RANSOMEWARE - THE CAPTURE OF ELECTRONIC DEVICE DATA

From Cyprus Police:

Ransomware is a malware that is secretly installed on the victim's device (computer, mobile phone, electronic tablet) and places its data in a state of confinement. 

In this way, criminals block the victim from accessing some or all of his computer's data. They even ask the victim to pay them a sum of money as a ransom to release the computer and the victim to recover his data. 

How does it spread? Ransomware software spreads in various ways on our devices. That is why we should always be very careful. 

Visits to unsafe websites, downloading and installing software and applications from unsafe sources and opening malicious links or attachments that we receive via email are some of these ways. Also, our device may become infected after connecting to infected storage devices such as hard disks and USB.  


How to protect yourself Protecting our devices from such attacks is our responsibility. In fact, for our best protection, we must always act as a precaution.

It is essential for the security of our data, to create and maintain regular copies of our Backup data on the cloud or on an external disk. These copies should not be stored on the internal drive, but only on an external device that you will not have permanently connected to your computer.

For the security of your mobile devices, you only download apps from certified app stores. It is also good to download and install on your device security applications that can protect it from all threats.

Ensure that your operating software and device security software are always up to date. Know that criminals are looking for and exploiting any safety gaps in the devices.

Do not open addresses or attachments sent to you from suspicious emails you may have received. Be also very careful when surfing the internet. Avoid visiting unsafe web pages and clicking, pop-ups or instant messages. Emails and sites that seem suspicious or too nice to be true are good to be treated with great care and caution.

Equally important is to be careful and not to give up any of our rights to administer our device.

Are you infected? What to Do if your device is infected with ransomware malware and some data or your device is locked, do not panic. The sooner you can unplug your device from the internet to prevent the infection from expanding.    

Do not pay the ransom that the criminals may ask you to. If you do, you will fund them to continue their illegal work. At the same time, however, there is no one who can guarantee that if the ransom is paid, the criminals will "free up" your device. In many cases, despite the ransom payment, criminals returned with new claims for more money.

Contact the Police and report the incident. Keep in mind that the more information you give to police officers, the more effectively they can deal with the action of criminals.

Read More

SCAM THROUGH WEB BASED APPOINTMENTS

From Cyprus Police

Fraudsters target nominee victims via dating sites, but they can also use social media or emails to get in touch with their potential victims. 

What are the indications? 

-  Someone you recently met over the internet says he has strong feelings for you, asking you to communicate privately. 
-  Their messages are often poorly worded and unclear. 
-  Their online profile is not consistent with what they are telling you. 
-  They may ask you to send your personal photos or videos. 
- Primarily gain your trust. They then ask you for money, gifts or bank account or credit card details. 
-  If you do not send the money, they may try to blackmail you. If you send them, they will ask for more. 

What can you do; 

-  Be very careful with the personal information you share in social media and web-based web sites. 
-  Always take into account the dangers. Fraudsters are present on the most trusted websites. 
-  Do not rush to answer and ask questions. 
- Look for the photo and profile of the person who has approached you to see if this material has been used elsewhere. 
-  Be especially careful about typographical mistakes, grammar and syntax errors, inconsistencies in their stories, and excuses such as the fact that their camera is out of order. 
-  Do not share any material that could be used to blackmail you. 
-  If you agree to meet yourself privately, tell your family and friends about your destination. 
-  Pay close attention to money transfer requests. Do not ever send money, do not give it
your credit card, your bank account, your e-banking codes, or copies of your personal documents. 
-  Avoid sending financial advances. 
-  Do not transfer money to someone else: money laundering is a criminal offense. 


Are you a victim? 
-  Do not feel embarrassed! 
-  Stop any form of communication. 
-  If possible, keep all your communication history, such as chat messages. 
-  Submit a complaint to the police.
Report the event on the website where the fraudster approached you for the first time If you provided your bank account information, contact the bank you are working with.

