CyberScotland Bulletin

March 2023

CATEGORIES
CyberScotland Bulletins

The CyberScotland Bulletin is designed to provide you with information about the latest threats, scams, news and updates covering cyber security and cyber resilience topics. We hope you continue to benefit from this resource and we ask that you circulate this information to your networks, adapting where you see fit. Please ensure you only take information from trusted sources.

If there are any cyber-related terms you do not understand, you can look them up in the NCSC Glossary.

Please subscribe to our CyberScotland mailing list to be notified by email when a new bulletin is published.

Keep up to date on social media, follow us on Twitter and LinkedIn.

National Cyber Security Centre (NCSC)

Aerial View Photography of Container Van Lot

New Supply Chain Mapping Guidance

Many organisations rely upon suppliers to deliver products, systems, and services and weaknesses in the supply chain can be a major cyber security risk for organisations. The NCSC has published new guidance to help organisations better understand the process of recording, storing and using information from suppliers.

The new ‘mapping your supply chain’ guidance explains:

  • What supply chain mapping is, why it’s important and how it can benefit your organisation
  • What information it will typically contain
  • The role of sub-contractors that your suppliers may use
  • What this means when agreeing contracts

The NCSC has additional guidance on how to access and gain confidence in your supply chain security

NCSC Threat Report

The NCSC produces threat reports drawn from recent open-source reporting. View the latest report here.  

To ensure you get the most up-to-date information from NCSC, you can sign up for their email service where they are sharing all advisories, threat reports, and urgent communications. Select ‘threat report and advisories’ to receive the most up-to-date content.

Organisations that are proactive in their approach to the management and handling of cyber security should consider joining the Cyber Security Information Sharing Partnership (CiSP).

Twitter plans to remove 2-Step Verification by SMS

Twitter has announced that it plans to remove 2-Step Verification (2SV) by SMS (code sent via text message) for users who aren’t Twitter Blue subscribers.

You should use 2-Step Verification (also known as 2-Factor Authentication) whenever a service offers it. If a service is withdrawing support for the option to use SMS codes, NCSC recommends that you replace it with another method.

Read NCSC’s guidance on the types of 2SV available and how to set up this feature for your accounts.  

The NCSC’s Reporting Service

The NCSC is a UK Government organisation that has the power to investigate and take down scam email addresses and websites.

As of January 2023, Suspicious Email Reporting Service (SERS) has received over 17 million reported scams since its launch in 2020, which have resulted in 114,000 scams have been removed across 209,500 URLs.

You can help to play your part in protecting others by reporting suspicious activity online and help make the internet a safer place.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

In Scotland, report all scams to Advice Direct Scotland by calling 0808 164 6000 (Mon-Fri 9 am-5 pm) or online at www.consumeradvice.scot. Visit scamwatch.scot to use the Quick Reporting Tool.

If you become a victim of cyber crime you can report this to Police Scotland by calling 101.

Trending topics

CyberScotland Partnership’s second anniversary

The CyberScotland Partnership is celebrating its second anniversary as a vital collaboration, providing clear and coherent information to support individuals and organisations in their efforts to stay secure and resilient.

Over the past year, the Partnership has collaborated on cyber security campaigns for various audiences, creating resources to help organisations prepare for cyber incidents. A new cybercrime training guide was also developed to help employers and staff understand their role in preventing cyber attacks, while a television campaign titled “DIGI Ken” aimed to educate the public on how to protect themselves online.

With the continued support of the partners, it is well-positioned to continue this important work in the coming year, ensuring that organisations and individuals throughout Scotland are more cyber-resilient.

CyberScotland Week logo

CyberScotland Week 2023

A highly successful week of events took place last week as part of the annual CyberScotland Week celebrations.

Now into its fifth year, the week attracted over 130 engaging and informative events, for people across Scotland to attend. The week has become a highly anticipated event, drawing in top speakers from across Scotland, the UK (including the CEO of the National Cyber Security Centre), and even internationally, such as the FBI, to share their insights and expertise.

The week proved very popular and demonstrated the growing interest in this subject area. Some of the week’s events have been recorded and these will be added to the CyberScotland Week website in the upcoming week.

Thank you to everyone that got involved, from hosting events, attending them, or raising awareness online.

Donating to charities safely

If you are thinking about donating money online, be careful of scammers who may look to take advantage.

Consumer group Which? have noted that criminals have set up fake accounts on social media that pretend to collect donations for the victims affected by the Turkey-Syria earthquake. The fake profiles and websites contain misleading or false information and are asking people to send donations via cryptocurrency, non-fungible tokens (NFTs), or PayPal.

To avoid these scams, it is important to donate to legitimate charities and only use secure payment methods. Be cautious of any links asking you to donate which come via email, phone call, text message or social media. Make sure to verify that your donations are going to a trusted organisation.

