18
May

What Was The NHS Cyber Attack? (Teach Your Elderly Relatives to be Safe Online)

Hannah MacKechnie Read 191 times

Teaching Elderly to be Safe Online

You may remember the first time you heard ‘cyber crime’ mentioned as a distant theme in movies, such as when schoolboy Matthew Broderick unwittingly hacked his way into a nuclear standoff in Wargames back in 1983 or when Sandra Bullock was a remote IT worker and had her identity and life stolen in 1995 in the cyber classic The Net.

Cyber crime is no longer just a dark force in movies but a real and public threat to everyone – officially recognised after inclusion for the first time in the Crime Survey for England and Wales annual report. The report launched at the beginning of this year reflects the changing nature of crime and highlights that fraud and computer misuse are now the most commonly reported offences.


"When the crime survey started [35 years ago], fraud was not considered a significant threat and the internet had yet to be invented.

"Today's figures demonstrate how crime has changed, with fraud now the most commonly experienced offence." John Flatley, The Office for National Statistics.


 

Cyber crime might feel like something dark and sinister, far removed from real life but if you sat and waited in hospital on Friday (12th May) with your elderly mother whilst chaos descended and computer systems went into meltdown, then your life was touched by the biggest cyber attack the NHS has fallen victim to with 100 other countries worldwide affected too.

What was the NHS cyber attack on Friday 12th May?

At the centre of the cyber attack storm was a malicious software called WannaCry. Known as ‘ransomware’, the malware demands payment to unlock data that it has encrypted thus blocking access to files on the computer.

WannaCry found its way into the NHS system most likely due to the often obsolete and out of date systems that Trusts are using. It gained control before threatening to delete all NHS information if payment terms were not met. Potentially, this could have included all patients’ medical records. You can only imagine the devastation that such a loss of public records would have caused.

In what could be straight out of a movie script akin to Wargames, a 22-year-old blogger managed to avert disaster by quickly finding and activating a ‘kill switch’ in the malicious software to disable control of the ransomware and instantly became a national hero for saving the day.

How to protect yourself from the NHS ransomware attack

Be aware that the accidental hero blogger has warned that computer users are still at risk if they don’t update their Windows software:

Microsoft released a software update in March to ‘patch’ a vulnerability in the Windows system. WannaCry exploited this vulnerability which means that anyone who has not updated their software since March is still at risk if any more attacks occur. Full details on protecting your computer against WannaCry can be read here.

Don’t allow online fraud to stop internet use

Setting international cyber-disaster at the NHS aside, online fraud at a grass roots level is a real threat to anyone with a computer and those who grew up in a time before digital technology was a part of everyday life are especially at risk due to their lack of familiarity.

As dramatic as that might sound, with a little knowledge and some common sense, anyone can protect themselves to enjoy the full benefits that the internet can bring, such as video calls with family around the world and connecting to local senior groups via social media for companionship. Internet use should be encouraged for the elderly for the positive benefits it can bring.

How to protect against online scams and fraud

Age UK recommends that to stay safe you only need to apply the same common sense from everyday life. For example, if a stranger knocked on the front door you shouldn’t invite them into your house, so if you receive an email from someone you don’t know then you shouldn’t click on links within the email or open any attachments.

Attending a local course on how to use the internet would be a good starting point for any elderly relative wanting to get online. Age UK have a list of local courses here.

How to recognise a phishing email

Probably the most recognised type of online fraud is ‘phishing’ – an email cleverly disguised as being from a trustworthy organisation that then attempts to steal your security details.

Examples of different themes of phishing emails:

  • From your bank asking you to update or reset information.
  • From a software company asking you to install software.
  • An email claiming you have won a major prize in a lottery.
  • An email claiming to be from a friend asking for money because they are stranded.
  • An email from a firm of lawyers informing you of an inheritance.

Sometimes, phishing emails are sent from the accounts of friends because a virus has infected their computer, in turn triggering fake emails to be sent from their address book. In this instance, the message is usually very short such as ‘Check this out’ or ‘See what I found?’, with a link to click or sometimes the message is blank with just an attachment. If you are ever in any doubt, then never click on a link or open an attachment in an email unless you are certain that the source is genuine - check with the sender.

Phishing emails are becoming increasingly sophisticated, making it difficult to discern if they are from a genuine organisation such as Apple, HMRC, HSBC, PayPal or TSB (the most popular companies used). The design will look authentic but there are clues to look for.

Lloyds bank has a clear instruction on how to tell a real email from a suspicious one, it includes an image of a fake email and is an excellent resource for learning what to look for, you can see that here.

A key theme of the email will claim that your account has been suspended or deactivated, and that you need to respond with security details or passwords. You can see a sample of two email scams circulating last year from HSBC and Natwest here.

Use the same rules with email that you would if a stranger knocked on your door asking to come in. Consider, just because someone wears a police uniform doesn’t mean they are a genuine police officer:

  • check they are who they say they are and examine any identification
  • call the company to verify their identity (use a number that you know is genuine)
  • never give them any personal information, security usernames or passwords.

Genuine companies are always happy to verify if they sent an email or not. But don’t use a phone number contained in the email. Instead, search online for the actual contact details.

The only people you should ever give your password to are trusted family members (and never use recognisable information for a password such as a birthday or street name).

Phone call scams asking for a password

Increasingly common are phone call scams where the caller claims to be from an IT firm or a recognised and trusted company such as Microsoft. They will claim that your computer has a virus and that they can remove it for you but any actions they ask you to take would involve installing malicious software called ‘spyware’ on to your computer, which captures personal information and passwords.

The caller may:

  • Ask you to visit a credible looking website to download software.
  • Email the software to you whilst on the phone for you to then install.
  • Ask you for credit card information for a fake purchase.
  • Direct you to a website to enter your credit card details.

If you receive a call from an IT company or from someone claiming to be from technical support for a large company such as Microsoft, asking you to complete various actions or to make payments - hang up immediately.

Microsoft has a useful and comprehensive guide to telephone scams here.


Des Dillon became a victim of cybercrime after being tricked into giving away his password over a series of phone calls. The result was a loss of £230,000.

"Over a couple of phone calls, he asked me for various [information], third number, fourth number and ninth letter, that type of thing, and obviously he put it together very quickly." Via BBC Radio 5 live


 

Scam pop-up windows when browsing

Another common scam can happen when browsing the web and a pop-up window appears.

Pop-ups do happen when browsing but this one may be difficult to close. Most likely it will display an error warning and ask you to call a phone number to unlock your machine.

If you can’t close the pop-up then shut down your browser (if you can) and seek help from a trusted source to make sure that the pop-up is closed/removed safely.

How to report a cyber crime or fraud

As highlighted above, if you receive a suspected phishing email then contact the genuine company or bank that the email is claiming to be from – this will help them to tackle fraud and to warn others.

Action Fraud is the national fraud and cyber crime reporting centre in the UK and is a valuable resource for keeping up to date with both the latest scams and known fraud campaigns.

They have an interactive map for all reported scams here

You can report a crime here

They have a guide for all scams here.

Useful resources:

The Age UK, Guide to internet security and staying safe online, is an excellent and comprehensive PDF resource that you can print to give to your elderly relative. 


The image at the top of the page is used under Creative Commons license with copyright credited to Christiaan Colen