Steer clear of new scams!
Mark Norris, IT Security Manager, details the trials and tribulations of working from home, including the absence of office magicians (!) and the very latest scams surrounding the coronavirus designed to play on the fear of remote workers…
As I have alluded to in my previous blogs, I am old. I turn 60 next year, which my wife reminds me with great delight. But in that time, I have lost count of the times when family and friends have called up or asked me a technical question just because I work in IT.
What is a POST 301 error? Why can’t a UTF-8 Header message be transferred? What is a TLS handshake and why is it failing? There’s a certain skill in trying to explain it in English and avoid techno-babble, you know.
In ancient times guilds protected their secrets. When you were accepted into a guild and completed an apprenticeship you would learn the secrets of that guild. I wonder how many people upon learning these trade secrets commented “Is that it?”
But that is exactly what is happening with IT now. Suddenly the UK population were removed from their safe office environment where the office sorcerer would turn up at your desk, press a few keys and your workstation is magically working. Sometimes, even just threatening your workstation with the pending arrival of your office magician would be enough to cajole a failing workstation into life. And then there is the old cliché of turning it off and on again. Let me explain why this works.
Imagine you have a five-litre bucket filled with water and five smaller, one-litre buckets that are empty. You spend the day filling the smaller buckets and then pouring the water back into the main five-litre bucket. Keep doing this all day. After eight hours will there really be five litres of water left? No. Some will have been spilt. This is the same with your computer. When you launch Word or Excel, it asks the computer for X per cent of the system resources. When you fire up Word, another X per cent is handed over. But when you close an application it does not give back all the resources it took. The message here is, if you do not physically restart your computer at least once a week, for example, your computer physically has less resources. Therefore, a reboot can fix most problems.
Ramp up cyber security
Now that we are in isolation, we suddenly find we must fix things ourselves. A few weeks ago, we had no idea what a VPN was, how to connect multiple devices to a single USB port or how to make external monitors extend our display. Necessity has suddenly made us IT savvy and we realise the only reason why IT people talk in acronyms is to make us sound cleverer than we are. It is a sort of code, a badge of honour as it were. But now people are saying “Is that all there is to it?”. Suddenly we are all experts on video conferencing, we can change our backgrounds, set up team calls and solve our own IT issues without our office magician making an appearance.
And with all this confidence comes the people looking to exploit the situation. These people, our ‘Chummies’, have no moral conscience. They are only interested in devising ways to trick people into parting with their money. I have seen emails saying that people are entitled to £256 from the government or that they have been fined as their phone’s IP address was detected more than two miles from their home. In each case, the format of this email is the same, offering something with a link to try to steal your password.
However, I am not that often impressed by Chummies’ imagination, but sending an email out that claims to offer a digital antivirus program that protects users against the Covid-19 coronavirus has been found online. It is tricking victims into downloading a remote access trojan, or Rat, that turns the target computer into a bot that is then used to host attacks or send emails on behalf of the spammer.
To be honest it is brilliant, as it plays on our fear of the coronavirus and people’s limited knowledge that computers get viruses as well. The site in question is just one of a number of scam websites that have been newly identified and more are popping up all the time, as cyber criminals try out any means to cash in on what is becoming, by some margin, one of the most dangerous and widespread cyber security threats in history.
Beware of bogus offerings
As more of us work from home, the need to secure your computer, especially if you are connecting to your company’s network, becomes more important. However, we should be extra careful of bogus security software, especially if it tries to use the coronavirus as a selling point.
It goes without saying that no cyber security antivirus product could possibly provide protection against an actual biological virus. However, those responsible for this have almost certainly already ensnared numerous victims and will be counting on stressed and emotional people being more likely to fall for the trick. The number of scams around coronavirus has resulted in the UK’s National Cyber Security Centre issuing a public alert. See the link below – I highly recommend reading it:
Last week I must have been the sole person working on a bank’s IT support desk. The bank my wife works for decided to close all branches and make people work at home. No problem really. All staff had tablets, so were told to take their tablets home and the company would ship monitors, keyboards and mice. It must have been a heroic exercise, but nonetheless these were shipped to all staff.
On the day my wife’s equipment was delivered, I was sitting in the downstairs office and heard the call that you can tell will always be followed by an IT question.
“How do you connect this mouse and keyboard? And “Where does this monitor cable go?” was what I was greeted to. It seems that in their urgency to get their staff working from home, the bank had overlooked a couple of issues. Quite key ones I would have thought and, though I do appreciate the urgency, I was surprised no one raised the question.
The tablets that the staff use either have a single USB or USB-C port. Nothing else. How do you plug in a keyboard, mouse and monitor (VGA) into a single port? The answer is you cannot. Luckily, I had a multi USB hub (as one does) that I plugged into my wife’s tablet. I also had a VGA to USB adapter (again not sure why) but this allowed her to connect all the devices to her tablet. Then all staff wanted to have a headset. My wife then spent the following week buying supplies from all over the place and arranging shipping to all staff members in the county. When the adapters arrived, the people had to connect it up themselves and it worked. Suddenly the need for our sorcerer is not so great. In fact, IT is suddenly easy and not a mystic science.