Step 1 - Stay Secure
Step 2 - Stay Connected
Step 3 - Stay Separate
Step 4 - Stay Safe
Cybercriminals are constantly on the lookout for new ways to extract money from victims. Here at the Garda National Cybercrime bureau we have seen a significant increase in the number of Ransomware attacks in 2021.
Irish businesses of all sizes and private individuals have seen their data encrypted with Malware, usually through targeted infected emails or unsafe websites. The impact of these ransomware attacks can be crippling to a business of any size as it prevents the victim having access to essential data such as customer information, or being able to carry out even the most basic tasks, like email. The cyber criminals will then make contact and demand payments ranging from hundreds of euro to millions of euro, usually in bitcoin, the decrypt the victims’ data.
The Garda advice will always be not to engage with these cybercriminals or pay any ransom. There is no guarantee that your data will be released and you could find yourself receiving more demands if you make the first payment.
We would advise that you take the following steps to limit your exposure to a ransomware attack
- Always have a safe and up to date back-up which is kept separate from the network or computer system
- Only use official sources to update your antivirus software and computer system patches
- Don’t open attachments or links unless you know and trust the source
- Don’t mix data from your work and personal online activity
- Be careful when using remote access methods to your company network
If you are the victim of a ransomware attack, please report it to your local Garda Station.
Gardaí are advising people to beware of Romance Scams.
Victims of the scam believe they have met their perfect match online, but the other person is in fact a scammer using a fake profile to build the relationship. They slowly gain the victim’s trust with a view to eventually asking them for money.
One Irish woman was showered with expensive gifts, including scarves and perfumes, before she was asked to invest in her suitor’s business. Over a thirteen (13) month period, the woman gave the romance fraudster €48,000. The woman initially delayed reporting the fraud to Gardaí as she was married.
The extent of the scam is not fully known because many of the victims are too embarrassed to report the fraud to Gardaí.
Detective Inspector Catharina Gunne from the Garda National Economic Crime Bureau warns: "Romance fraudsters may try to get their victims to send them money using the following excuses:
• to cover the cost of travelling to see the victim;
• for emergency medical expenses for the scammer or a family member — typically a child;
• a business opportunity which would allow them to live together comfortably.
In the beginning, the amount of money requested will often be small but increases as the scammer becomes more successful in building the ‘relationship’ and tricking the victim.”
Recently, a romance fraudster in the west of Ireland was found guilty of taking nearly €19,000 from a victim. The perpetrator obtained money through deception over a five (5) month period after meeting the victim through a dating website.
An Garda Síochána works closely with Europol to disrupt the activities of romance scammers, particularly organised crime gangs that engage in this type of criminality. Dating websites are often monitored for criminality.
What are the Signs?
Romance Fraudsters will:
• Try to move communications away from dating websites. They suggest that you move to instant messaging, text or phone calls instead.
• Ask a lot of personal questions.
• Avoid answering personal questions about themselves. The details that they do tell you seem made up or do not reflect reality. For instance, they may say that they’re university educated, but their spelling and grammar is poor.
• Try to establish a bond quickly. For example, they may give you an endearing pet name e.g. baby, darling, etc.
• Ask for financial help. They may tell you about money problems in the hope that you’ll offer to help.
• Never meet you in person. They will present obstacles and may go as far as making arrangements and cancelling them at the last minute. They may promise to want to see you but offer excuses which delay this, such as financial troubles.
What can you do?
1. Use trusted dating websites.
2. Do not share personal details.
3. Do not send or receive money.
4. Think twice before using your webcam.
5. Trust your instincts.
Are you a victim?
If you believe that you are a victim of a romance scam, or think your identity or personal information has been compromised, contact any Garda Station and report the crime. Please be assured that An Garda Síochána will treat all reports in confidence.
Video advice is available here:
The Garda National Cyber Crime Bureau (GCCB) is the national Garda unit tasked with the forensic examination of computer media seized during the course of any criminal investigations. GNCCB also conducts investigations into criminal offences of a significant or complex nature including network intrusions, interference with data and websites belonging to Government departments, institutions and corporate entities. The Bureau is part of the Special Crime Operations section of An Garda Síochána and its members undergo intensive training in the area of forensic computing and cybercrime investigations, with equip them to give expert witness testimony in court. The Bureau’s remit also includes providing information on current cybercrime trends and online crime prevention advice, while at the same time operating as the Garda cybercrime and computer forensics liaison with partners including academic institutions, Europol, Interpol, the FBI and other law enforcement agencies.
