UK biggest antifraud opperation - Comment by Matt Aldridge, OpetText Security Solutions
November 2022 by Matt Aldridge, Principal Solutions Consultant, BrightCloud at OpenText Security Solutions
In response to the developing story about the UK’s biggest anti-fraud operation: Police to text 70,000 victims in UK’s biggest anti-fraud operation, Matt Aldridge, Principal Solutions Consultant, OpenText Security Solutions commented:
“Organised cybercrime is constantly adapting to shifts in the news agenda and it’s no surprise that criminals are looking to impersonate banks amid the cost-of-living crisis. What individuals need to be aware of in situations similar to these is understanding what might be a scam call and to react in the appropriate way. By staying alert and not providing personal details, whether financial or password related, it is the best way to stay protected. It’s important to stay vigilant for anything that is out of the ordinary compared to usual calls with your bank or any other provider that you communicate with via the phone.
As part of the scam, users were asked to authenticate via a “one-time code” or password for their account – a standard multi-factor authentication (MFA) process – which was then intercepted by the cybercriminals. These types of tactics are being used more and more frequently by attackers, and with MFA no longer appearing to be the foundation of security it once was, individuals need to scrutinise requests more than ever before. Whenever you are presented with the pressure of time or indicating that they may lose access to something of value, you
should always pause and check via an independent means whether the insinuation could be correct or if it is simply trying to trick you.
It is also essential that organisations ensure they have security awareness training in place for all employees, and that fraud simulations emulate emerging scams. Businesses must use up-to-the-minute scam templates that are more realistic and effective as a training tool than outdated versions being used across many organisations. Only by doing so will they be able to ensure employees don’t fall foul to attacks both at work, but also whilst using the internet in a domestic environment as the information provided could well be used at a later date to breach the company network.”