A multi-layered approach can improve your resilience against phishing.  It is important not to miss opportunities to detect a phishing attack and stop it before it causes major harm.

1. Make it difficult for attackers to reach users: filtering/blocking (regularly updated), what information is readily available, implement anti-spoofing controls
2. Help users identify and report suspected emails: train staff regularly, ensure staff can easily report issues
3. Protect your organisation from the effects of undetected phishing emails: use two/multi factor authentication, use a proxy server, use anti malware/anti virus software
4. Respond to incidents quickly: define and practice an incident plan, encourage users to report suspicious activity

Further information and help and advice: NCSC

If you think an email could be a scam, you can report it by forwarding it to: report@phishing.gov.uk

"Cyber" is a term that refers to the use of technology, particularly the internet, for various purposes such as communication, commerce, entertainment, and information sharing. It is often used in the context of cybersecurity, which is the practice of protecting computer systems and networks from digital attacks, unauthorized access, and other online threats. The term "cyber" has evolved over time, and can also be used to describe various aspects of the digital world, such as cybercrime, cyberwarfare, cyberbullying, and cyberspace.

A vulnerability is a weakness is an IT system that can be exploited by an attacker/hacker.  They can be flaws, features or user error.

Flaws

A flaw may be as a result of poor design or through mistakes made through implementation and may go undetected.  The majority of attacks we see today exploit these types of vulnerabilities.

Features

A feature is intended functionality which can be misused by an attacker to breach a system.

User Error

User can be the intentional/unintentional vulnerability perhaps by making mistakes by using easily guessed passwords or leaving their device unlocked.

Cloud computing is the delivery of computing services - including servers, storage, databases, networking, analytics and intelligence over the internet ('the cloud') to offer faster innovation, flexible resources and economies of scale.  Your data will be stored in physical data centres owned by the cloud company in various locations.

Malware, short for malicious software, is any software designed with malicious intent to harm a computer system, device, network, or user. Malware can take many forms, including viruses, worms, Trojan horses, ransomware, adware, spyware, and more.

Malware can be spread in various ways, such as through infected email attachments, malicious websites, or by exploiting vulnerabilities in software or systems. Once installed, malware can carry out a wide range of malicious activities, including stealing sensitive data, damaging or destroying files, hijacking the computer or device, and using it for unauthorized purposes.

Malware can be a serious threat to individuals, businesses, and governments, as it can lead to financial losses, data breaches, and other harmful consequences. Therefore, it is important to take measures to protect against malware, such as keeping software up-to-date, using antivirus software, and being cautious when opening email attachments or clicking on links from unknown sources.

MFA stands for "multi-factor authentication." It is a security measure that requires users to provide multiple forms of identification in order to access a system or account.

Traditionally, the most common form of authentication is a username and password. However, this method can be vulnerable to various types of attacks, such as phishing or brute force attacks. By requiring additional factors of authentication, MFA adds an extra layer of security and makes it more difficult for unauthorized individuals to access an account or system.

There are several types of factors that can be used in MFA, including:

1. Something you know, such as a password or PIN
2. Something you have, such as a physical key or a code sent to your phone
3. Something you are, such as a biometric scan (e.g. fingerprint or facial recognition)

By combining multiple factors, MFA significantly increases the security of an account or system.

Phishing is online fraud that involves tricking people into providing sensitive information such as passwords or identity details by pretending to be a trustworthy source.  Phishing can be done through email, social media or malicious websites.

A phishing email could contain a malicious attachment or links to malicious websites.

What is email Phishing?

Most phishing attacks are sent via email. Attackers typically register fake domain names that mimic real organisations and send thousands of common requests to victims. Many phishing emails use a sense of urgency, or a threat, to cause a user to comply quickly without checking the source or authenticity of the email.

What is Spear Phishing?

Spear phishing targets a specific group of individuals. The attacker typically already has a lot of information about the victim.

What is Whaling?

Whaling attacks target senior management and other highly privileged roles.  Senior employees commonly have a lot of information in the public domain, and attackers can use this information to craft highly effective attacks.

What is Smishing and Vishing?

This is a phishing attack that uses a phone instead of written communication. Smishing involves sending fraudulent SMS messages, while vishing involves phone conversations.

What is Angler Phishing?

These attacks use fake social media accounts belonging to well known organisations. The attacker uses an account handle that mimics a legitimate organisation.

The dark web is part of the internet that isn't visible to search engines. The deep web and dark web are not the same. The deep web refers to anything on the internet that is not indexed by, and therefore, accessible via a search engine. Deep web content includes anything behind a paywall or requires sign-in credentials.  Medical records and membership websites are examples of what makes up the deep web.

The dark web is a subset of the deep web that is intentionally hidden. It requires a specific browser, Tor, to access it. 

A computer virus is a type of malicious software (malware) that is designed to replicate itself and spread from one computer to another. It can infect a computer and cause harm to the system by deleting files, stealing personal information, corrupting data, and even rendering the system inoperable.

Viruses can be spread through various methods, such as email attachments, infected software downloads, and malicious websites. Once a virus infects a computer, it can spread to other computers on the same network or via removable storage devices like USB drives.

To protect your computer from viruses, it is essential to use up-to-date antivirus software and keep your operating system and applications updated with the latest security patches. It is also important to be cautious when opening email attachments or downloading software from unfamiliar websites.

Antivirus software, also known as anti-malware software, is a type of software designed to detect, prevent, and remove malicious software from a computer or network. It works by scanning files and programs for known malware signatures, behavior patterns, and other indicators of malicious activity.

Antivirus software can protect your computer from various types of malware, including viruses, worms, Trojan horses, ransomware, spyware, and adware. It can also prevent phishing attacks and block malicious websites.

Most antivirus software works by running in the background of your computer, constantly monitoring for suspicious activity and scanning files as they are downloaded or opened. If the software detects malware, it will either quarantine or delete the infected files.

It is important to keep your antivirus software up-to-date to ensure it can detect and protect against the latest threats. Many antivirus software programs also offer additional features, such as firewalls, parental controls, and system optimization tools.

Tell someone!  Report to IT. Report to SLT.

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.

If you are a victim of a ransomware attack we would recommend reporting this to:
Your local police and ask for the cyber crime team.
Phone 101 and ask for the cyber crime team.
Action Fraud: https://www.actionfraud.police.uk/ as well as your data protection officer so they can advise about the data loss.  Most cyber crimes like these will also need to be reported to the ICO by your data protection officer. Our customers should email dpo@dataprotection.education.

They should put you in contact with your local ROCU (Regional Organised Crime Unit), find yours here:
https://www.ncsc.gov.uk/information/regional-organised-crime-units-rocus

Isolate the infected device and pass to IT 

Always ensure there are backups you can restore from.
Preserving evidence is as important and recovering from the crime.

Little Guide to ACTION FRAUD