CyberScotland Bulletin

April 2021

Issue: 15.04.21

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. Due to the current circumstances we are continuing to circulate information about a much wider range of scams. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary

Please subscribe to our CyberScotland mailing list to receive these updates directly by email.

Section National Cyber Security Centre (NCSC)

National Cyber Security Centre (NCSC)

Practical advice for early years educators

The NCSC have published their first guidance aimed at Early Years practitioners. Cyber security plays a key role in safeguarding children and protecting the personal or sensitive information held on children and their families. This guidance offers practical top tips on how to keep data and devices secure. Some of the topics covered include how to set up strong passwords, how to communicate with families safely and how to deal with suspicious messages.

Expert guidance and advice for other educational settings can be found on the NCSC website. This includes:

The NCSC recently led a webinar about cyber security aimed at Early Years practitioners as part of CyberScotland Week. The session is still available to watch online on Education Scotland’s Glow DigiLearn platform.

Early years guidance


NCSC’s CyberAware campaign provides advice for individuals and businesses on how to stay secure online.

You can review your online risk by completing a short questionnaire. This will generate a personalised list of actions linked to the Cyber Aware behaviours. It offer free, bespoke advice and includes steps to secure yourself or your business.

NCSC Threat Report

The NCSC produces weekly threat reports drawn from recent open source reporting. View this week’s report here. The NCSC is encouraging organisations to install critical updates following a number of vulnerabilities being addressed in Microsoft Exchange.

The Suspicious Email Reporting Tool was launched by the NCSC in 2020 to allow members of the public to report suspicious emails. As of 31st March 2021, the number of reports received stands at more than 5,500,000, with 81,000 individual URLs linked to 41,000 sites having been removed. Please forward any suspicious emails to: [email protected]. Suspicious text messages should be forwarded free of charge to 7726.

Cyberaware action plan
Section Scottish Governement

Scottish Governement

New Scams Strategy

The Scottish Government have published a new strategic framework to tackle scams in Scotland, underpinned by coordination and collaboration across partner organisations. The strategic framework is focused on three pillars:

  • Prevention and disruption;
  • Awareness and education; and
  • Enforcement.

The strategy has been developed based on key insights and considerations of the Scams Prevention Strategy Partnership & Advisory Group. The Strategy does not represent an end but rather the continuation of a longer term effort to combat this fraudulent activity, building on good work already being delivered, from local to national level, by a wide group of stakeholders.

Go to Scams Strategy
Section Trending Topics

Trending Topics

Educational Institutions

Educational establishments, including Universities and Colleges, hold valuable data which can make them a lucrative target to cyber criminals seeking financial gain or to steal personal data and intellectual property.  The NCSC works closely with the sector to help improve their cyber resilience.

Since late February 2021, the NCSC has been investigating an increased number of ransomware attacks affecting the education sector across the UK, including schools, colleges and universities. NCSC issued an alert to highlight the recent trends observed during August and September 2020, as well as the more recent attacks since February 2021. The alert is aimed at those responsible for IT and Data protection at education establishments and provides mitigation advice to help protect this sector from attack.

Due to the prevalence of these attacks, you are advised to follow the NCSC’s recently updated mitigating malware and ransomware guidance. This will help you put in place a strategy to defend against ransomware attacks, as well as planning and rehearsing ransomware scenarios, in the event that your defences are breached.


Scam Text Messages

Scammers are sending phishing text messages pretending to be organisations that you know and trust including banks, PayPal or Royal Mail.

We have seen instances of text messages claiming to be from four of the UK’s largest banks and building societies, including Barclays, Halifax, HSBC and Lloyds and contains a security message, asking you to confirm a payment from a new device or to confirm a new payee.

Additionally, Trading Standards have warned about fake Royal Mail text and emails that have been circulating. This message claims that a parcel is being held due to an unpaid shipping fee.

The Chartered Trading Standards Institute (CTSI) has received a video recording of an automated telephone message claiming that the National Insurance number of the recipient “will be terminated due to some unethical financial transactions.”

Criminals want to convince you to do something which they can use to their advantage. In a phishing text message, their goal is often to convince you to click a link. The links are disguised to look as though they point you to the genuine website of the company. Once clicked, you may be sent to a fake website which could download a virus on to your computer or it may try and steal your passwords and personal information. A good tip is not to click on the links within the email or text message but instead to visit the official website and contact the company directly to check that requests are legitimate.

Bank scam texts
Post office scam

Facebook Data Leak

Earlier this month, personal details of over 533 million Facebook users, including names, email addresses, phone numbers and dates of birth, were posted to an online hacking forum.

