Online dating fraud victim numbers at record high

The number of people defrauded in the UK by online dating scams reached a record high in 2016, the Victoria Derbyshire programme has learned.

According to the National Fraud Intelligence Bureau, there were 3,889 victims of so-called romance fraud last year, who handed over a record £39m.

More information:

Shared below are some thoughts on this story from Lee Munson, security researcher at 

“If anything, I’m actually quite surprised that less than four thousand people fell victim to dating fraud in the UK last year – I suspect there may be many more cases that have not been reported, for fear of the embarrassment it could cause.

“While there is some opportunity for dating site owners to limit this type of fraud – by having warning messages on the site, tracking IP addresses, vetting members, etc. – it is very much up to individuals to protect themselves.

“Most scams are successful because they pull on an emotional lever and the need for a partner is one of the most basic psychological needs. The type of person to fall for this type of ruse is… the type of person who will fall for this type of ruse.

“Therefore, it is for the individual members of these sites to take a good hard look at themselves before they ever sign up – if they are the kind of person who would send money to someone they’ve never met in person, no amount of practical advice will save them – only a period of self-reflection will.”



Another homebuyer loses £67k as solicitors fail to warn of email fraud

Solicitors are failing to warn clients about the risks of using email during property transactions, despite explicit guidelines from anti-fraud authorities and their own trade body, the Solicitors’ Regulation Authority.

More information:

Shared below are some thoughts on this story from Lee Munson, security researcher at

“While I feel great pity for anyone who has fallen prey to any kind of fraud, and understand the reasoning behind it may be a lack of knowledge, it really doesn’t seem fair to lay the blame at the feet of the solicitor in this case.

“Sure, warning messages on emails may prove useful in a minority of cases, but let’s be honest here – the majority of people do not read the small print on any kind of communication, including legal documents.

“Thus, it is down to individuals to educate themselves on the risks of doing anything that involves a computing device, most notably where emails are concerned, and especially where large sums of money are directly involved.

“Staying alert and watching out for names, email addresses or bank account numbers that change over time will protect most people from this type of ruse, as will confirming details with the solicitor, over the phone, prior to transferring any funds.”



Digital Forensics MSc first to receive GCHQ full certification

Digital Forensics MSc first to receive GCHQ full certification


Cranfield University has become the first university in the UK to receive full certification from the UK Government Communications Headquarters, GCHQ, for a digital forensics course.

The MSc in Digital Forensics run by Cranfield Forensic Institute also gained its certification at the first attempt.

Course Director Dr Sarah Morris said: “We are so pleased GCHQ has given us this certification after a tough and rigorous process. We deliver a very practical degree – all of our lectures have a practical element – which is highly unusual in academic training for digital forensics.

“Our students all graduate as very able, very employable people ready to take on roles in digital forensics immediately.”

Until last year the course was known as forensic computing, is well established and one of the longest-running in the UK; it started teaching in 1998 and the MScs were given in 2005.

While GCHQ has given certification to several universities for cyber-security and information-security courses, including provisional certification for Cranfield’s MSc in Cyber Defence and Information Assurance, this is the first time they have fully certified a digital forensics course.

Chris Ensor, Deputy Director Cyber Skills and Growth at GCHQ, said: “I am really pleased that Cranfield University’s degree has been fully certified.  Certified degrees give assurance to students and potential employers that course content is appropriate, well taught by experienced staff and rigorously assessed. We need a cyber-capable workforce both to protect the UK and to fully benefit from all that cyberspace can offer. Studying certified degrees like this one at Cranfield is one way of achieving that.”

Dr Morris believes her course was also successful because her graduates are well set up for a career in a range of government agencies as well as policing and the commercial forensic sector. She said: “Our students don’t necessarily have computing expertise and are from diverse backgrounds.

“We have people from policing, criminology, forensic science graduates as well as people with a general computing background; but we ensure all of our students can analyse a range of devices to a significant depth and ability and that they can tackle devices they may not have seen before”

She added that being part of the well-respected Cranfield Forensic Institute (CFI) also gives them an advantage. “Our students get a host of extra skills from CFI, such as access to sector experts on evidence gathering and courtroom skills.”



