Cyber Security Newsletter - Week 2
18 Nov 2020
Cyber Security Weekly Newsletter
Keeping an eye on cyber news and threats
Minecraft and Roblox apps on Google Play fleecing players out of hundreds of pounds a month
If you have kids, chances are pretty high that they will be playing either of these games, if not both. I’ve given my daughter advice on numerous occasions about being careful because of the amount of scamming and hacking going on within the Roblox community. This is most likely because most of its players are children, who will be more susceptible to scams or having weak passwords on their accounts.
Now we are seeing apps that offer premium in-game content for the games, most starting with a 7-day free trial which then charges large amounts of money automatically when the trial expires. With most Google Play accounts linked to either your phone contract or bank card, most of these transactions happen without you realising straight away. The concept is to take advantage of those who sign up for the free trial and then forget about it or sign up without reading the small print.
Some of these apps have been downloaded over a million times, some of which are still available at the time of writing despite being reported, but it’s not just Google Play that these apps slip through the radar – these apps can be found in Apples App Store too.
How can you prevent this from happening?
Make sure Google Play prompts for a password that only you know before making purchases
Monitor the usage and account your child uses
Speak to your children about the risks – make sure they’re aware of the danger and to be careful
Be careful what apps they download or the services they sign up for – read the small print!
New Google Drive Scam Landing in Inboxes
Scammers are always looking for new and clever ways to trick you, and the latest method is very clever indeed. It is a phishing attempt which uses the collaboration feature in Google Drive to invite you to work on a shared document, that when opened contains links to malicious websites. The ingenuity of this scam is that the notification comes directly from your Google Drive on mobile and the email request is also sent from Google, which adds a layer of apparent authenticity by coming from Google itself – a good way to bypass their spam filter and catch you off guard.
People receiving the notifications and emails have reported that they are written in Russian or broken English, asking them to collaborate on a document with nonsense names. All of the documents contain links leading to malicious sites, such as those bombarding you with prize draws or deals.
Google are trying their best to improve the security with regards to Google Drive spam but keep an eye out for any collaboration requests you do not recognise or expect. If you don’t recognise the request, don’t open it, and certainly don’t click on any links.
This week’s top tip – Two Factor Authentication
Two factor authentication (2FA) or multiple factor authentication (MFA) is an essential secondary security safety net that I strongly encourage enabling on your online accounts where possible.
2FA or MFA is the practice of using another form of verification such as a code sent to your phone, or an authenticator app. It may seem like a minor inconvenience, but it is most certainly a necessary one. Only having a password on your account leaves it open to being hacked should that password be compromised, but having 2FA in place means that even if someone has your password, they still can’t gain access.
It only takes a few extra seconds, but it is vital if you want to make sure your account and any information inside is safe – a small price to pay for peace of mind.
That’s all for now, thanks for reading and keep an eye out for next week’s edition.