This advice has been collated by EMSOU and is intended for wider distribution within the East Midlands Region to raise awareness among businesses and the public.
Advice and information is changing daily as we navigate our way through the COVID-19 pandemic, so please ensure you only take information from reputable sources.
If you require any further information, assistance or guidance please contact the EMSOU Protect Team or your local Force protect team.
Today’s advice is ‘keep devices up to date’
This is a topic we first touched on at the beginning of April and offered advice to organisations on how to ensure that devices remain up to date and protected against exploits. Updating software is a regular requirement and we all need to keep our devices (PC’s, Tablets, Smartphones) updated in order to remain safe online.
As remote working is set to continue the ongoing challenge for organisations and individuals is to keep devices up to date and secured.
Software and firmware updates fix security weaknesses and protect devices from harm.
Most PC’s, Smartphones and tablets come with tools to automatically apply updates. Always check that this is turned on and/or regularly check for updates.
For organisations using a Windows domain, ensure the Windows Server Update Service (WSUS) is configured, here. For organisations that don’t have on-premises networks, Windows Update for Business can be used. Firmware updates can also be rolled out and further advice from the NCSC can be found here.
Mobile Device Management software (MDM) will allow updates to be pushed out to multiple devices and track to see which ones are updated.
Hot Topic for today is ‘scam texts and emails’
Criminals use every opportunity they can to exploit every angle of the COVID-19 situation. They are experts at impersonating people, organisations and the police. Spending hours researching victims before contacting them by phone, email, text, on social media or in person. They try to trick victims into parting with money, personal information or buying goods or services that don’t exist.
Scams in the digital world include Phishing Emails, Smishing (SMS messages), Vishing (Voice/Telephone) Malware distribution, Ransomware and Credential stealing. Some of the most common current scams are below:
• Fraudsters impersonating banks to discuss government COVID-19 financial help.
• Software service scams targeting users working from home.
• Requests to change bank payment details for monies due/owed.
• Investment scams involving cryptocurrencies, online trading or pension transfers.
Sites promoting fake COVID-19 information apps.
• Scams offering fake COVID-19 testing/treatment kits, face masks, hand sanitiser etc.
• Puppies and Kittens for sale that cannot be viewed due to COVID-19.
• Vehicles for sale that cannot be viewed due to COVID-19.
• TV Licensing and Council Tax refund scams.
• Courier fraud – criminals impersonating bank officials and police officers
Unsolicited emails and text messages containing links should always be treated with suspicion and make sure your anti-virus is up to date.
Be aware of the information given out and your digital footprint, review privacy settings.
Ensure that staff know the procedures to follow e.g. urgent request to transfer funds.
Can you always trust who is on the end of the line?
• When in a conversation with someone you don't know, before answering a question make sure they need to know the information that they're asking about.
• Don't get caught up in the story being told; a sense of pressure should be a red flag.
• Hang up, wait five minutes, make sure you can hear a dial tone before making any other calls, or use your mobile.
Verify any unexpected contact is genuine by using a known number or email address to contact organisations directly.
Never allow an unsolicited caller remote access to your computer or devices.
If you think you’ve fallen for a scam, contact your bank immediately and report to Action Fraud.
Please report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online.
Forward suspicious emails to firstname.lastname@example.org. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).