Cyber crime - emerging threats

Regional Cyber Crime Unit, Zephyr, has highlighted some recent cyber threats which businesses in the South West and beyond should be aware of.

Whaling attacks

The South West Regional Cyber Crime Unit (SWRCCU) has recently identified an increase in the number of whaling attacks targeting companies in the region. A whaling attack is a type of spear-phishing attack and involves targeting high level executives, CEOs and CFOs with forged emails asking for urgent payments. Usually the emails are spoofed so that they appear to come from a trusted colleague or business partner.

Last month a CEO of an Austrian aircraft parts manufacturer was sacked after losing the company £31million in a whaling attack (the CFO also lost their job). Spear-phishing attacks target all industries and are on the increase as cyber criminals use large databases of personal information and automated tools to personalise these emails on a mass scale.

To reduce the chances of becoming a victim of this type of offence please consider the following:

Employee awareness

Finance, payroll and human resources departments should be alert to these scams as nearly 50% target the CFO and 25% target HR inboxes.

Messages often ask employees to keep things confidential and bypass normal approval channels – employees should be suspicious if they receive a request for unusual information or wire transfer via email.

Practical steps

  • Check the reply-to and return path email address (in spoofed emails this will differ from the “from address” and show the suspect’s email address).
  • Always call to confirm the request with the requester.
  • Follow/ establish policies relating to dual authorisation before large payments can be made.

Ransomware – incident report

SWRCCU received a report of a ransomware attack affecting a school based in Chippenham. A demand of £2000 was requested for the data to be decrypted.


  • Make sure you have anti-virus software installed and ensure it is up-to-date and running in real time.
  • Keep browsers, operating systems, Adobe and other applications up-to-date and patched against vulnerabilities.
  • Backups are an absolute necessity in protecting your data. Back files up regularly, store the backups on external storage and physically disconnect the storage from the computer and network between backups. Ensure you verify the backups.
  • There are many fake emails with malicious attachments circulating the internet. If you receive an uninvited email containing an attachment then do not open it unless you are sure of its origin.
  • Beware of unsolicited emails asking you to click on links.
  • In the unfortunate case of infection, pull the plug on the computer and internet access.
  • Do not pay the ransom as a first response - report to Action Fraud as soon as possible.

The SWRCCU advises against the payment of ransom demands. This is for three reasons:

  • You are not guaranteed to get your data de-crypted.
  • Further extortion demands may follow.
  • It encourages further attacks against other victims.

About Zephyr

The Regional Cyber Crime Unit target cyber crime and cyber attacks. The unit specialise in identifying those engaged in large-scale computer and network intrusions, including denial of service attacks and website defacement.