All complaints of CEO or Business Email Compromise frauds should be reported to your local Garda Station. You should include copies of the emails, including header information, details of the new fraudulent accounts and confirmation that the change in account and emails were not authorised or legitimate.
While this is not an exhaustive list there are some basic steps that can be taken to protect a company from online attacks and potential frauds. Ensure that your system is properly protected by Antivirus and Anti-Malware software and that they are up to date. Discuss needs with a system administrator or an external security company.
Ensure robust processes are in place for payment authorisations, in particular those involving any change to payee bank account details. This could include two step authorisation where a second member of staff must sign off on any change or confirm the request. Or it could require the person processing the payment to check with the CEO or other senior executive that the payment and change is authorised.
If large sums of money are being regularly transferred from company accounts, an account manager with your Bank may take a proactive role where changes are requested to payee account details.
A substantial increase in your telephone bill is an indication your company couldbe the victim of Private Automatic Branch Exchange (PABX) fraud. Detailed billing will assist in identifying any potential unauthorised calls, usually International calls but they can also be National telephone calls. Another indicator is where customers trying to dial, in or employees trying to dial out, find that the lines are always busy.
A PABX is a computerised system that manages an internal telephone extensions network.
It is a highly flexible system as it can provide access to telephone services by dialing into the system from outside the PABX network. This service is called DISA (Direct Inwards System Access) and if enabled it permits employees to route national and international calls through the PABX with the cost of these calls being billed to the owner of the PABX. Access to this service requires the use of a PIN. This can however be abused and may result in unauthorised calls costing thousands of Euro. Most PABXs have engineering and maintenance access codes. If this access code is compromised the attacker will have total control of the system.
If your PABX has voicemail and is DISA-enabled then it is susceptible to this form of fraud. To protect your PABX from this type of fraud, if DISA is not required ensure that it is disabled. If DISA is required, contact your PABX supplier or maintenance company, who can help you in configuring DISA properly.
- Toll Fraud Audit - this service is provided by your PABX supplier or maintenance company.
- Enable automatic logging of calls if available. This may help in identifying the extension number that is being used to compromise the PABX and it may also identify the source of the external call.
- Regularly check the log records for repeated short duration calls to the same number. This could be an indication of an attempt to attack your system.
- Activate PINs for voicemail, DISA and engineering access (if enabled) and change regularly.
- If possible, remote engineering access should only be permitted on a ‘call back’ basis. This will prevent unauthorised access to this privileged account.
PABX Fraud is a criminal offence and in addition to reporting the incident to An Garda Síochána we would recommend that you contact your telecoms provider and your PABX supplier who will assist.
This is a CEO frauds/redirection mail online scam. A company finance officer receives an email which appears to be from the Chief Executive Officer saying that he is closing an important deal with a supplier and he needs a payment processed immediately. The deal is hush-hush and he is not able to discuss it but will reveal all when his meeting ends. He is not available but wants an immediate confirmation that the payment has been made. However the supplier has a new bank account into which the payment should be made. He supplies the account details of the new account. The tone of the email or the person’s position within the company suggests that the finance officer shouldn’t argue so the payment is processed. However the email is fake and the account has nothing to do with the supplier. By the time the fraud is noticed the money has been transferred out of the account. Always check email addresses for subtle differences such as Michael@domaine.com instead of Micheal@domaine.com and have an authentication process in place for changes in payment processes. If in doubt call the executive or wait.
You could be the victim of a card security breach. They will ask you to confirm your card details or your bank and then pretend to hang up. You dial your bank's number but the fraudster is still on the line and pretends to be from your bank. They ask you to confirm your account details and the PIN code for your card. If you do they now have all your details and proceed to use the card online. Ignore the call and report it to your local Garda station.
This could be a phishing email. In this scam you receive a call from someone saying they are from Microsoft or they represent Microsoft and they are calling about problems with your computer. They ask you to go online and connect to a site or a link they give you. When you do they take control of your computer and clean the ‘problems’. However they are only deleting logs of everyday issues that exist on most computers or normal records. They then ask you for payment for doing nothing and may continue to take other payments from your card or account without your knowledge. In addition, they have access to your computer and its contents. Don’t respond and don’t entertain such calls.
