Email Scam – ‘Authorised push payment’

16/06/2018 in E-Mail, Security

It seems like we’re publishing information on new scam’s almost every week, however when it comes to complex internet-based scams, forewarned is indeed forearmed, and if we help prevent even one person or company from losing money then it’s all worth the extra effort.

Today were focusing on a relatively new scam where fraudsters send (usually by email) fake messages with the intention of getting your email login username and password.

How does it work?

You receive an email from what appears to be your email provider. It states something along the lines of ‘Warning…your mailbox is nearly full or your mailbox will be closed unless you verify your account’. You click the link which takes you to a dummy login page made to look like an official login page, you enter your username and password and get a message saying everything is now ok. You move on with your life.

Your username and password has now been passed to the fraudsters.

Next, they will monitor your email activity over a period. They learn everything they can about you and the people you message. From our experience there are 3 main angles of attack, each designed to extort money from the victim. These are…

  • 1. Impersonate a genuine company your dealing with, for example a builder your working with, building an extension on your house. After reviewing you emails, they send you emails which appear to be from the builder asking you to pay a deposit or final payment etc with ‘new’ bank details. The fraudsters also setup a rule on your email system that automatically archives or deletes genuine emails from the builder, you are unwittingly paying and chatting to the fraudsters.
  • 2. Impersonate you to companies or individuals who owe you money. For example, you are a business who is owed money from clients, the fraudster will contact your clients (as you) advising them your bank account has changed and to pay all invoices to this new account. Any reply questioning this would be archived (and missed by you), The fraudster impersonating you would reply assuring them everything is OK. Your clients are now paying the direct to the fraudsters.
  • 3. Access your contact list, they pretend they are you and send each contact an email with a ‘business proposition’ or other reason for them to click a link to open a document. The document of course…requires them to enter their login details…Now they are compromised.

This type of scam, known as authorised push payment fraud, is on the rise. Victims, on occasions, have lost hundreds of thousands of pounds. Last year, a total of £236m was lost, according to banking trade body UK Finance. There were 43,875 reported cases of these scams. Nearly nine in 10 (88%) of these were consumers, who lost an average of £2,784. The rest were businesses who lost on average of £24,355 per case.

I can get my money, back – right?

Unlike other frauds, three-quarters of victims do not receive compensation from the banks as, in effect, they have given their consent to the payments being made.

How do you protect yourself

The simple answer is active 2-step authentication. With 2-step, anytime your account is accessed online, a code is sent to your mobile to confirm its you. Even with your password a fraudster cannot access your account. Also, if you keep getting codes sent to your phone without logging in, this may indicate your password has been compromised.
Every email account should have this option enabled, if your provider does not have this option available, you should consider that anyone may be reading your email and contact us for free security advice.

All email services from Universal Computing have the option of 2-step authentication regardless of which licence you have. If you have email services with Universal Computing and have not enabled 2-step, get in touch us to review your security and don’t add yourself to the statics above.

The hidden costs of starting a new website

03/04/2018 in Websites

Got a local business? We are here to help with all aspects of IT. Today we are focusing on websites.

Most of us are aware of the importance of a good website to sell our products or services to potential customers. A good website will showcase what you do and acts as the online shop front to buyers. A place where they can learn more about your business and where you can get the chance to deliver your marketing message, enhance your brand and ultimately gain new customers.

So, with that said, why do so many businesses neglect their website? In short, a lot of businesses create their website once and then they leave it there, doing nothing to it and, over the years, the website grows cyber-cobwebs! It starts to look its age and it doesn’t represent the business appropriately anymore. Starting to sound familiar?

One of the main reasons for this neglect are the costs associated with upgrading and refreshing content normally levied by the original website developer. In most cases you can’t even shop around as the developer holds the keys to the site.
Our business model for websites is very different, many website development companies rely on ongoing maintenance charges, some even billing monthly to hide the enormity of the costs in keeping your website alive and up to date. These days what a website developer charges upfront is almost irrelevant as it can be insignificant compared to the maintenance changes you’ll pay over the average 5 year life span of your site.

What if you could maintain your own site saving all these maintenance costs? Imagine having your site fully setup with professional images and your content imported onto a template you choose, then being trained to manage it yourself? Instant updates linked to social media, fresh new content added immediately, new products added whenever you wanted? Too good to be true? Not so…
Ask us about our website offerings, you can have the best of both worlds – Website development companies just don’t want to tell you about it and now you know why!

If you would like to discuss this further, please don’t hesitate to get in touch on 01383 840808 or email