Hello,

On the 5th of December, the NCSC has launched a Cyber Incident Exercising scheme and new CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

“This allows you to test your incident response against a host of generic cyber incident scenarios.

Assured Cyber Incident Exercising companies will work alongside, challenge and help organisations to robustly practise their responses in a safe environment.

The scheme assures companies to deliver two types of cyber exercises:

  • Table-Top– discussion-based sessions where participants talk about their roles and responsibilities, activities and key decision points (in line with their organisation’s incident response plan) for a pre-agreed scenario.
  • Live-Play– sessions where participants carry out their roles and responsibilities in close to real time, in response to a controlled feed of information, representing a pre-agreed scenario. Live play exercises are best suited to mature organisations looking for in-depth validation of plans.

The exercises are designed to simulate incidents which have a significant impact on a single client organisation. The scheme does not cover category 1 and category 2 incidents”

The full item can be found here: https://www.ncsc.gov.uk/news/ncsc-launches-cyber-incident-exercising-scheme

As always, should you have any questions or comment, please do not direct them to your local Police Force / Service, but rather send them to the NCSC themselves direct:

https://www.ncsc.gov.uk/section/about-this-website/contact-us

Thank you, regards, Mark

 

Hello
 
Today is the 1st of December and looking forward to the end of another year, I thought you may like to see a brief high level resume of the work we have done across the Thames Valley Police area in respect of Cyber Protect and Prepare since January of this year.
 
A year in Numbers 2023
 
Victim Care Year to date:
We have directly engaged with 560+ individuals / businesses offering Cyber Protect guidance for a variety of cyber dependent crimes, of which the overall majority was for Hacking personal: social media / email or business email compromise.
 
External facing engagement year to date:
We have delivered 38 presentations to 1800+ people over 60+ hours’ worth of engagement from community groups, a local radio interview, business expos, the Newbury Show as well as for the Public, Charity and Private sectors at both in person and online events.
 
Other external contact:
We have provided to yourselves across the Thame Valley area that cover the Community, Public, Private and Charity sectors, 100+ email communications, covering a variety of Cyber and Fraud related information, advisory and alerts, which we hope will have been of value to your respective organisation.
 
Examples of other activities:
Supporting TVP Cyber Pursue colleagues with their investigations in the provision of Cyber Protect and Prepare guidance to the victims they support.
Delivering multiple National Crime Agency notifications throughout 2023 to locally identified organisations who are vulnerable to cyber incidents.
Supporting policing colleagues across the South East Region with Cyber Protect and Prepare engagement.
Supporting colleagues in the TVP Central Fraud Unit with Fraud Protect activities, such as Romance Fraud, Money Mules and in tandem with our presentations.
 
Looking toward 2024, if you have any ideas as to how we can help your organisation or linked partners in respect of Cyber Protect and Prepare, be that training, awareness, exercising
(Details here: https://southeastcyber.police.uk/protect/ ) then do please reach out to us viacyber.protect@thamesvalley.police.uk
 

Hello,

The NCSC have launched a campaign to remind all who choose to shop online to be secure whilst doing so in the run up to the festive period.

Summary

  • Increased consumer vigilance urged as AI generated scams enhance the threat to this year’s festive shoppers, as it’s revealed over 7 in 10 British people worry that AI will make it easier for criminals to commit online fraud.
  • Shoppers lost over £10 million to cyber criminals during last year’s festive shopping period, with 25–34 year olds most likely to fall victim.

Cyber security chiefs are encouraging Black Friday bargain hunters to increase their vigilance this shopping season as online fraudsters are likely to use artificial intelligence (AI) to increase the perceived legitimacy of their scams.

The National Cyber Security Centre (NCSC) – which is a part of the UK’s intelligence agency GCHQ – is warning that cyber criminals are likely to use AI technology such as large language models to produce more convincing scam emails, fake adverts, and bogus websites.

Urgency: Are you told you only have a limited time to respond? Criminals often threaten negative consequences or costs.

Scarcity: Is the message offering something in short supply? Fear of missing out on a good deal can make you respond quickly.

Current events, such as Black Friday: Criminals will often exploit current news stories or specific times of year to make their scam seem more relevant.

Online shopping guidance: https://www.ncsc.gov.uk/guidance/shopping-online-securely

The full web item can be found here: https://www.ncsc.gov.uk/news/black-friday-bargain-hunters-warned-of-enhanced-online-scams-after-millions-lost-last-year

As always, please do not contact your local Police Force / Service on this, but ask questions / comment direct to the NCSC:https://www.ncsc.gov.uk/section/about-this-website/contact-us

However Police Forces will be supporting this via their respective external facing social media accounts.

TVP have this account: https://twitter.com/ThamesVP

TVP Cyber / Fraud Prepare and Protect have this dedicated account: https://twitter.com/TVPCyber_Fraud

Please share the above campaign , thank you, regards, Mark

M Godsland Cyber Security Advisor

Cyber Protect

CISMP | CC certified

Thames Valley Police & South East ROCU

CybercrimeHello

Should you have direct links or indeed work with or for Charitable organisations as listed below, IASME and the NCSC have made the following known and which may be of value especially if Cyber Essentials is something you have not yet considered or may been considering.

“Charities are sitting on a data treasure trove. Valuable information on beneficiaries, supporters and volunteers as well as invoice and payment details can be sold by cyber criminals and used to identify other targets.

In the present digital, post-COVID age, trust and cyber security are interwoven. By achieving Cyber Essentials, a charity can demonstrate commitment to cyber security and protection of customer data.