You could be the target of a fake buyer. You advertise a product online on an auction site or similar and receive an offer from another user of the site. They are extremely interested in the goods. They are the winning offer and during the negotiations by email you receive a message from ‘PayPal’ or a similar service stating that the purchaser has lodged the required payment. You are asked to confirm you have sent the product but you soon realise the email is forged. PayPal never confirm payment by email.
This sounds like what’s known as ‘second chance sales’. It happens when you are bidding on a product on an online auction or sale site but are unsuccessful. However you then receive an email from the person who states they are the seller and they have another similar item which they will sell to you privately. You complete the process and transfer money to the pretend seller using a money transfer or payment service. However the seller is false who regularly monitors high value or high interest sales. They have noticed that you were bidding on the goods and are using your interest to trick you into ‘buying’ again. Only purchase from legitimate adverts and don’t respond to online communications which are off-site or are unsolicited by you.
Call your friend to confirm they are in trouble or check with other friends. It is possibly a 'Help Me' email which typically involves a victim receiving an urgent message from a relative or friend saying they have been mugged on holidays and need urgent help. All their money and cards, as well as passport and mobile phone, have been stolen and they need urgent financial assistance until they get home. You are asked to send money using a money transfer service and they will repay you. You agree and the fraudster calls to an office of the service pretending to be your friend using fake ID purchased over the internet and withdraws the money.
Advertisements for goods on sale or auction sites are often cloned after the original sale is complete. Details of the merchandise, photos and seller details are faked and offers to purchase are invited from other users of the site. When a person tries to purchase the goods from the ‘seller’ they are asked to complete the sale using a money transfer service instead of a secure payment service such as PayPal. Always use a secure payment service where refunds are guaranteed in the event of fraud and only purchase from reputable sellers. If unsure, walk away.
This is what is known as a ‘419 letter’. An email in broken or poor English is received and it states that the sender is the wife or representative of a decease foreign dignitary such as a President of a country or a company. He has left millions of Euros or Dollars in a bank account and the money is now frozen. The sender of the email asks for help is releasing the funds and tells their target that they were identified as a helpful and honourable person. They are offered a bonus for helping and a draft is sent which they are asked to lodge and send back a processors fee using Western Union or some other money transfer service. However the draft is forged or fake and the fee is lost.
This is a lottery scam and you should ignore it. If you didn’t buy a ticket then you didn’t win so don’t get caught. The email will say you just need to send a processors fee to an account or via a money transfer service to receive your prize.
It’s very likely you are experiencing a Ransomware attack. As a result of opening an infected email or an infected website, a virus or malware is downloaded to your computer which then encrypts the contents or locks the computer and prevents it from starting up. The computer then displays a message which demands payment of Bitcoins, an online currency, in order to obtain a release code and regain access to your computer again. You can check on www.nomoreransom.org which is an international service from Europol offering decryption codes which may held you unlock your computer. Otherwise you should contact a reputable IT repair specialist. Do not pay any ransom as there is no guarantee you will get back control of your computer.
When online always be careful about the sites that you connect to and if you don’t recognise the sender of an email, don’t open the attachment. Make sure you have up to date anti-virus and anti-malware protection installed and running on your computer.
Where you believe you have been the victim of an online scam or fraud you should report it to your local Garda Station, and also use the online reporting service of the website or forum on which you were scammed. When reporting to your local Gardaí, bring copied of all emails, account details, copies of the advertisement of online posting and any other relevant information you may have.
Most users of the Internet will have fallen victim or encountered an online scam in which attackers attempt to obtain personal information such as logon profiles or banking details. In addition, users may have received emails offering them the change to share in a secret fortune or to claim their lottery win or tax refunds. These are some of the scams that circulate on the Internet and about which online users should be aware.
Complaints of online crime or those involving computers should first be made to your local Garda Station.
The Internet has increasingly become a forum for people to post unacceptable comments and material about others with little thought for the personal affect such material has on their intended victim. Many online users use the anonymity provided by online forums to post comments without consequence.
Currently Irish criminal law provides no restriction around posting comments to social media unless the contents amount to harassment. In most cases comments that are offensive or hurtful may be defamatory and are not criminal in nature. In such cases you should consult with a solicitor about any civil action that can be taken.
Most social media services offer their users a method of lodging complaints about content posted to their forums using their online complaints email or abuse reporting link. In some cases you can also lodge an online report about an individual posting or a user and ask for it to be removed or suspended. specify the nature of your complaint. All requests for the removal of material and fake profiles from social media networks should be submitted to the network using their public online reporting or complaints processes.
