yellow warning sign

THIS IS REALLY IMPORTANT – YOU MUST READ AND ACTION

Tasha Horton Cybersecurity

This is a serious matter – it’s vital that this isn’t missed or overlooked.

If you don’t have 10 minutes to give this your full attention now, please schedule a time when you do, so you won’t forget to read and take action later.

To cut to the chase, I’m really concerned that you may not be aware that your business is either under attack now – or could be shortly – from a determined bunch of cybercriminals and then from the government to give you a good kicking afterwards – either of which could have devastating implications for you and could even result in the closure of your business.

I’m absolutely serious and that is why you MUST read this letter in full.

There are criminals, working full time, to illegally extract money from you and potentially destroy your livelihood.

You’re probably thinking:

We’re just a small company.”                   No one will bother with us – we’re only in Staffordshire.”

We’re fully covered.                    I won’t fall for those scams.     It’ll never happen to me.

I don’t have time for this.”          I’ll deal with it if it happens.    It’s just scaremongering.

WELL, JUST READ THIS AND TAKE NOTE:

We have seen a distinct increase and change in cybercrime recently. What I’m about to tell you is a real-life story about one of my long-standing clients in Stoke on Trent, who thought this could never happen to them. (I have obviously changed names, to protect the innocent!)

A couple of weeks ago we got a call from Dave, the MD, of a £1 million turnover business, employing 15 people. He was a bit worried, to say the least, as he’d just found out that he’d nearly lost over £20,000 to cybercriminals

So what had happened?

Dave is a really sensible, switched on guy, who wouldn’t be taken in by a hoaxer. He’s smart just like you.

This is what we found out after the event.

On Wednesday 6th June at 6:45am, an email sent from Microsoft, told Dave that his email account was under attack and he needed to reset his password. At 9:10am the same day, Dave reads the email and being the good, sensible, IT savvy guy that he is looks for the obvious hoax clues (poor English, coming from a different email address, poor graphics) and finds it all in order. He clicks on the link and makes the password change. Everything appears normal and he goes on with the rest of his day. His week. His month…

Then, seven weeks later on Thursday 26th July, Sue, his wife, who runs the accounts department, queries him over a payment to one of their main suppliers (Smith & Smith) for £20,217. She has been in email conversation with the usual friendly lady, Sarah, at Smith & Smith, who was asking for help with a manual payment this month as they have had to temporarily suspend their normal bank account because it has been compromised. The payment was to be sent to the same bank, but to a different account number.

Dave and Sue discussed their cashflow needs over the next couple of days and even though they really wanted to help out Smith & Smith, they decided rather than paying on Monday 30th July, it would be better for them to pay on Tuesday 31st. However, they told Sarah that it was going to be paid on Monday to keep her sweet.

On Tuesday 31st July, Sue attempted to make the payment as requested, but it wouldn’t go through. She then called and spoke to Sarah at Smith & Smith, apologising that she was having problems making the payment and could they confirm the bank details again. At this point, obviously, the real Sarah declared her ignorance on the whole situation and the scam came to light!

It is only by a stroke of luck (or just being careful with cashflow), that Dave and Sue didn’t lose over £20,000. It has later come to light, after police intervention, that the fraudulent bank account was closed on the Monday evening, transferring out over £85,000 with 7 different companies having lost out.

So, how did this happen?
  • At 9:10 am on the 6th June, Dave clicked on a bogus link to reset his password.
  • These cunning criminals then went into Dave’s real Microsoft account and changed his password to what he had reset it to, so as far as Dave was concerned everything was just fine.
  • The criminals now set up email forwarders from Dave’s and Sue’s email accounts and kept track of all their correspondence, learning how best to strike.
  • Over the next 7 weeks, they get to know the language, frequency and relationships of Dave’s and Sue’s contacts so they have the right ammunition.
  • They spot the opportunity with a key supplier, copy their email exactly in look, feel, tone, email address, contact and even start the email as a reply to a previous email from Sue to the supplier, so the email thread looks really legit.
  • When they have an email chat with Sue on Thursday 26th July, they know exactly how to respond as Sarah because they have studied the correspondence for a long time.
Scary stuff? I certainly think so!

This is big, easy money for the cybercriminals, so they work extremely hard. They make a business out of it and have a strategic process in place. They are very clever people, not only technically, but also in social engineering.

They know that their easiest prey are small businesses because all too frequently the small business owner feels that they won’t be attacked and so hasn’t spent the money in keeping themselves protected.

I was discussing this issue with another 12 IT companies that I meet up with every month from around the country. Every single one of them had encountered this laser focused attack method. Unfortunately, one of the other IT company’s clients hadn’t been so lucky and had lost £45,000 in this way.  And, they can’t get it back because they made the payment.

So Dave and Sue breathed a sigh of relief having saved themselves twenty grand. However, this was very short lived because under GDPR, the email incident was a data breach and had to be reported to not only the Information Commissioner’s Office (ICO), but anyone in their email system (Outlook) within 72 hours. This means they had to tell all their clients and suppliers that their emails had been compromised. Apart from anything else, what a logistical nightmare!

None of it was really Dave’s and Sue’s fault and as they now appreciate, neither was it ours. We can’t be responsible for a client giving their passwords away and there is no way we can stop emails from fraudsters getting into your email system as they don’t contain a virus, have been written specifically for you and as far as any automated system is concerned, could just be a regular email. The emails had to be really scrutinised to spot tiny inconsistencies.

I’ll keep it as simple as possible, but the technical reason that this happened to Dave and Sue is because the criminals had put a ‘forwarder’ on their emails. Basically, every email that Dave or Sue received/sent, a copy was being forwarded to the cybercriminals. And this was all being done in total secrecy. Dave and Sue weren’t being lax there were simply no signs that anything untoward was going on.

It’s only by going into the back end of the system to check for forwarders that this can be detected. It is a laborious and time-consuming job, but as you can see really vital.

Obviously we have a powerful scanning solution that can do this for your systems on a regular basis and quickly, without any disruption to your service at all. Even if you or your staff inadvertently give away your passwords (as Dave did), we would spot this and deal with before any damage could be done.

This means no data loss, no reporting to the ICO or embarrassing, potentially business destroying correspondence about this to your valuable clients and suppliers.

I want to make sure that you are all aware of these vitally important services and can see why it’s important to get them turned on.  Back in March when I was doing a review with Dave I had offered him this service, but he had turned it down as ‘not important’.

So could this happen to you?

Yes – Dave and Sue are sensible, intelligent, switched-on Staffordshire small business owners, trying to make a good living for themselves and their team, just like you.

What can I do about it?

The first thing is to accept that you and your business are vulnerable and it could happen to you.

Secondly, accept that you have to take responsibility for keeping ahead of the cybercriminals; if you don’t it’s probably just a matter of time…

Now it’s over to you. I’ve briefly outlined the issue, but there are many more ways that your business is vulnerable. The vital message here is that you must pay attention to getting your security right to keep your business safe.

Don’t wait! The hackers certainly won’t. Just pick up the phone now and call: 01782 789000 or send an email to: andrew@promptpc.co.uk.  I don’t want you to be the next Dave or Sue!