Read More

FRAUDULENT BANK WEBSITES

From Cyprus Police

Malicious emails include electronic links that will redirect you to a bogus website, supposedly the bank you are working with, where you will be asked to reveal your financial and personal information.

What are the indications? 

False bank websites are quite similar to the legitimate websites of your bank. False webpages often have a popup window asking you to import your personalized security credentials. Banks do not use such pop-ups. 

These websites often show:

-  Urgent: You will never see such messages on legitimate websites. 
-  Defective design: Be careful on websites that have design defects or spelling errors and grammar or syntax errors. 
-  Pop-up windows: They are commonly used to collect sensitive personal information. Do not choose and avoid submitting personal data to them. 


What can you do; 

-  Never click on links that are included in emails, which allegedly redirect you to your bank's website. 
-  Use a browser that allows you to choose pop-up blocker. 
-  Always type in your bank's online link or use an existing online link from your favorite bookmarks list. 
-  If something important really needs your attention, you will be informed about it by your bank when you sign in to your bank account (eg through e-banking).

Read More

PHISHING, SMISHING & VISHING

From Cyprus Police:

Phishing, smishing and vishing

Phishing (by email), smishing (via sms to phone) and vishing (by telephone) are the main methods used for 
scams targeting bank customers. The main feature of each of these is the way in which the fraudster in any case 
approaches his potential victim. 


Fraudulent Phishing 

The term "phishing" refers to fraudulent emails designed to deceive their recipients and to disclose to their 
fraudsters their personal and financial information or security codes.

How does it work; 
The fraudster approached his potential victim by sending him a misleading email message. 

These emails: 
-  They may be very similar to the messages sent to their customers by the banks. 

-  Copy the logo, the features and the style of the actual emails. 

-  Ask you to download an attachment to your device or click on a link. 

-  They use terminology that gives the sense of urgency. 


What can you do; 
- Keep the software up-to-date, including the browser, antivirus, and operating system. 

-  Be especially careful if a "bank" email asks for sensitive information (for example, your bank account 
password via internet banking). 
- - Carefully check the email: compare the address with the previous real messages from your co-operation bank. 
 - Check for spelling errors and grammar or syntax errors. 
- Do not respond to a suspicious email, instead forward it to the bank you are working with, typing your email 
address yourself. 

-  Do not directly click on the link and download the attached file, instead type the electronic link address 
in your browser browser. 

-  In case of any doubt, check the website or call your bank. 

Cybercriminals are based on the fact that people are busy and hastily. This, combined with the fact that 
fraudulent emails seem to be legitimate, maximizes the risk of falling victim.

Take special care when using a portable device. It may be harder to detect a phishing attempt on your mobile 
phone or tablet. 



Vishing
The term "Vishing" (combination of the words "Voice" and "Phishing") is a telephone fraud that aims to deceive
the victim to reveal his or her personal and financial information or security codes and / or to transfer money to 
fraudsters. 


What can you do; 
-  Be careful with sudden and unexpected telephone calls. 

-  Keep the phone number from which they have called you and let them know that you will return them to the 
phone call.

To verify their identity, look for the business phone number and contact them directly. 

-  Do not verify the person who is calling you with the phone number he gave you (may be a fake or fake number). 

-  Scammers can find your basic contact information over the internet (eg from social media). Do not assume 
that the person calling you declare his true status because he has such information. 

-  Do not give the PIN code of your credit or debit card or your bank account password via e-banking. The bank 
you are working with will never ask for such information. 

- Do not transfer money to another bank account upon request. Your bank will never ask you to take such action. 

-  If you think this is a phony phone call, report it to your bank. 



Smishing

The term "smishing" (a combination of the words "SMS" and "Phishing") refers to the attempt of fraudsters to 
obtain personal and financial information or security passwords through SMS messages. 