This is not a definitive guide and is merely intended as assistance where complaints concerning abusive or false material on social networking platforms are received.
An Garda Síochána are reminding parents and young people of the potentially devastating impact of cyber bullying and its ability to destroy lives.
Detective Chief Superintendent Declan Daly, Garda National Protective Services Bureau, said:
"Cyber bullying can have a significant impact on people’s lives. The Garda Online Child Exploitation Unit is committed to tackling it in an impactful way.”
Cyber bullying is the use of technology to harass, threaten, embarrass, or target another person. Although more prevalent amongst young people, it can happen to anyone at any age. It is intended to inflict harm or discomfort to others.
"If you do decide to give your child permission to use social media sites, the best online safety strategy is to talk with your child and engage with their use of the Internet,” said Detective Chief Superintendent Daly.
Tips for Parents and Guardians:
1. Know the sites your child visits, learn about the protections provided by these sites, apps and available on your child’s device.
2. Teach your child that whatever information is posted or shared online, will stay online.
3. Encourage your child to tell you if they receive messages that they feel disturbed by or uncomfortable with.
4. Discuss ways the child can deal with disturbing material should they accidently come across it.
5. Implement the parental controls available on all IOS and android devices.
6. If you find out your child is being bullied, print out and keep evidence of bullying and block the culprit. Then report the problem.
Detective Chief Superintendent Daly continued: "We wish to encourage victims of cyber bullying to report the bullies and provide us with the evidence to help ensure that other people do not become victims of this terrible behaviour.”
Reporting Cyber Bullying:
• Keep evidence, don’t delete anything.
• Save the messages or take screenshots.
• Stop all communication and block the person.
• Tell An Garda Síochána.
• Don’t delete the account as this evidence will help the Gardaí.
The Garda Online Child Exploitation Unit has these tips for young people:
Cyber bullying destroys lives. Stop and think before you post, anyone may see, forward, or screenshot that post.
Only post messages you wouldn’t mind your parents or teachers seeing. Remember whatever you share online stays there.
Contact your parent, guardian, teacher or an adult you trust if you are being bullied online. Do not respond to the bully, report it!
Online manners matter. Always treat others how you want to be treated, with respect.
Online Child Exploitation:
The Harassment, Harmful Communications and Related Offences Bill 2017
The bill is currently making its way through the Oireachtas. The legislation, also known as ‘Coco’s Law’, will consolidate and reform the criminal law concerning harmful communications, including electronic communications.
A video featuring Sergeant Mary McCormack, Online Child Exploitation Unit, providing advice and tips will be shared here and An Garda Síochána social media accounts.
If you find material that you think might be illegal, or if you’re having experiences on the internet that don’t seem right, then you should do REPORT IT! This can include material that is child pornographic, exploitative or racist/discriminatory in nature.
If you come across material that you think may be illegal, then you should report it to www.hotline.ie. Note that this is an anonymous service and you do not have to give your name or any personal information. If you come across this kind of material on a computer or a network you should report it to your local Garda station.
This is probably a phishing email which is an attempt to obtain your personal account or logon details which can then be used fraudulently or sold online. Your Bank or other financial institution will not ask you to provide logon details in an email. Similarly companies will not ask for personal details online in an unsolicited email. If there is a link in the email, hover the mouse over the link and see where it will actually take you. Report these scams to the Bank or your provider and to your local Garda Station.
This is probably a phishing email which is an attempt to obtain your personal account or logon details for your bank or other profile. The Revenue Commissioners do not sent tax rebate notices by email or text unless you have completed an online application and will never ask you to provide your logon or account details in an email. Don’t respond, don’t provide any personal or account details and report the correspondence to Revenue and your local Garda Station.
If you believe your account or your network has been hacked because you can’t get access or you have noticed unusual activity, you should report it to your local Garda station and keep a copy of the suspicious activity, including last login records, or a screenshot of the login page showing you were locked out. You should also use two-factor authentication to secure your accounts, or use the backup email account to try and regain access to your account with the help of your service provider.
Cybercrime is not a new phenomenon and while many crimes are now committed online, not every online crime is a cyber crime. Some are frauds or other offences that have been committed over a computer network. All crimes or suspected crimes should be reported to your local Garda station.
The below details are correct at time of publishing, and are provided as guidance only. Seek legal advice from your solicitor where necessary.