Couple lose £120k in email scam
Discussion
Just reading this and I find myself not knowing exactly where I stand.
https://www.theguardian.com/money/2017/oct/21/coup...
I don't think I'd send £120k to anyone based off what an email said.
The solicitors don't seem to be taking even basic technical steps to protect themselves and their clients from email spoofing.
The bank presumable did what it was asked to i.e. sent money to the account number it was asked to.
Seems to be very little mention of the Police when it seems to be a clear case of fraud?
https://www.theguardian.com/money/2017/oct/21/coup...
I don't think I'd send £120k to anyone based off what an email said.
The solicitors don't seem to be taking even basic technical steps to protect themselves and their clients from email spoofing.
The bank presumable did what it was asked to i.e. sent money to the account number it was asked to.
Seems to be very little mention of the Police when it seems to be a clear case of fraud?
turbobloke said:
Not being an IT folk even I know that Factor 30 is recommended.
In simple terms it's a public record saying which email servers are allowed to send email from anything@whatever.domain.Without it if your email is joe@whatever.domain anyone on the internet can send an email saying they're you.
With it it reduces the risk but email is still hideously insecure because it was never specified with criminals in mind so pretty much everything done to try and make it more trustworthy is an add-on and is optional.
Personally the best thing that could happen for the good of the entire Internet is that Google state that as of next Monday if you don't have SPF, DKIM and DMARC (some of these records) in place you can't send or receive email to or from them.
plasticpig said:
As a small IT company we install Sophos UTM appliances on client sites. Quite happy with it's performance So were not all clueless when it comes to security.
Out of curiosity (cautious this doesn't turn into an IT thread ) how do you find your clients react to the "shock" that security costs money?I don't consult but I read enough sites to know that lots of IT companies struggle with clients who think they can spend £100 on a firewall and don't want to pay any sort of subscription for the services needed to do a decent job.
Dromedary66 said:
To others thinking "st this could happen to me" there is a quick step you can do that will foil this type of "hack".
Enable Two factor authentication on your e-mail. If your e-mail provider doesn't support 2fa then they are not worth using.
This will prompt you for a one-time-password or a popup approval box on your phone when logging into your email. You can also usually trust specific devices (e.g phone, home computer) so as not to be prompted for this info, But if George Agdgdgwengo in Nigeria has your e-mail address and password he is not going to be able to log in, and if he tries you will get the SMS notification on your phone and know that someone other than you is trying to access your e-mail.
https://www.turnon2fa.com/
If it all sounds like gobbledygook to you, take some time to understand it and how it can protect you. I bet the guy who lost £120k wished he'd spent some time getting 2FA to work.
^^Enable Two factor authentication on your e-mail. If your e-mail provider doesn't support 2fa then they are not worth using.
This will prompt you for a one-time-password or a popup approval box on your phone when logging into your email. You can also usually trust specific devices (e.g phone, home computer) so as not to be prompted for this info, But if George Agdgdgwengo in Nigeria has your e-mail address and password he is not going to be able to log in, and if he tries you will get the SMS notification on your phone and know that someone other than you is trying to access your e-mail.
https://www.turnon2fa.com/
If it all sounds like gobbledygook to you, take some time to understand it and how it can protect you. I bet the guy who lost £120k wished he'd spent some time getting 2FA to work.
This basically.
We do sessions on this at work and I just tell people go get a Gmail account and turn on 2FA.
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff