NCSC and An Garda Síochána team up with the European Cyber Agency (ENISA) to promote awareness of cyber scams
-
From: Department of the Environment, Climate and Communications
- Published on: 28 September 2023
- Last updated on: 6 October 2023
Minister of State with special responsibility for Public Procurement, eGovernment, Communications and the Circular Economy Ossian Smyth; and Juhan Lepassaar, Executive Director of the European Union Agency for Cyber Security (ENISA) today launched a public awareness campaign for October’s European Cyber Security Month.
The campaign focuses on the positive steps the public can take to empower themselves against social engineering frauds.
Social engineering is being carried out by criminals through phishing (fraudulent emails), smishing (fraudulent text messages) and vishing (fraudulent phone calls). The campaign is being jointly promoted by the National Cyber Security Centre (NCSC), and the Garda National Cyber Crime Bureau (GNCCB) and will utilise social media and radio advertisements to raise awareness of the steps that can be taken to counteract these fraudulent activities.
Phishing (as well as smishing and vishing) are carried out with the intention of stealing money or gaining access to sensitive information for further illegal activity. Such activities are aimed at deceiving individuals and causing them distress, either financially, emotionally, or both. The methods carried out in such attacks aim to psychologically manipulate victims and trick them into giving away sensitive personal information.
The National Cyber Security Centre (NCSC) and An Garda Síochána, through this campaign, are asking the public to 'think before you click' and allow themselves time and space before responding to messages that seem suspect.
Speaking at the launch, Minister Smyth stated:
"The use of social engineering through phishing and other such attacks to target individuals' personal information is a deplorable form of cyber-attack that many of us have likely encountered at some point.
"It is vital that we remember to allow ourselves time upon receipt of a suspicious email or text. Attackers will try to build a fake sense of urgency – there is no impetus on us to respond to such a false timescale.
"European Cyber security month is a terrific way to raise awareness of the importance of allowing ourselves time and space in such correspondence and protect ourselves from these fraudulent attacks."
Similarly, Mr Lepasaarr noted:
"One of the weakest links in cybersecurity is humans. Explaining how social engineering works in practice, creates awareness of potential traps."
Panel discussion
The launch included a panel discussion featuring experts in cyber security including Mr Lepassaar, Richard Browne (Director of the NCSC), Laura Heuvinck (ENISA spokesperson) and Florian Pennings (Director of European cyber security policy, Microsoft).
Speaking about the threats that Ireland faces from cyber-attacks, NCSC Director Richard Browne noted:
"Whether it is advanced malicious State actors carrying out espionage activities, or low-level criminal hackers looking to scam people, often the first step in an attack is a simple phishing lure that will trick someone into downloading malware of some sort. Preventing that from the outset makes us all safer."
Key themes
Cyber-security affects us all and social engineering, which is aimed at talking a target into revealing specific information or performing a specific action for illegitimate reasons, can target anyone, regardless of their age or profession. Empowerment is key with regards to cyber security and safety online. The vast majority of individuals have the knowledge to carry out their online activities safely and securely. However, actors seeking to target them are becoming increasingly adept at creating situations that simulate a false sense of urgency for those they are targeting.
Messages or phone calls often have artificially manufactured time limits attached: "if you do not pay your e-toll in time you will be brought to court". The pressure created by this technique leads to individuals acting in a way they wouldn’t normally. Accordingly, this year’s campaign is all about slowing down and asking yourself "is this contact genuine?"
The easiest way for fraudsters to acquire someone’s personal information is directly through the individual. The best way to protect yourself is to not give this information away no matter how plausible the request. Cyber criminals are non-discriminatory, however paying attention to details and thinking before clicking to reply is a proactive step that can be taken to counteract their efforts.
Similarly, using multi-factor authentication (MFA), secure passwords, back-ups, and updating devices empowers people to take control of their own online safety and protect themselves from potential attacks.
Tips to protect yourself from smishing
1. Do not respond
2. Slow down – particularly if the request is urgent
3. Never click on links if you don’t recognise the sender
4. If in doubt, ring your bank or financial institution
Tips to protect yourself from social engineering
1. Be wary of tempting offers
2. Don’t give in to time pressures
3. Never give away financial information
ENDS
Notes to the Editor
The National Cyber Security Centre (NCSC) is the government’s operational unit for network and information security and acts as a central contact point in the event of a government or nationwide cyber security incident affecting the State. It serves a constituency made up of organisations from the Irish Government and a large number of Critical National Infrastructure providers from key sectors such as energy, transport and health.
The public can also contact the NCSC if they feel that they have experienced a cyber security incident that may have a national impact. However, members of the public or businesses who are victims of cyber crime, where they are affected individually, should report these incidents to the Gardaí.
Garda National Cyber Crime Bureau (GNCCB)
The Garda National Cyber Crime Bureau (GNCCB) has the responsibility for investigating significant and complex cybercrimes that target computer systems, whether they are company or privately owned. The Bureau is the primary liaison with international and European law enforcement cybercrime centres and has established strong partnerships with academia and the Technology sectors.
GNCCB is responsible for the provision of a computer forensics service to all criminal investigations and works closely with the NCSC where the target of the attack is a Critical National Infrastructure provider to identify those responsible and the methods used in the cyber-attack.
Coupled with these primary roles GNCCB provides cyber-prevention advice to the corporate and public sectors on online threats and safety. Any person or company who believes they are the victim of a cybercrime should report it to their local Garda Station.
European Cyber Security Month (ECSM)
European Cyber Security Month (ECSM) is coordinated by the European Union Agency for Cybersecurity (ENISA) and takes place each year during the month of October. ENISA’s press release for European Cyber Security Month can be found on the agency's website, while the dedicated page for the month is: www.cybersecuritymonth.eu.
The campaign is supported across Europe by member States, which organise numerous activities including conferences, workshops and webinars. They also disseminate appropriate awareness-raising material and good practices to promote cyber security and cyber hygiene. During October, the NCSC and GNCCB will share content from ENISA.