Former bartender and psychiatrist among those selected for new Cyber Retraining Academy

  • Government-backed SANS Institute Cyber Retraining Academy will train people from all walks of life to become industry-ready cyber professionals in ten weeks
  • From today, potential employers can track students’ real-time progress via a unique online portal
  • Free recruitment fairs on the 23rd February and 6th March will allow prospective employers to hire the students to defend their firms against growing online attacks

55 talented amateurs chosen from a nationwide search for the next generation of cyber professionals begin a ten-week course to fast-track them into the cyber security industry.

The students will begin the intensive ten-week course and learn in-demand cyber skills as part of a Government drive to help businesses defend themselves against the growing cyber threat.

The candidates, including a former bartender, a psychiatrist and a journalist, will be trained by leading industry practitioners. Employers will be able to track their progress through an online portal and prospective employers will have the opportunity to recruit students within ten weeks at two upcoming recruitment fairs.

Minister of State for Digital and Culture Matt Hancock said:

“I congratulate all the students selected following an extremely competitive application process and encourage them to make the most of this fantastic opportunity.

“They will bring a diverse range of skills and experiences from different walks of life to the fight against cyber threats and attacks.

“We are investing £1.9 billion over five years to make the UK the safest place to live and do business online and this academy is a key part of that work.”

The candidates were selected from around 4,000 applications from across the country and come from diverse backgrounds. Roughly half are from non-IT backgrounds.

All candidates went through a rigorous six-stage selection process, starting with a pre-qualification assessment, then an application form, an aptitude assessment, a telephone interview and pre-qualification, and, finally, a face-to-face interview.

The pilot course, delivered by the Department for Culture, Media and Sport in partnership with information security training provider SANS Institute, is funded by the Government as part of the National Cyber Security Strategy and was created in response to growing cyber threats to British businesses and increasing industry demand for cyber security professionals.

The students will complete hands-on exercises in real-world scenarios such as how to respond to a virus outbreak, study the ‘psychology’ of hackers, build a watertight business network and learn how to help firms tackle the most common threats.

From today, the students will start learning computing and security fundamentals. Once they have these foundations in place, they will progress onto more technical subjects, including hacking tools and techniques. They will be taught by prominent security practitioners from SANS.

The training programme is demanding and will involve a weekly exam, technology labs and assessments. Classes include how to hack into an Internet of Things (IoT) connected device. Graduates will also leave with a Global Information Assurance Certification, which not only tests a candidate’s knowledge but also their ability to put that knowledge into practice in the real world.

At the time of the recruitment fair, candidates would be half way through their training, including completion of the technology and security fundamentals course, and will be able to share test scores with prospective employers.

SANS’ previous UK Cyber Academies have retrained people from law graduates to parking attendants and supplied qualified cyber experts to prominent organisations including NATO and Airbus.

UK Managing Director at SANS Institute ?Stephen Jones said:

“Employers can be reassured these candidates have already proven themselves to be exceptionally talented. The students successfully completed a six stage, highly competitive, assessment process. They have all demonstrated they have the right aptitude to excel in a cyber-security career and will now receive world class training.

“We are pleased to see students from a wide range of backgrounds, not just traditional IT roles. The cyber security profession requires a wide range of skills and, as this selection process has shown, there are budding security experts not just in the IT sector, but outside of it too.”

Catherine Irvine, Senior Business and Development Manager, Security Operations Centre Enterprise and Cyber Security, Fujitsu, said: 

“Fujitsu, as a provider of Information Security Services and employer of individuals with cyber skills, is pleased to support the 2017 SANS Cyber Security Training Academy.

“The Academy is an innovative way to develop the skills of individuals in the techniques, tactics and processes needed to fight cyber-crime.

“It gives individuals that might not previously have thought they had the aptitude for a career in cyber security the opportunity to develop their talent which in turn provides organisations such as Fujitsu a great opportunity to meet and hopefully employ people with these valuable skills which are in short supply.

“At the previous Academy I had the pleasure to meet the students at an Employer Fair and was awed with the opportunity the Academy gives individuals and amazed at the students’ talents.” 



Consumers increasingly aware of online security risks, but hold businesses responsible for data breaches

Gemalto, has released the findings of its 2016 Data Breaches and Customer Loyalty report, revealing that consumers put responsibility for protecting their personal data firmly at the hands of the organizations holding their data – and not themselves.

 According to the 9,000 consumers surveyed in Australia, Benelux, France, Germany, Russia, UAE, Saudi Arabia, India, Japan, United Kingdom, and United States, 70% of the responsibility for protecting and securing customer data lies with companies and only 30% of the responsibility with themselves. Yet, less than a third (29%) consumers believe companies are taking protection of their personal data very seriously. This comes as consumers are becoming increasingly fearful of their data being stolen, with 58% believing it will happen to them in the future. More than 4.8 billion data records have been exposed since 2013 with identity theft being the leading type of data breach accounting for 64% of all data breaches.

 Where consumers see most risk

Despite becoming more aware of the threats posed to them online, only one in ten (11%) believe there are no apps or websites out there that pose the greatest risk to them and consumers are not changing behavior as a result:

  • 80% use social media, despite 59% believing these networks pose a great risk
  • 87% use online or mobile banking, with 34% believing they leave them vulnerable to cybercriminals
  • Consumers are also more likely to shop online during busy commercial periods such as Black Friday and Christmas (2% increase online versus -2% decrease in store), despite 21% admitting the threat of cybercrime increases a lot during these periods

 Consumer attitudes on data breaches

Nearly six in ten (58%) consumers believe they will be a victim of a breach at some point, and organizations need to be prepared for the loss of business such incidents may cause. The majority of consumers who currently use the following, say they would stop using a retailer (60%), bank (58%) or social media site (56%) if it suffered a breach, while 66% say they would be unlikely to do business with an organization that experienced a breach where their financial and sensitive information was stolen.

 How data breaches affect consumers

The study found that fraudulent use of financial information has affected 21% of consumers, with others experiencing fraudulent use of their personal details (15%) and identity theft (14%). More than a third (36%) of those who have been a victim of a breach attribute this to a fraudulent website. Clicking a bad link (34%) and phishing (33%) were the next highest methods consumers were caught by. In keeping with the theme of putting the blame at the organization’s hands, over a quarter (27%) attributed the breach to a failure of the company’s data security solutions.

 Lack of security measures influence consumer confidence

The lack of consumer confidence could be due to the lack of strong security measures being implemented by businesses. Within online banking, passwords are still the most common authentication methods – used by 84% for online and 82% for mobile banking, and more advanced transaction security the next highest for both (50% and 48% respectively). Solutions like two-factor authentication (43% online and 42% mobile) and data encryption (31% online and 27% mobile) trail behind.

 Similar results can be seen in both the retail space, with only 25% of respondents that use online retail accounts claiming two-factor authentication is used on all their apps and websites, and in social media, with only 21% using the authentication for all platforms. Only 16% of all respondents admitted to having a complete understanding of what data encryption is and does.

 “Consumers have clearly made the decision that they are prepared to take risks when it comes to their security, but should anything go wrong they put the blame with the business,” said Jason Hart, CTO, Data Protection at Gemalto. “The modern-day consumer is all about convenience and they expect businesses to provide this, while also keeping their data safe. With the impending threats of consumers taking legal action against companies, an education process is clearly needed to show consumers the steps they are taking to protect their data. Implementing and educating about advanced protocols like two-factor authentication and encryption solutions, should show consumers that the protection of their personal data is being taken very seriously.”



Ever Evolving Information Technology Nature to Push Forth Digital Forensics Market beyond Contemporary Growth Avenues

The turn of this decade had been significant in transforming the connecting and decision making capabilities at both individual and organization level. A wide variety of information technologies have penetrated in almost every human dimension. Connections of Devices coupled with Cloud Based Services have already become mainstream technologies that are being implemented extensively to make informed decisions. But akin to any other technology, the prevalent information technologies remain vulnerable to various forms of cyber threats that are also evolving with considerable intensity and magnitude.

