts you care most about such as your email and social media.
· Your bank automatically carries out an extra security check if you use online banking, so you don’t need to turn this on yourself. However, you should check your bank has your correct phone number so they’re able to text a code to your mobile or call your landline to confirm it’s you.
5. Update your devices
· Cyber criminals exploit weaknesses in software and apps to access your sensitive personal data, but providers are continually working to keep you secure by releasing regular updates. These updates fix weaknesses, so criminals can’t access your data.
· Using the latest versions of software, apps and operating system on your phone or tablet can immediately improve your security.
· Remember to update regularly, or set your phone or tablet to automatically update so you don’t have to think about it.
6. Turn on backup
· If your phone, tablet or laptop is hacked, your sensitive personal data could be lost, damaged or stolen.
· Make sure you keep a copy of all your important information by backing it up.
· You can choose to back up all your data or only information that is important to you.
Advice for individuals using video conferencing
1. Setting up your account
Installing the app of software. When first installing a video app or required software ensure you are downloading the software from a trusted source such as your phones app store or the manufacturers website. Don’t click on links sent to you from random individuals or on unusual websites, as these could take you to fake versions of the video app.
Create a strong password that is different to all your other passwords. Weak passwords can be hacked in seconds. The longer it is, the stronger it becomes and the harder to hack. Make yours strong by using a sequence of three words. If available also use two factor authentication. This is a free security feature that gives you an extra layer of protection and stops cyber criminals getting into your accounts – even if they have your password. It reduces the risk by asking you to provide a second factor, such as getting a text or code when you log in, to check you are who you say you are.
Understand what you are paying for. In the majority of cases the 'free' version of a service, correctly configured provides adequate security for personal use. Paid versions may offer extra features and usability features that you could consider if you feel your needs and situations justify it.
2. Arranging a chat
Do not make meetings public. Connect directly via your contacts/address book, or provide a link privately to specific people. If the feature is available, make use of passwords to add another layer of protection. Do not post the link or password publicly.
Know who is joining your chat. If you are organising the chat for your family or friends, consider using the lobby feature to ensure you know who has arrived. This is especially useful if individuals are joining the meeting via an unrecognised phone number. Verify participants identity when they join the meeting.
Understand what other features are available as a host. Many services offer features to record the meeting, share files, or show what is on somebody’s screen. There may also be additional controls to manage who can be in the chat. If you don't need these features considering setting to 'host only'.
3. Protecting Yourself
Try the service before your first chat. Most services have a ‘test’ function to ensure your microphone and camera work correctly – use this function to familiarise yourself with the service. Understand how to mute your microphone and turn off the camera. This will give you more control over what you share with others.
Update your devices. Cyber criminals exploit weaknesses in software and apps to access your sensitive personal data, but manufacturers are continually working to keep you secure by releasing regular updates. Using the latest software, apps and operating system on your devices can fix bugs, add new features and immediately improve your security.
Consider your surroundings. What else does the camera show when you are chatting with others, and would you want to share that information with strangers? Consider obscuring/blurring your background or using a background image.
If you’ve recently set up a new account on a video calling app or haven't looked at your security settings for a while on an existing account, you should take some time to make sure you're using these services as securely as possible.