Criminals may use this available data to target individuals which could lead to identity theft or fraud attempts. Be on the lookout for any suspicious emails, texts or phone calls. Hackers may use this information to try to gain access to other accounts so be sure to have strong, unique passwords across your online accounts and protect them by enabling two factor authentication.

Facebook on mobile

NHS boss’s Twitter account hacked

High profile social media accounts can be an attractive target for cyber criminals to exploit. NHS executive Helen Bevan, got her two twitter accounts, which had over 140,000 followers across both accounts, hacked by criminals to promote non existing PlayStation 5 (PS5) consoles. The hackers cracked her password gaining them access. They changed the contact details linked to her account preventing her access. Next, they rebranded the account and began to advertise for non-existent PS5 consoles for sale, trying to trick people into handing over their money.

This type of attack is not uncommon. Last July, an American teenager hijacked celebrity twitter accounts including Bill Gates, Elon Musk and Barack Obama. He encouraged followers to invest Bitcoin with the celebrity with the incentive that they would get double their money back. He pleaded guilty and was given a three year sentence.

Make sure to secure your social media accounts with strong and separate passwords and enable a second layer of protection by turning on 2 factor authentication. For more information about how to recover accounts, refer to the relevant online support pages for your chosen platform or social media management tool.

Play station 5

Vaccine Survey

Fraud prevention service Cifas have issued a warning about a phishing email pretending to be from a ‘Pfizer Vaccine Opinion Panel’. This is a phishing email that encourages you to complete the survey and offers a reward in return for your feedback. The advice is not to click on the links within this email. Never share personal information with individuals who cannot prove who they say they are.

If you spot this email, you can report this to the NCSC by forwarding this to [email protected] If you have fallen victim to this scam, you can report this to Police Scotland by calling 101.

Trading standards vaccine
Section News / Campaigns

News / Campaigns

NCSC, Small Organisations Newsletter – Coffee Break Cyber

SME’s cover a huge range of businesses and make up 99% of all business in the UK. Often SME’s do not have the budget of large organisations to spend on cyber security.

This Newsletter aims to break down cyber related issues into bitesize pieces which can be read in your coffee break. The NCSC want to provide you and your business with the advice and tools to minimise the risk of a cyber-attack. Each month will cover a different topic and will offer advice and links to further information.

This month’s newsletter looks at how to defend your organisation from ransomware. If you would like to receive this Newsletter, then please sign up using this link.


Get Safe Online

Get Safe Online’s campaign this month is tips for being a ‘switched-on parent’. They have put together helpful advice focussing on children’s online safety, including advice on parental control software and oversharing confidential or personal details online.


Trading Standards Scam Share

Other scams to be aware of are identified in this week’s Trading Standards Scotland Scam Share newsletter. You can sign up for the weekly newsletter here.

Trading Standards Scotland have published their first ‘Scam Share Spotlights’ PDF which will be published every fortnight. This will focus on a particular scam that is frequently reported by Scottish consumers. These can be viewed online or downloaded and printed for those not online.

Neighbourhood Watch Scotland

Sign up to the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Section Training and Webinars

Training and Webinars

CYBERUK, 11th – 12th May 2021

CYBERUK is the UK Government’s flagship cyber security event, hosted by NCSC. This virtual event will take place over two days and include live keynotes and panels, as well as some pre-recorded content from the NCSC and sponsors for you to watch in your own time. This event is open to all and the content will be streamed online on a dedicated CYBERUK YouTube Channel.

You can find out more information on CYBERUK on the NCSC website and register an expression of interest in being kept up to date with updates here.

cyberuk virtual

Lead Scotland, Easy Read Booklet

Lead Scotland have produced a new Easy Read booklet to help people stay safe online. ‘Easy Read’ information is designed for people with learning disabilities who like clearly written words with pictures to help them understand. This booklet provides information about creating and remembering strong passwords, identifying emails and website scams and what to do in the event of a cyber attacks. You can download the Easy Read Online Safety guide here or visit the Lead Scotland website to request a printed copy.

lead scotland easy read

Exercise in a Box, Scottish Business Resilience Centre (SBRC)

SBRC are encouraging organisation to sign up for one of their free ‘Exercise in a box’ online sessions. This is a free, 90-minute non-technical workshop which will help organisations find out how resilient they are to cyber attacks and practise their response in a safe environment. These sessions will focus on one of two scenarios, either ‘working from home’ or a ‘phishing attack leading to a Ransomware infection’. Find out more information on SBRC’s website.

Book to join an upcoming session here. Workshops are available on Zoom and Microsoft Teams platforms.