This trend can be understood from the recent fraud activity emerging rapidly in Web Advertising industry and garnering a widespread attention. This state-of-the-art ad fraud infrastructure is termed as ‘Methbot’. It has the ability of hosting legal videos and serving to millions of fake viewers on daily basis. The revenue earned through premium video advertising is being routed towards wrong channels by creating fake domains and URLs. This is just one of the stark confrontations for stakeholders operating in digital world and the ever evolving existence of vulnerabilities. Methbot has tried to earn revenues by creating fake impressions through a myriad of online advertising modes. This is just one of the threats that need to be averted on urgency basis but the foreseeable future will witness surfacing of various other advanced cyber threats having similar attributes. And such an operation will require utilization of Digital Forensics Tools beyond the investigation and analysis of digital or electronic devices. The services of existing electronic devices span beyond their physical appearances which is evident from the aforementioned case. Various tools have been modified or manipulated for such a fraud including IP registrations, Servers, Web Browser, Mouse Activity, Social Media Accounts and Software. These tools are a few of the prominent manipulations happened in Methbot fraud as the criminal endeavour is highly complex in nature.

The threat of Methbot serves as a perfect example for swift resurgence requirements in the field of Digital Forensics. Organizations offering Digital Forensics tools need to approach the existing as well as future threats in an integrated manner while the role of Regulatory Authorities will also become prevalent simultaneously, in order to provide greater access to either licensed or private information to concerned stakeholders. Therefore, it can be concluded that although current digital forensic technologies and regulatory regime seem to be inappropriate for investigating emerging threats, but at the same time offer a great deal of opportunities for enhanced collaboration and paving novel growth avenues for stakeholders.



Largest NHS trust hit by cyber attack

Reports are surfacing that the largest NHS hospital trust in England has been hit with ransomware, affecting thousands of sensitive files.

David Gibson, VP of strategy and market development at Varonis:

“The reported ransomware attack on the largest NHS hospital trust in England affecting thousands of sensitive files is another canary-in-the-coal mine incident raising awareness for how much sensitive data is overexposed and at risk within organisations. When a user with excessive access to data across the network is infected with ransomware, organisations cannot ignore the crippling effects of hijacked data – in this case, potential disruptions for patient care.

“Barts Health NHS have said they are following a contingency plan by taking offline the infected systems; however, they should be thanking the ransomware criminals for shining a big, bright spotlight on the holes in their defences that allowed in the ransomware in the first place. If ransomware can temporarily halt productivity because it was spotted and stopped too far into the infection, only image what a malicious insider or external actor with co-opted credentials can do to your organisation and how long they can go undetected. Organisations impacted by ransomware also means they are vulnerable to other types of attacks.

“Organisations should monitor their IT infrastructure, specifically users and the files and emails they can access, and then perform regular attestations of access rights to reduce unnecessary exposure. Additionally, organisations should employ a user behaviour analytics solution to look for and stop anomalous behaviour that indicates ransomware or other dangerous breaches.”

Stephen Gates, chief research intelligence analyst at NSFOCUS:

“In my predictions for 2017,  the increase of stealthy, modular ransomware capable of spreading laterally will be one of the primary cyberthreats organisations face in 2017 and beyond.  Apparently, that prediction is proving to be true.  Organisations will never be able to stop the dreaded “user click” that likely allowed the ransomware in to begin with.  However, technology exists that can detect and defeat ransomware infections.  The real question is, “Why do organisations continue to believe it will never happen to them, and why don’t they have the proper defences in place?”  This is simply another testament that organisations are failing miserably in protecting themselves, their customers, and their data.”  

Jamie Moles, security consultant at malware detection firm Lastline:

“The National Health Service is one of the largest organisations in the United Kingdom. With an annual budget in the region of £116 billion, it is a massive target for ransomware actors and currently, it’s a poorly defended target.

“There are a number of trusts in deficit and spending on the NHS has dropped in real terms since the recession. Priorities for all NHS trusts are unsurprisingly targeted at medical needs over and above admin and operational needs, but of course this includes IT Security.

