CyberScotland Bulletin

December 2022

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

Bulletin Feedback

We want to look at how we adapt the bulletin going forward to ensure it fits the need of the readers. We want to understand how you make use of this resource and where we can improve. This survey is anonymous and will take approximately 5 minutes to complete.
Please take a few minutes to provide your feedback using our online form (Microsoft Form).

Section National Cyber Security Centre (NCSC)

National Cyber Security Centre (NCSC)

NCSC Cyber Aware Campaign aims to help keep online shoppers more secure

The National Cyber Security Centre (NCSC), with support from DCMS, the Home Office and the Police, have relaunched the Cyber Aware campaign to encourage the public to shop online securely in the run-up to Christmas. This comes as new figures revealed victims of online shopping scams lost on average £1,000 per person in the same period last year.

The key messages of the campaign are:

You can support the campaign by sharing posts from the NCSC Twitter and LinkedIn channels

Check Before You Buy_1080x1080_1

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.  To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites. As of October 2022, the NCSC has received over 15 million reported scams which have resulted in 105,000 scams being removed across 192,000 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at Visit to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Section Trending Topics

Trending Topics

Scams to watch out for this holiday season

At this time of year, people will be expecting genuine parcels to be delivered so there is a higher chance of these parcel updates being opened and links being clicked within emails or messages. Criminals may claim to be from well-known delivery providers such as Royal Mail, Evri, DPD and more, requesting payment due to a failed delivery attempt or asking you to provide personal or financial details. Consumer company Which? explains how scammers attempt to steal your personal details by impersonating the Post Office.

Be on the lookout for ‘too good to be true’ offers and discounts when shopping online. Whether you are booking your next summer holiday, buying the latest tech gadget, donating to charity, or purchasing a concert ticket, make sure to check before you buy and use secure methods of payment to stay ahead of the threat.

Spotting scam emails is becoming increasingly difficult. However, there are some tricks that criminals will use to try and get you to respond without thinking. The NCSC has advice on how to spot the most obvious signs of a scam, and what to do if you’ve already responded. If you have received an email which you’re not quite sure about, forward it to [email protected]

Trading Standards Scotland has compiled a list of A-Z common scams that consumers should be aware of this winter. Each day in December they will focus on a different scam. By being aware of the types of scams circulating during this time, you can protect yourself from falling victim.

post office text scam
Evri scam text

Scottish organisations to prepare your incident response plan

Organisations should take appropriate precautions to reduce their risk of falling victim to cyber-attacks leading up to and during the holiday season. Malicious cyber actors have often taken advantage of holidays and weekends to attack and disrupt critical networks and systems belonging to organisations, businesses, and critical infrastructure.

At this time of year, organisations will start to close and will be running with a heavily reduced staff count which can make organisations vulnerable. It’s important for staff to beware of phishing emails which try to trick you into clicking on links, requesting you update bank account information or make invoice payments and requests.

It’s important to review your business continuity plan and know where you can seek advice and support should you need it.

Our Cyber Incident Response Pack provides you with practical advice on handling a cyber incident. The pack includes a Prepare Your Business Checklist, Emergency Contact List Template to help centralise important contact information, and advisory pieces on reputation management and legal considerations to help you plan your response.

SBRC’s free Cyber Incident Response Helpline (0800 167 623), can support organisations who believe they may have fallen victim to a cyber attack and need urgent advice.

Ready for Christmas

CyberScotland Podcasts

CyberScotland Partnership has released its first episode in its new podcast series. The CyberScotland Podcast series features guests from across the Scottish cyber security industry and will cover a range of cyber resilience topics including incident response, skills and good cyber practice for individuals.

In the first episode, we look to answer the question – what is the CyberScotland Partnership? Our first guest, Keith McDevitt, Cyber Integrator at the Scottish Government, was instrumental in getting CyberScotland off the ground. We discuss the days before CyberScotland, where the idea came from and the benefits of working in partnership.

