Online security and scam warnings - Neath Port Talbot Council

Since the coronavirus pandemic, there has been a huge uptake in the number of people working from home, criminals are taking advantage of this.

Here are some of the current issues to be aware of and advice on how to protect against attack.

Phishing and malware attacks

Due to the coronavirus pandemic, there has been a huge uptake in the number of people working from home, criminals are taking advantage of this. Over the last couple of months we have seen an increase in the number of malicious emails received by the authority, including phishing attacks and attachments containing ransomware. When ransomware infected attachments are opened they run in the background on the computer encrypting any files the user has access too, whether these are on the computer or on shared drives. Once these files are encrypted they become completely inaccessible. These kinds of attacks can be damaging and very difficult and costly to recover from. If you see anything pop on your screen intimating that you have been the subject of a “Ransom” attack you should contact the Service Desk as soon as possible.

Phishing malware attacks - Phishing attacks will attempt to trick you into revealing your user name and password or other confidential information. Once an account has been compromised, it is often used to distribute the phishing emails to contacts within that user’s account, this further adds to the appearance of authenticity as the email comes from someone you have had dealings with in the past.

We have received reports that HWB mail is being targeted, please take extra care when receiving mail from HWB users, especially if the email is unexpected, contains attachments, weblinks or requests you to enter your login details. You should NOT enter your login details if you are prompted by a suspicious link, instead contact the service desk for advice.

What can you do to protect against these attacks?

Be aware who the email is from

Emails from people who you don’t deal with or you have infrequent dealings with may be suspicious, especially if they contain attachments or links which request your login information.

Don't open the attachments

Treat any attachment that you didn't request, especially from an unusual source as highly suspect

Don’t click on weblinks

Treat any weblinks, especially from an unusual source or if they request your login information as highly suspect.

Check the address

Check email addresses for accuracy and look for signs of suspicious activity, for example if an email is not in the format you'd expect or a name appears to be spelt incorrectly. Email addresses made up of seemingly random combinations of letters and numbers may also be suspicious.

Check the content

Badly written emails with spelling mistakes and other small errors should arouse suspicion.

Check with the Service Desk

If in doubt, contact the Service Desk. They will let you know whether something is safe to open or click on. It's better to be safe than sorry.

Zoom meeting hacked

One of our neighbouring authorities has reported that a Zoom conference call, arranged by an external organisation, but attended by some of their staff was hacked. The report read that:

“Hackers were able to access the zoom meeting with the potential of stealing any data that was disclosed in the meeting. The organisers were unable to identify that the hackers were in attendance until they started talking - threatening and abusing the participants. Even though the hackers microphones were eventually muted by the external organisers, the threats and abuse continued on the written chat…the hackers could have recorded the session and there is a possibility of it ending up on social media but there is nothing we can do to stop this.”

Neath Port Talbot guidance has been published (see below) but staff should be aware that where possible MS Teams should be used instead of Zoom. If staff are attending meetings where Zoom is mandated and where sensitive information is likely to be shared, assurance should be sought that the hosting organisation has the relevant control measures in place.

Downloads

Zoom guidance (PDF 214 KB)

i.Id: 5592
i.ContentType.Alias: nptFile
mTitle: Zoom guidance
mSize: 214 KB
mType: pdf
i.Url: /media/ajpbblqf/zoom_guidance.pdf

Procurement fraud alert

A neighbouring authority has been the target of an attempted procurement fraud. The Fraudster has contacted at least 4 companies around the country posing as their Chief Executive using Council branded stationery to place orders for high value electrical items. The matter has been referred to the police who have opened an investigation.

The email address being using in the scam is team@councilnamegov-procurement.com. The initial correspondence received by the companies was an email requesting a quote for goods and upon receipt of the quote an order was placed using the Authority’s branded stationery and requesting 30 day payment terms.

The invoice address was shown as the Council’s main civic centre however the delivery address was an address in Sheffield for the attention of Jeff Carlson later amended to the Council’s name.

The attempted fraud only came to light as the suppliers were suspicious that the email address was not a .gov.uk address and also that a 30 day credit term had been requested and this prompted them to contact the Council to query the order.

All staff involved in the certification of invoices for payment should take particular care to ensure that they are bone fide, an official order was placed and the goods received before passing the invoice to the payments team for payment. If in doubt do not pay the invoice refer it to our fraud officer whose details are below.

If any officer is contacted by a supplier who has any suspicions about an order received they should contact Ian Evans, Fraud Officer, on 01639 686579/07974 631916 who will make further enquiries with the supplier.