“While security remains a low priority for NHS management, they will increasingly fall victim to these kinds of threats, which wouldn’t be a serious problem except it has previously resulted in cancellation of treatments whilst the affected systems are investigated and cleaned up.  Interestingly, the NHS takes a very strict and sanitary approach to dealing with these threats, shutting down almost all of its IT capabilities while it triages and treats the problem. Why would we expect any different from a medical organisation?

“Moving forward if we are to prevent these issues causing delays to treatment and potentially deaths, NHS trusts are going to have to invest in technology to deal with Ransomware and other targeted malware based threats.   There are plenty of good technologies available to assist in this issue and they can be scaled effectively and cost efficiently to cope with massive organisations like the NHS. Unfortunately, Antivirus is not one of them.”



WhatsApp backdoor allows snooping on encrypted messages

Reports are surfacing that a security backdoor that can be used to allow Facebook and others to intercept and read encrypted messages has been found within its WhatsApp messaging service.

Commenting on this, David Gibson, VP of strategy and market development at Varonis, said “We laugh when high profile individuals like President-Elect Trump say we should communicate sensitive data with paper and pen, but in an age of daily data breaches, consumers need to assume their communications won’t remain private for long. Even with applications like WhatsApp that claim no one can snoop on their users’ communications may open themselves up to vulnerabilities through inadvertent or purpose built backdoors. Constant vigilance is the name of the game for consumers and for brands like Facebook to protect the best interests of their customers.”



High powered cameras could steal your fingerprints from a photo

Flashing the peace sign in a selfie could be setting you up for a security nightmare! Isao Echizen, a professor at the Digital Content and Media Sciences Research Division of the National Institute of Informatics has successfully obtained fingerprints from photographs taken from up to three metres away. He specifically warned against the peace sign, as it could give identity thieves the opportunity to match fingerprints with a face.

Robert Capps, VP of business development at award-winning biometrics company, NuData Security, said:

“While physical biometrics will always have a place when it comes to in-person user authentication, there are significant drawbacks to consider when we extend biometric identity verification online.

“We shed physical biometric data wherever we go; leaving fingerprints on everything we touch, posting selfies on social media and videos with friends and family. Much of this information can be captured by fraudsters. Fingerprints can be stolen from doorknobs and glass and easily replicated. High-resolution photos, as Isao Echizen demonstrates in this zoom-and-enhance technique, can take a picture from great distances that can be used to copy a physical biometric. This technique was also brought to wide-scale attention by Jan “Starbug” Krissler when he used Angela Merkel’s photo to unlock an iris biometric test at a security conference in 2015.

“Consumers bear additional risk in using physical biometrics online, as they become static identifiers that can never be changed, and in their digital form, can be stolen, traded, and potentially reused to impersonate the legitimate user. Once biometric data is stolen and resold on the Dark Web, the risk of inappropriate access to a user’s accounts and identity will persist for that person’s lifetime. As the most stringent of authentication verifications deploy physical biometrics, such as immigration and banking, physical biometric data will become very desirable to hackers.  We can expect more creative attempts by hackers to capture this information. The benefit of passive behavioural biometrics is that the information used to uniquely identify a user is passively collected and dynamically analysed, and has an extremely limited shelf life of usefulness – making theft and successful reuse of raw behavioural signals nearly impossible.”



Integrating Amazon’s Alexa into cars

Following the news that Amazon’s voice assistant, Alexa, has found her way into cars, assisting owners and giving updates on the status of the vehicle, Lee Munson, security researcher at comments:

“As a security researcher, the thought of giving access to my car to an Amazon courier, or just about anyone else for that matter, fills me with dread.

“Unlike me, however, most people who shop online only have two concerns – price and convenience.

“Given Amazon’s low overheads, the first box is generally ticked, so I can see how this idea could well gain some traction.

“As crazy as it sounds, there will be people who volunteer details about their vehicles, including where they keep them at any given time of day, and effectively hand over the keys in return for an easy shopping experience.

“Of course, the professional side of my brain would caution them all about the dangers, likening their choice to handing over the keys to their house or, worse post-Snowden, their encrypted email conversations.”