UK wises up to cyber shopping scams

The empty stores on Black Friday confirmed that shopping online is the preferred method for consumer today. However, this means phishing and online counterfeiting attacks have increased too. According to research released today by DomainTools, three quarters of UK consumers have been scammed in the process of purchasing goods online, and over a fifth personally know someone who has purchased fake goods online.

Continue reading

cyber security – Is it getting harder to spot a spoof?

Daren Oliver, cyber security expert and managing director of Fitzrovia IT, explores whether fraudulent emails are getting more difficult to identify and if email communication should be limited for those working
in security-sensitive sectors.

Once upon a time, sending and receiving emails was a new-fangled process used to substitute the written letter. Mostly reserved for academic circles, or verifying important information following a spoken conversation, few predicted email communication would flourish as it has over the last two decades. Email has changed the face of human interaction, overtaking the telephone as the number one method of personal and professional information exchange.

By the end of 2017, it is estimated there will be 4.9 billion email accounts worldwide with business emails accounting for 929 million mailboxes – a veritable hunting ground for cyber criminals.

With the advent of email and the introduction of its successors, such as text and instant messaging services, it has become easier than ever before to contact those who were previously considered ‘unreachable’. Conversations and canvassing over the telephone, which has traditionally been the mainstay for many business operations, has become less frequent and the average email inbox is now littered with loquacious literature.

Of course, firing off an email into cyberspace is no guarantee you will penetrate the person you intend on getting a response from. If anything, it’s the perfect excuse for him or her to ignore your carefully crafted correspondence. As inboxes become more flooded, individuals will naturally screen each email, picking and choosing upon sight who to reply to, based on recognition and associated content. But what has this meant for fraudulent activity?

The job of a cyber criminal has intensified over the past few years, requiring them to be increasingly sophisticated and clever in their approach. In the past, criminals have traditionally relied on ‘flood them fast’ email distribution by targeting numerous inboxes with spam notifications purporting to be from businesses such as banks. Awareness campaigns from the businesses themselves have helped to tackle the issue, meaning many quick-thinking consumers have started to grow more savvy, refusing to click on unsolicited links.

As a result, cyber criminals have turned to social engineering and the support of realistic looking spoof emails to dupe their targets. These mimic everything from ‘links’ to incredible deals on offer from well-known retailers to emails from trusted contacts, where the sender’s address has been so subtlety adjusted it appears to be legitimate. In fact, so accurate are these emails in their appearance it is calling into question whether correspondence from organisations dealing with sensitive data, such as governments, should be using email accounts at all, and whether a more secure method of communication should be adopted.

For example, the recent cyber attack on UK Parliament, which resulted in the breach of dozens of inboxes, could have been an incredibly valuable hack for the cyber criminals involved. Highly sensitive content can be sold on for a huge financial gain to those hungry for damaging and destructive data they can use to their advantage. Information in the wrong hands could cause worldwide catastrophe.

There is no outright answer to dealing with illegitimate emails and spoof spam. Cutting email out of the equation entirely is not realistic. Of course, fraudulent activity can be kept at a minimum and mitigated by adopting up-to-date software and implementing well-planned, comprehensive backup strategies.

However, it is human beings themselves that hold the key to unlocking the answers to the current cyber crime conundrum. Research by the Information Commissioner’s Office reported that 93% of incidents investigated at the end of 2015 were caused by human error. Clearly, as fraudsters become more adept at creating cunning ways to cut through the cyber psyche of their targets, spotting a spoof email will become nearly impossible. Nobody is immune.

Re-educating the workforce and raising awareness of the issues surrounding cyber crime are essential. Regular testing and ‘digital fire drills’ for staff should be as much a part of a company’s strategy as their sales and marketing plans. ‘Friendly phishing expeditions’ – where staff are sent ‘spoof’ emails at random to test their reactions are one way of ensuring there are no chinks in your employees’ armour. Only then, once cyber crime awareness officially becomes part of company policy, will we gain some control over addressing the current vulnerabilities.

Daren Oliver is managing director of Fitzrovia IT, a London-based consultancy that provides cutting-edge IT solutions from across the globe. For more information, visit

Fraud threatens the credibility of digital advertising – Brands and publishers voice concerns

Brands and publishers call for increased transparency as ad fraud threatens the credibility of digital advertising, reveals new report

  • Nine out of ten brands say the lack of transparency in their programmatic ad campaigns is because the ad buying platform is owned by their advertising agency;

·         80% of brands are worried that their current programmatic processes could lead to their adverts appearing on web pages related to extremist views such as terror activities;

  • Brands and publishers call for independent trade bodies to be given more power to penalise those committing fraud.

The digital marketing challenger agency, QueryClick, has today released its Programmatic Ad Fraud Transparency report, revealing a crisis of confidence in the digital advertising industry.

Continue reading

iOS HomeKit bug exposed smart locks to unauthorized access

News broke yesterday that a HomeKit vulnerability in the current version of iOS 11.2 has been found that allows unauthorized control of accessories including smart locks and garage door openers.The implications of the vulnerability are worrying, with the obvious concern being the ability for attackers to gain access to someone’s house without a physical key.

Continue reading