Phishing is a process in which a cyber-criminal can gain a whole load of current email addresses and send out an email to all of them, to see if any of the recipients reply.


That’s what we call the first Phishing hook; the term originates from fishing, although it is spelt differently.


This first hook, in turn, leads to Spear Phishing, which is a direct attack, targeted an individual in a way to make them respond as if they were replying to someone who works in that company. For example, a senior manager could be advised to update their password and click on a link which takes them to a duplicate page, edited by the cyber-criminals, to look like a corporate website.


If the senior manager clicks on that link, they are taken to the false page and may surrender valuable data to the criminal by accident, namely their USERNAME and PASSWORD.


These are two valuable pieces of personal information which are like gold dust to a cyber-criminal.


The average person has between 35 to 60 online accounts, when you tot up shops, banks, social media platforms, media channels and work ones.


But how many of those have different passwords?


And how many of these accounts will a cyber-criminal try out and get into?


Once they have your USERNAME and PASSWORD, they can try their luck on PayPal, Ebay or Facebook accounts for example.


A way to protect yourself from this onslaught is to double check the URLs and to use a strong but completely separate password for each one of your accounts.


All too often, by the time a business realises that they have criminals routing around in their system, it is already too late to stop them because the criminals are likely to have been on that system for quite some time, weeks or months, and to have accumulated a lot of data in that time.


Typically, unless a company has some sort of intrusion-detection system, a lot of the time, criminals will be just lurking within a system, picking up data and escalating their privileges, taking more and more advantage of their main access point.


When you work in an office, you know where things are kept and you can keep them under lock and key and under surveillance too. But it is harder to do that if information is in one system because a lot of cyber-criminals are just acting blindly, using code, trying to find information out about who works for you in directories, contact lists and financial lists.


For them, when they get details of people connected with a company, such as Easy Jet which last summer fell victim to a "highly sophisticated cyber-attack" that affected around nine million customers, they can also find a way into their customers’ bank accounts.


They can also pretend to actually be you, contacting your work colleagues, friends or family, claiming to be in a hospital bed and needing money for something urgent.


If you get a message saying you have forgotten your password, it could be because somebody else has already changed it via your email address by saying it is a forgotten password and getting a message from your email provider sent direct to them.


The fear and panic you will be feeling as taking the tim e to get your own password back is indescribable, especially if you think not just your email but the emails of your whole company could have been put in jeopardy.


But a way of keeping your accounts secure is to look at two-factor authentication. This means that if something happens to your email and there is something suspicious going on in your account, you must have a message sent to your phone or an authenticator via your phone, for you to say, “Yes this is me,” or “No this isn’t me,” before any actions are taken on your behalf.




Detective Constable Gareth Jordan has been a police officer for 13 years and prior to that, was employed in the IT and Pre-Press and Print sector.

Gareth is now based at Police HQ in Carmarthen and has been involved in investigating all forms of crime that have a cyber-element to them.

He has a wealth of knowledge regarding Cyber Security and continues to expand this by being involved in the day-to-day investigation of cyber-based crimes.

Gareth knows about the latest cyber scams and can explain how they are carried out – and more importantly – how you can avoid falling foul of them.


#TARiANEXPERTiSE #cybersecurity #cyberwatch


The charitable arm of a worldwide security company has provided laptops to local schools to help them through the challenges of the Covid-19 pandemic.

Exsel Electronics has a base in Welshpool and responded to a request from Sian Knowles, Powys County Council Business Cluster Manager in Welshpool, urgently seeking laptops for local schools.

Together with companies within its Group - Explora Foundation, Exsel-Group, Explora Security, Dynasystems, Guartel Technologies, Tarian, - Exsel Electronics funds the charity the Explora Scholarship Fund.

With the huge assistance of Iternity, their IT security appointee the company has been donating refurbished laptops to school children in need throughout the United Kingdom.

The Explora Scholarship Fund provides further education to returning service men with disabilities, or a member of their family.

Its projects in Wales currently undergoing research and development include a World Class Cyber Academy.

The group says it is grateful for the support it receives from the Welsh Government in relation to several projects.

Its client list includes the Ministry of Defence, U.S. Government, NATO and the United Nations.

Image: Sian Knowles is pictured at the firm’s Welshpool offices with executives Keith Hughes (centre) and Philippe Le Carpentier for the first hand over of laptops.

1 view

Ransomware is a malicious type of software that encrypts data until a ransom is made, usually in a cryptocurrency, such as a Bitcoin.

Even pop icon Madonna has been targeted and so has Sir Elton John.


But it is not just celebrities who can fall victim to this kind of cyber-crime.


The trouble with the internet, is that it has no barriers or boundaries. Travelling criminals from cities, such as Manchester, Birmingham, London and Liverpool, have traditionally targeted businesses over the border, moving from urban England into rural Wales. Now cyber-criminals are moving in too, but without the need to even get into a car.


Criminals can break into your business via the internet from anywhere in the world, in a disturbingly hidden way.


Criminals from as far away as India, Nigeria and the Ukraine, are targeting the UK right now, as well as countries all over the world.


Just because people live in rural Wales, doesn’t mean that they have any special protection.


Absolutely no-one is exempt from a cyber-attack, if they have a computer, tablet, mobile, or a smart device.


A lot of this ransomware is what’s called ‘spray-and-pray’. For example, a criminal sends out a load of emails and finds out who responds to them. Once they find their way in, a criminal will find areas of the system you are using in your company and then, from that, they will try to elevate their permissions, so they can then start to manipulate the software within that whole system.


It doesn’t matter if you are a one-man band, or a multi-million pound company, a ransomware attack can bring your whole system down for a week or more, meaning that no-one can get onto that system, freezing all your finances and business communications.


Immediately after an attack, no-one tends to know who has taken what, or what damage has been done. All of the information in the system has been re-encrypted to stop anyone getting into it, using different passwords.


Your files may still be in your system but they will be of no use whatsoever to you because you can’t get into it and everything about your company is locked down. This can include: your communications systems, payment systems, your CCTV, your income and your outgoing streams, invoices and sales.


There is also the question of how much damage has been done to your company’s reputation in the eyes of its customers?


Business is all about trust and that will have been eroded because now the criminal has your details too.


But if you think strategically, and look at all of these individual sections of your company, you can start to mitigate the impact of ransomware and to help prevent an attack happening in the first place.


You can’t say it’s never going to happen but if it does happen, you are in the best position possible to try to get your network up and running again and to help protect it more effectively.


Looking at recent high-profile Ransomware attacks, criminals have often managed to penetrate their victims’ networks some weeks or months prior to the deployment of the ransomware. This means that criminals could ‘cherry pick’ certain data files that they can re-sell on the dark web. All of this means you need to take your cyber security seriously and make sure you are monitoring your network and can detect if there are anomalies. You also need to have a backup regime that will work in case the worst does happen.


When was the last time you tested your backup?

Detective Constable Gareth Jordan has been a police officer for 13 years and prior to that, was employed in the IT and Pre-Press and Print sector.

Gareth is now based at Police HQ in Carmarthen and has been involved in investigating all forms of crime that have a cyber-element to them.

He has a wealth of knowledge regarding Cyber Security and continues to expand this by being involved in the day-to-day investigation of cyber-based crimes.

Gareth knows about the latest cyber scams and can explain how they are carried out – and more importantly – how you can avoid falling foul of them.


#TARiANEXPERTiSE #cybersecurity #cyberwatch #ransomware


3 views
© 2021 Tarian Technology Limited
Company Number: 11248922
Registered Office Address: 4 Ravenscroft Court, Buttington Cross, Welshpool, Powys, SY21 8SL, Wales