What is the CyberScotland Partnership?


Listen to the podcast here. Keep an eye on our website for more episodes over the coming weeks.

Section Newsletters / Campaigns

Newsletters / Campaigns

Countdown to Christmas, Advice Direct Scotland

Advice Direct Scotland will be looking at the different areas that may be at the forefront of the minds of Scottish consumers this festive season in their ‘Countdown to Christmas’ campaign.

This campaign will run throughout the festive period, sharing practical and actionable advice and information in ways you can keep on top of things finically, consumer rights, and signposts to sources of support that are available when you need them.


CyberScotland Week, 27th February – 5th March 2023

CyberScotland Week is Scotland’s annual week-long festival of events on cyber awareness, cyber careers and innovation in cyber security.

There are many ways you can get involved in the week. You could host an event and share your knowledge with customers, colleagues or friends. Increase your cyber awareness and resilience by attending events throughout the week and sharing our resources on the CyberScotland website.

This is a fantastic opportunity for you and your organisations to stay secure online and learn how you can protect yourself, protect your business and be more cyber aware.

To offer to host an event or speak at one, please contact [email protected]

Keep up to date on social media: FacebookTwitterLinkedIn #CSW2023


Trading Standards Scotland, Scam Share Newsletter

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here. Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Neighbourhood Watch Scotland

Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Section Training and Webinars / Events

Training and Webinars / Events

Public Sector Cyber Up-Skilling Fund

Are you interested in upskilling your employees in the area of cyber security, at no cost to your organisation?

A one-off scheme, funded by the Scottish Government and administered by ScotlandIS, the trade body for tech in Scotland, is looking to help public sector bodies improve and accredit the cyber security skills of their employees.

The fund will be allocated on a first-come, first-served arrangement so you should act fast to avoid disappointment. Click here for more information and to see if you are eligible for this funding.

ScotlandIS pblic sector upskilling fund

SQA Level 3 Cyber Security, Monday 12th December, 4pm

Teachers: Education Scotland has created learning and teaching resources for the new cyber security unit at level 3 the SQA has created.

The new unit will give learners a basic introduction to cyber security and the skills and knowledge they will need to undertake NPA Cyber Security at Levels 4,5 & 6.

This webinar is for secondary teachers who are planning to offer the new cyber security unit. Sign up here

Cyber Security Unit Digi-Learn graphic

Exercise in a Box Workshop – exercising your response to a cyber incident, 15th December 9.30am

Scottish Business Resilience Centre is facilitating workshops taking Scottish public and third-sector organisations through using NCSC’s Exercise in Box security tool. They are offering in-person workshops alongside their virtual sessions covering ‘Ransomware’, ‘Digital Supply Chain’, ‘Sensitive Data Leak’ and ‘Micro Exercises’.

This is a great opportunity for you to test the resilience of your organisation.

December 9.30 – 11 am

  • Exercise in a Box ‘Ransomware’ MS Teams – 8th December
  • Exercise in a Box ‘Digital Supply Chain’ MS Teams 15th December

Workshops are free to those in health, social care, housing, charitable or public sector organisation in Scotland looking to strengthen your cyber defences, sign up below.

Find out more details and book ongoing Exercise in a Box events

excersie in a box

GCHQ Christmas Challenge, Wednesday 14th December

Secondary schools and colleges – register your interest to receive the GCHQ Christmas Challenge resource pack on Monday 12 December to prepare for the challenge on Wednesday 14th December.

The #GCHQChristmasChallenge is packed with puzzles that you need to crack to uncover a hidden festive message. It has been designed specifically for 11 to 18-year-olds.

The challenge will be available to everyone on the GCHQ social media channels and the GCHQ website on Wednesday 14 December.

GCHQ XmasChallengeLogo768x512
Scottish Government
Police Scotland
Cyber and Fraud Centre – Scotland
Back to top of the page