 

ASME is working closely with the NCSC to educate charities about the cyber threat they face and inform them about the benefits of Cyber Essentials. In partnership with selected Certification Bodies around the UK and Crown Dependencies, IASME will be offering support and guidance as well as a discount to the price of certification to help you achieve Cyber Essentials”

 

The full web item can be found here: https://iasme.co.uk/cyber-essentials/cyber-essentials-for-charities/

 

Do please share this information as you see fit and there is no requirement to acknowledge this suggestion.

 

As always, please do not contact your local Police Force / Service about this, but for more information or to request promotional material for the campaign please contact info@iasme.co.uk

Hello

The UK National Cyber Security Centre (NCSC ) has published guidance for organisations concerning Business communications - SMS and telephone best practice and how to ensure your organisation's SMS and telephone messages are effective and trustworthy.

“This guidance will help you protect your customers from fraud by ensuring that your SMS and telephone messages are consistent, trustworthy, and reach your target audience without being blocked or deleted as suspicious.

Implementing this guidance will also make it harder for criminals to exploit telecoms channels. By minimising the complexity of any given service, it will help authorities to be more focussed and efficient in detecting and preventing fraud across telecoms networks”

The full item can be found here: https://www.ncsc.gov.uk/guidance/business-communications-sms-and-telephone-best-practice

As always, please do not contact your local Police Force / Service on this, but ask questions / comment direct to the NCSC:https://www.ncsc.gov.uk/section/about-this-website/contact-us

 

Thank you

 

Best wishes Mark

" src="blob:https://westberksvillagers.com/59d44d62-28fb-4709-a5f5-6ae66c9f8fed" alt="tvp" border="0" class="Apple-web-attachment Singleton" style="width: 1.8416in; height: 0.4916in; opacity: 1;">

 

M Godsland Cyber Security Advisor

Cyber Protect

CISMP | CC certified

Hello,

Email and social media hacking is the most prevalent form of cyber-dependent crime reported to Action Fraud as in the financial year 2021/22 there were 18,000 reports made.

As part of Cyber Security Awareness Month, Action Fraud will be raising awareness on their social platforms about how people can secure their accounts properly. 

https://www.facebook.com/actionfraud

https://twitter.com/actionfrauduk

Some of these actions you may already be doing yourself, if so, good job! We would ask that you please share the advice with people who you think would find it beneficial. 

Guidance

There are two actions you can take to instantly help protect your email and social media account. These relate to password useand 2-Step Verification.

1. Use a strong and different password for your email using 3 random words 

Your email password should be strong and different from all your other passwords. Combining 3 random words that each mean something to you is a great way to create a password that is easy to remember but hard to crack.

Do not use words that can be guessed (like your pet's name). You can include numbers and symbols if needed. For example, “Hippo!PizzaRocket1”.

  1. Turn on 2-Step Verification (2SV) for your email

2-Step Verification (2SV) gives you twice the protection so even if cyber criminals have your password, they can't access your email.

2SV works by asking for more information to prove your identity. For example, getting a code sent to your phone when you sign in using a new device or change settings such as your password. You won't be asked for this every time you check your email.

For more information about the above steps, and for other ways to stay secure online and keep your devices safe, visithttps://www.ncsc.gov.uk/cyberaware/home 

If you think you have been a victim of cyber-crime, please report the incident to Action Fraud via phone (0300 123 2040) or website at https://www.actionfraud.police.uk

If you've received a suspicious text message, forward it on to 7726, if it’s an email, please forward it to the NCSC's Suspicious Email Reporting Service (SERS) at report@phishing.gov.uk

More information, including advice on how to protect yourself against phishing, can be found on the NCSC Website:https://www.ncsc.gov.uk/collection/phishing-scams

Regards, Mark.

M Godsland Cyber Security Advisor

Cyber Protect

CISMP | CC certified

Thames Valley Police & South East ROCU

If you have received an email which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS):
                         report@phishing.gov.uk

Forwarded suspicious texts to7726.
This free-of-charge short code enables your provider to investigate the origin of the text and take action, if found to be malicious.

Jargon Buster

Credentials – A user’s authentication information used to verify identity – typically one, or more, of password, token, certificate.

Whitelisting – Authorising approved applications for use within organisations in order to protect systems from potentially

Have you received a phishing email recently? You can now report it to report@phishing.gov.uk

For further information see: https://www.ncsc.gov.uk/report-suspicious-emails

Report a suspicious website – NCSC.GOV.UK

Create your own Cyber Action Plan to improve your cyber security here: https://www.ncsc.gov.uk/cyberaware/actionplan

 **Guide to the reporting of Fraud and Cyber Crime to Action Fraud**

https://www.actionfraud.police.uk/guide-to-reporting

https://www.which.co.uk/consumer-rights/advice/how-to-get-your-money-back-after-a-scam-amyJW6f0D2TJ

Hello

For your information, the UK’s National Cyber Security Centre (NCSC) has published a new article on their external facing web site concerning Mastering your supply chain and a new collection of resources from the NCSC can help take your supply chain knowledge to the next level.

The full guidance and information can be found here:

https://www.ncsc.gov.uk/blog-post/mastering-your-supply-chain

As always with such information exchanges from ourselves, please do not contact your local Police Service / Force for additional information or guidance, but direct these to the NCSC themselves, thank you.

https://www.ncsc.gov.uk/section/about-this-website/contact-us

You can sign up for a variety of NCSC publications and information here: https://www.ncsc.gov.uk/register/subscribe

Regards, Mark

Thames Valley Police & South East ROCU

Cybercrime

QR Code
Skip to content