SBRC have published a guidance document debunking the myths around ransomware.

excersie in a box

Reputation management for senior business leaders in times of crisis, SBRC, 5th May 10am

Organised by Scottish Business Resilience Centre with delivery from Clark Communications, this free webinar will cover what reputation management is and how your company should approach it. It will discuss what senior business leaders can do to prepare for and manage a crisis, the importance of having a clear communications plan and provides advice to mitigate a crisis in the future.

Find out more about this event and register for your ticket here.

Section Case Study

Case Study

Each issue, we aim to bring you real-life examples of scams, phishing emails and redacted case studies. If you have had an issue and would like to share your experience and what you have learned with others, please contact us to discuss:  [email protected] We are happy to anonymise case studies.


Case Study – Royal Mail text scam

On Friday, ‘Sally’ received the phishing ‘Royal Mail’ text message, asking for her to pay £2.99 additional postage fee. At the time, Sally was unaware of this scam. She checked the website for information and thought the text message was legitimate. It was Sally’s birthday that weekend and she was expecting a couple of packages to arrive. Sally has paid for additional postage fees before, so didn’t think this message was suspicious and paid the fees. She entered her contact details, date of birth and credit card details on to the duped ‘Royal Mail’ website.

The following week, the criminals used this information to phone Sally. They pretended to be calling from the ‘bank’s fraud team’ and told her about some suspicious activity on her account. They took her through some security questions to cancel her cards before they could issue her a new one. After building up trust, the criminals convinced Sally to transfer her money in to a new account they had set up.

Sally was suspicious and challenged the callers, but they were able to convince her she was speaking to her bank by telling her account balance. They told her to look at the phone number they were calling from. The scammers used number spoofing software to display false caller-ID information to trick Sally into thinking that she was on the phone to her real bank.

The criminals requested Sally to send money into an account they had set up using her details. This made it look like she was sending money to someone she knew. They also made her transfer money in smaller payment amounts so it wouldn’t trigger any security alert on her bank system.

Sally only realised this was a scam when the criminals asked her to transfer her overdraft amount which she didn’t have. They insisted that she did and got her to try. The final transfer didn’t work, which confirmed to her that she had been a victim of crime and she ended the call.

Sally got in touch with her legitimate bank. They managed to cancel her cards and they launched an investigation in to the fraud claim.


  • A bank or payment card company will never ask you to transfer money out of your account to another that you do not recognise. You should hang up immediately.
  • Never provide financial or personal details to a caller. You can call back on a number you know to be authentic. You should call this from a different device or call a friend first to make sure that the scammer is not connected to the phone line. Many scammers will have the ability to spoof numbers to fool you in to thinking they are genuine.
  • Advice on how to spot a fake Royal Mail notification Royal mail don’t collect shipping costs by email (or text message), so be aware and stay cautious.
  • If you fall victim, you should report this to your bank and report this crime to Police Scotland by calling 101.
Section Technical Annex

Technical Annex

Technical Bulletin

The CyberScotland Technical Intelligence Bulletin is designed to provide information about emerging or escalating cyber threats, and is created in conjunction with SBRC’s Cyber Incident Response. You can sign up receive the technical bulletin directly here.



CiSP: The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to allow UK organisations to share cyber threat information in a secure and confidential environment.

It is a secure networking platform that enables its members to receive enriched cyber threat and vulnerability information and exchange information on threats and vulnerabilities as they occur in real time. CiSP is for professionals who have an obligation for cyber security within their organisation. Those individuals must work for a UK registered organisation or UK Government.


The first applicant from a new organisation wishing to join the CiSP will require to be sponsored into this trust environment. An application is made online by visiting the NCSC website at

A simple online form is completed which will ask for the sponsor’s details to be included. A check will be made with the sponsor that the organisation is known and meets the joining criteria. Thereafter all other members of the organisation can make applications by selecting the ‘Register as an Individual option which does not require sponsorship.

Please email [email protected] to enquire about an organisational sponsor or for an overview of CiSP and SCiNET.


NCSC Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their networks.

The NCSC’s Early Warning service processes a number of UK-focused threat intelligence feeds from trusted public, commercial and closed sources, which includes several privileged feeds not available elsewhere.

By providing details of the assets your organisation owns, Early Warning will deliver feeds of the following types of threat information:

  • Incident Notifications – Activity that suggests an active compromise of your system. Example: Your IP address has been involved in a DDOS attack.
  • Network Abuse Events – Indicators that your assets have been associated with malicious activity. Example: A client on your network is a part of a Botnet.
  • Vulnerability Alerts – Indications of vulnerable services running on your assets. Example: You have a vulnerable port open.

Early Warning complements your existing threat intelligence products, and should not be used in isolation. For more details and to register visit Early Warning – Overview (

Scottish Government
Police Scotland
Cyber and Fraud Centre – Scotland
Scottish Council for Voluntary Organisations
Back to top of the page