The CEO’s Ruminations

I powered up my computer the other day and noticed an interesting article regarding the hackers du jour known as “Fancy Bear”.  Allegedly a sophisticated outfit owned and controlled by the GRU, a Russian military intelligence agency, Fancy Bear apparently attempted to create fake internet domains mimicking conservative Yank political institutions.  Microsoft, the media-proclaimed “Internet Cop”, claims to have thwarted these efforts (https://wsmh.com/news/nation-world/microsofts-anti-hacking-efforts-make-it-an-internet-cop).

Fakes?  Mimicking?  Microsoft as altruistic, Internet saviour?  Hmmm…

“Always judge a book by its cover.” – Derek Elmer

That’s right!  In the world of modern cyber-scams, you always need to accept my new twist on the old idiom “Don’t judge a book by its cover”.

Why should you judge a book by its cover?  The simple answer is to protect yourself against conduct similar to those naughty bears and, in a word phishing or the attempt to obtain sensitive information like username, password, bank details, the details of staff in a position to transfer funds.  For example, the Hong Kong Police recorded 653 cases of cybercrimes in 2005, which was the first year it began tracking such offences.  By 2016, the number of cases reached 5,939 in 2016 and resulted in HK$2.3 billion of losses to the victims!

Ouch…some fairly big winners and losers in this scenario.  Hard to blame the real police as they usually only get involved after the horses have bolted from the barn.  Heck, people (I use the term loosely) even publish information on “how to create a Facebook Phishing Page”.  I did not click on the link, which is www.hackingloops.com/how-to-create-a-facebook-phishing-page…perhaps you are braver (I use the term sarcastically) and want to give it a go.

However, in my never-ending search for a culprit and in view of Microsoft’s apparent, recent defeat of the naughty bears, I decided to have a look at these new Guardians of Cyber World – the likes of Yahoo!, Facebook, Google, Microsoft – as well as some governments’ efforts to protect us.

Are they doing enough or for that matter anything to educate their clients?  Does the average Internet user know anything about how to protect himself/herself?  Are there pro-active, “good samaritan” sites out there?

Let’s take a look at a small sampling of “free” websites offering education and reporting.  I avoided the plethora of consultants offering to protect you albeit I have to confess many offer some good solutions.

First, as in any new endeavour, I thought it useful to start with education.  Our Guardians of Cyber World are publishing quite a bit of information to get you up to speed on the “do’s” and “dont’s”.  Below is a sampling.

Yahoo!www.safety.yahoo.com/Security/PHISHING-SITE.html

Yahoo!: https://finance.yahoo.com/news/how-to-avoid-phishing-scams-79488548827.html

Facebook: https://www.facebook.com/help/166863010078512?helpref=faq_content

Facebook: https://www.facebook.com/notes/aqib-mehmood-official/12-steps-to-avoid-phishing-scams-/581509021960999/

Google:  https://support.google.com/mail/answer/8253?hl=en

Google:  https://support.google.com/websearch/answer/106318?hl=en

Microsoft:  https://docs.microsoft.com/en-us/office365/securitycompliance/anti-phishing-protection?redirectSourcePath=%252fen-us%252farticle%252fanti-phishing-protection-in-office-365-75af74b2-c7ea-4556-a912-8c48e07271d3

I truly believe, whether for your personal benefit or to assist your employer, that reviewing some of these websites would be useful.

Second, if the horses have already bolted from the barn or you are feeling some of the “good samaritan” vibe, you have many private avenues offered by the Guardians of Cyber World to make a report.  I do not wish to make light of the importance of such reporting.  You may not have solved a problem for yourself, but reporting a website designed for phishing may save someone else…and I believe good deeds often come around full-circle to everyone’s benefit…call it karma.

Yahoo!:  https://safety.yahoo.com/Security/REPORTING-ISSUES.html

Facebook:  https://www.facebook.com/help/217910864998172

Google:  www.support.google.com/faqs/answer/2952493?hl=en

Google:  www.safebrowsing.google.com/safebrowsing/report_phish/?hl=en

Microsoft:  www.support.microsoft.com/en-us/help/930167/how-to-report-a-phishing-web-site

Microsoft:  https://docs.microsoft.com/en-us/office365/securitycompliance/submit-spam-non-spam-and-phishing-scam-messages-to-microsoft-for-analysis

Last, but certainly not least, governments in every corner of the globe are offering educational opportunities and reporting sites.  Frankly, I was extremely happy to see my tax dollars being spent fairly wisely on an important subject!

Hong Kong:  https://www1.erc.police.gov.hk/cmiserc/EGIS-HK-Web_NEW_UI/ereport_details?report=CBR_CRIME&fontSize=100

Australia:  https://www.acorn.gov.au/learn-about-cybercrime/email-spam-and-phishing

UK:  https://www.actionfraud.police.uk/report_phishing

USA:  www.irs.gov/privacy-disclosure/report-phishing

USA:  www.consumer.ftc.gov/articles/0003-phishing

USA:  www.us-cert.gov/report-phishing

Remember the nursery rhyme “The bear went over the mountain / To see what he could see / The other side of the Mountain / Was all that he could see.”

Well, this time the naughty bear went over the mountain and Microsoft apparently stopped him from seeing anything.  I hope you take the time to learn about this dangerous bear and others so you too can smack their little snouts!

I-OnAsia has an extensive bespoke “Anti Phishing Educational Awareness Programme” for all levels of management and all areas of sensitivity. For a consultation please contact us without delay on – info@ionasia.com.hk