Another week, another scam

By Dr. Guy Bunker @guybunker

Phishing scam

Last week saw the advent of yet another malware attack, this time in the guise of a pantomime adaptation of Peter Pan.

Emails purporting to be from the company BH Live told recipients they have tickets for Peter Pan at Bournemouth Pavilion. Thousands of businesses and individuals across the country are thought to have received the message, described as one of the “most convincing” examples yet of a phishing email designed to install malicious software – malware – onto the recipient's computer.

What’s interesting here is that BH Live is a real company - an events and ticketing organisation, whose venues do include Bournemouth Pavilion - which is indeed hosting a production of Peter Pan this Christmas. And traditionally, phishing emails tend to come in the guise of banks or government organisations such as HM Revenue and Customs. But this time the hackers have taken a different approach, perhaps based on one or both of the following viewpoints:

  • Hackers are realising people are becoming more phishing-savvy, which requires a new type of outlet.
  • Hackers are taking a somewhat seasonal approach. "Christmas is coming, folks! Prime time for a hack!"

The malware appears to have originated from the National Academy of Sciences in Belarus - via a server in France - and carries attachments designed to infiltrate the computer without the user’s consent. This then captures personal and commercial information, including Cryptolocker – the nasty ransomware program that locks a person's machine until a fee is paid – and steals user passwords, so all in all very bad news.

Unsurprisingly, BH Live was deluged with phone calls from worried recipients. They confirmed that the emails did not come from BH Live or its network, urging those who had received them not to open any attachments or click on any links. This statement was posted on their website following the attack.

This was a very targeted phishing attack: Peter Pan at the Bournemouth Pavilion. Phishing attacks in general go after events, with sporting events topping the list – and then there are the ones going after salacious events such as the recent celebrity selfie leaks. The phishers are becoming more sophisticated with their attacks and the tools they use, enabling increasingly targeted attacks to be cost-effective for them.
As this type of incident is becoming increasingly common it highlights, once more, the importance of having a robust security policy in place, either as an individual or a business. If you are not protected, you put yourself at risk. The network is “always-on” and attacks can happen from anywhere and at any time.

Whether we are at work or at home, there are benefits for the attacker. Getting access to critical information from a home-user's device or from a corporate one can both lead to financial gain, while creating a large amount of pain for the individual. The new generation of cyber-attackers are also increasing the number of attack vectors targeting the individual or the organization, thereby increasing their chances - with a view that at least one of them will work. For the attacker, they just need to get lucky once in order to be successful. As for the organization or the individual, they need to be lucky all the time NOT to fall for one of the scams.

Both individuals and organizations hold critical information of value to potential cyber hackers and cannot afford to be complacent. From a business perspective, an open conversation with all employees about cyber security will help them understand the risks and consequences of potential security incidents. A plan for risk mitigation is then required. Who do you go to, if you suspect a phishing attack? What should you do?

Knowledge is power, and it enables organisations and individuals to protect their critical information in a world where cyber-attacks are a daily occurrence.

P.S. If you are ever a victim of ransomware, personally or organizationally... don’t pay the ransom. Paying it will just be the start of your problems – remember that the people who do this are criminals!