How does it work; The text message will usually ask you to click on a link or call a phone number to verify, 
update, or re-activate your account. But ... the electronic link leads to a fake website and the phone number
 leads to the impostor who claims to represent the legitimate business. 


What can you do; 
-  Do not click on links, 
-  Do not hurry. Take your time and carry out the necessary checks before answering. 
-  Never reply to a text message (sms) requesting your PIN or password to your bank account or any other
 personalized security credentials (for example, e-banking user name). 
-  If you think you may have responded to a deceptive text message (sms) and provided your bank 
account information, contact your bank immediately.

Read More

FRAUD THROUGH INVOICES & OTHER DOCUMENTS

From Cyprus Police:

Fraud through invoices and other documents

Fraudulent fraud is also the so-called invoice fraud. In this case, the fraudster approaches an enterprise and 
pretends to be a supplier or service provider, asks to change the information on future invoice payments. In other 
words, it wants to change the details of the payee's bank account and any new payments to be made according 
to the new data. Of course, the new proposed account, given to the business / victim, belongs to the crook. 

The approach of the business can be done by telephone or letter or e-mail, or even in other ways. 


What can you do; 
As an enterprise:
-  Ensure that employees are aware of and aware of the specific form of fraud and how to avoid it. 

-  Apply a procedure to verify the legitimacy of your payment requests. 

-  Check the information posted on your business website, specifically your contracts and vendors. Ensure that 
staff limit disclosure of business information to social media. 

- Order the staff responsible for paying invoices to always carry out checks to detect any irregularities.

As an employee: -  Verify that all payment requests come from the 
actual suppliers of the business, especially if they ask you 
to modify their bank account details for 
-  future invoice payments or other invoices. 
-  Do not use the contact details included 
-  the letter / fax / e-mail in which the change data is requested. 
-  Instead, use the contact information from 
-  your previous correspondence with the supplier. 
-  Identify unique points of contact with businesses where you make payments at regular intervals.
-  Limit the information you disclose about your employer to social media. 
-  For payments that exceed a certain amount limit, specify a procedure for confirming the correct bank account
and the recipient (eg, contacting the business). 
-  When you pay an invoice, send an email notification to the payee. Write your bank's name and the last four 
digits of your bank account to secure the transaction. 

Always report any suspected fraud attempt to the Police, even if you have not sent money to this new account.

Read More

From Cyprus Police

CEO fraud or fraud with corporate email

CEO scam or corporate email fraud is called a fraud where the scamper who is a high-ranking executive of a business
deceives an employee of another company who is authorized to make payments to pay a fake invoice or to make an
unauthorized credit transfer from the company's business account.

How does it work; 

The fraudster invites or sends emails to a senior executive of the company (eg, General Manager or Chief Financial 
Officer).

Usually, through this communication, the fraudster uses the following techniques: 

-  He shows sufficient knowledge of the internal structure and organization of the business. 
-  Asks for an emergency payment. 
-  It usually uses terms and expressions such as "confidentiality", "business trusted", "I am not currently available". 
-  Refers to a "sensitive" business situation (eg tax audit, merger, acquisition). 
-  The request often involves cross-border payments to banks located outside Europe. 
-  The employee transfers the money to an account held by the fraudster. 
- Instructions for the process may be given later through a third person or e-mail. 
-  They ask the victim / employee of the business not to follow the usual authorization procedures for payment.

What are the indications? 
Although we should always be careful about our transactions, there are some indications that we need to take into 
account in order to suspect us that this communication is suspicious and likely to be a scam.

These are:  
-  Unannounced / unannounced telephone call or e-mail 
-  Direct communication with a senior officer of the business you usually do not communicate with 
-  Request for absolute confidentiality 
-  Exercise of pressure on the urgency of the request 
-  Unusual request contrary to internal procedures Approval 
-  Threats or unusual flattery / reward promises

What can you do;  
To guard against such forms of fraud you should:

As a business: -  Know the risks and make sure that your employees are also fully informed. 

-  Encourage your staff to approach requests for paying with care. 

-  Apply internal procedures for making payments. 

-  Apply a procedure to verify the legitimacy of payment requests received via e-mail. 

-  Establish reporting procedures for managing fraud cases. 
-  Check the information posted on your business website, restrict information and pay close attention to social 
media tools. 

- Upgrade and update your security technical software. 

-  Always contact the Police in cases of attempted fraud, even if you are not the victim of fraud.

As a worker: 
-  Apply strictly the existing security procedures in connection with payments and commissions. Do not skip a step 
and do not succumb to pressure. 

-  Always check e-mail addresses when handling sensitive information or when transferring money. 

-  In case of doubt about a payment order, consult a competent colleague. 

-  Never open suspicious links or suspicious attachments that you receive via emails. Be extremely careful when 
checking your personal e-mail on the computers of the business you are working in.

-  Limit information and pay attention to social media. 

-  Avoid disclosing information about the hierarchy, security, and processes of the business you are working with. 

-  If you receive a suspicious e-mail or a suspicious phone call, always notify the company's IT Support Address.

Read More

DHARMA MALWARE - AUDIENCE PROTECTION MEASURES

From Cyprus Police

Recently, the Office for Combating Organized Crime has received new complaints about a new type of virus called Dharma. It's a new version of Ransomeware / Cryptoware that infects computer and server (server) of companies, offices, or other users. 

This Virus is sent through an email with a misleading title (email), or through insecure or "infected" websites. In malicious files, they are usually .docx and .pdf files, which have malicious macros built in when they open and install the malicious software on the computer. After installing it on the operating system, ransomware encrypts - locks digital files stored on the infected user's computer.

In order to unlock the infected files of a computer, they are asked to pay a sum, using the Bitcoin digital currency as a ransom, otherwise they are inaccessible to their user. 

Note that at this stage there is no proven way or software to restore the files encrypted by the Virus. 
This particular Virus is known to the Police Authorities, and the Anti-Corruption Bureau has already sent electronic data to Europol for further processing and analysis of the virus. 

Internet users and network administrators are urged to take extreme care and take digital security and security measures to prevent malicious software from being infected and not to pay for the money they are required to discourage such illegal practices and to prevent further spread of the phenomenon.

The actions to be taken by Internet users and network administrators are as follows:

- Back up files at regular intervals, to external storage and to be kept out of the network so that they can be restored.

- In cases where they receive emails from unknown senders or unknown sources, do not open the links and download attachments contained in these messages for which they are not surely aware of the sender and the contents of the attached file. Particular attention should be paid to emails where the sender appears to be a service or company unknown to them.

- Type URLs in the browser they use rather than using links.

- Use genuine software, and there must always be an up-to-date malware protection program on the computer.

- Check and keep up-to-date the version of their operating system.

- Disable running macros and JavaScript in applications that open .docx and .pdf files.

- Ensure the protection of their mobile devices (tablets & smartphones). 

For more information or complaint, citizens can contact the Electronic Crime Prevention Office at 22808200 or via cybercrime.police.gov.cy 

Read More

WANTED BY THE POLICE

The police are looking for the guy shown in the photos below to facilitate investigations into an alleged case of breaking a store and robbing a large amount of clothing, especially fur.

The burglary and the theft of this property were committed around 3.40 at dawn today, October 25, 2018, in Limassol.

Anyone who knows anything that can help locate the person sought, please contact TAE Limassol at 25805057, or with the nearest Police Station or the Citizens' Contact Line 1460.

Read More

ANYONE LOST A CAT? White with black patches

Found in Kamares - adult neutered male white cat which has been living in the garden for around the last 10 days.

He is large, very friendly,  has an all white body with black patches over both ears and a black tail with a white ring round it. Possibly 3 or 4 years old, obviously used to humans.

If anyone recognises him please phone 26 652994  

Read More