In Scotland, all charities must be registered, and an online register of charities is maintained by the Office of the Scottish Charity Regulator (OSCR).

The Disasters Emergency Committee (DEC) is an umbrella body that brings together 15 UK aid charities in times of crisis. It has an ongoing Ukraine Humanitarian Appeal, Pakistan and Turkey-Syria appeals should you wish to donate.


Energy discount for off-grid households

Homes that don’t have a direct relationship with an electricity supplier can now get Government support with their energy bills. The payments are part of the Energy Bills Support Scheme, in which most households are eligible for a £400 energy discount support from October 2022 to March 2023.

Scammers have been using the cost of living crisis as a way of tricking people into making payments or handing over personal or financial information. The Government will never provide links to its application website in an email, text or another message so you should avoid clicking on any links as this will be a scam. You can access this discount through the official gov.uk website.

More information on the Energy Bill Support Scheme can be found at www.energyadvice.scot

Newsletters / Campaigns

Get Safe Online – Online Shopping Fraud

A new campaign from Get Safe Online focuses on the threat of online shopping fraud as consumers increasingly look for good deals online off the back of the cost-of-living crisis.

Get Safe Online’s top tips on how you can protect yourselves from falling victim to purchase fraud:

  • Pay by card if buying things online – if you’re buying things online, always pay by card. Fraudsters like bank transfers and will always encourage you to pay via this method because it’s almost impossible to get back. Genuine sellers let you pay by card.
  • If possible, see goods in person – especially if you’re buying from social media or an online marketplace. Fraudsters take the time and effort to create profiles or sites that make you believe they’re a genuine seller, always ask to see the item in person before paying for it to avoid disappointment. 
  • Look beyond the deal – fraudsters like a confident buyer. They only want you to focus on the item and price. That way you’re less likely to stop and think to check if it’s safe and spot the warning signs.

Trading Standards Scotland, Scam Share Newsletter

Other scams to be aware of are identified in the latest Trading Standards Scotland Scam Share newsletter. You can sign up for the newsletter here.

Check out their #ScamShare Spotlight PDFs focusing on frequently reported email, phone, text and cyber scams in Scotland.

Neighbourhood Watch Scotland

Sign up for the Neighbourhood Watch Alert system to receive timely alerts about local crime prevention and safety issues from partners such as Police Scotland.

Training and Webinars / Events

Public and Third Sector Cyber Roadshow

Cyber and Fraud Centre – Scotland is delivering a series of events for public and third-sector organisations across the country.

These events will focus on discussing some key cyber security topics you and your organisation or charity should be considering for 2023. Everything discussed will tie in with additional resources available and will help you fully utilise these within your organisation or charity. Each event will be in person giving everyone an excellent chance of networking with others working within the public and third sector with an interest in cyber security.

Book for an upcoming event

Improving Scotland's Cyber Resilience. Wednesday 15th March, Inverness

IT Managed Service (ITMS) Community Event – Improving Scotland’s Cyber Resilience, Inverness

This event hosted by ScotlandIS is designed for IT Managed Service Providers and associated cyber organisations.

Presenters will provide insight on several topics that have been requested by the ITMS community, including a cybersecurity exercise demonstration and a real-life horror story of what can happen when your business isn’t protected. Attendees will also gain insight into the Cyber Essentials accreditation from IASME.

This is a great chance to bring together this community in the North of Scotland to gain insights and share experiences and the potential for collaboration.
15th March, 10 am – 4 pm: Sign up here

Online Safety Live Scotland, By UK Safer Internet Centre

Online Safety Live Scotland is a series of free online safety briefings, designed exclusively for professionals working with children and young people. These 1.5 hour events from 20th – 24th March will cover the latest issues, trends, research, resources and advice for supporting young people in their online lives. 

Book now for Livingston, Carnoustie, Dundee, Aberdeen, Larbert or Musselburgh at https://saferinternet.org.uk/events.

Open laptop with a blurred virtual meeting taking place.

NCSC Digital Loft: Deep Dive Session Changes to Cyber Essentials 2023

The NCSC and its Cyber Essentials delivery partner, IASME, have announced that the technical requirements for Cyber Essentials will be updated in April.

This annual update aims to ensure that organisations with Cyber Essentials continue to guard against the vast majority of common cyber attacks.  

To coincide with the publication of the refreshed requirements, NCSC will be hosting a deep dive session on the technical changes on the 14th of March 2023, 10.30 am – 12.00 pm.

Register today to get a preview of the changes and make sure you have all the info you need before the update goes live in April.

CyberUK 2023

Applications for CYBERUK 2023, which will be taking place on 19-20th April in Belfast, are still open. 

For more information about the event, including programme announcements, visit the CYBERUK website.

You can also check out the CYBERUK YouTube channel. There you’ll find a range of content from previous events, conversations, topic reviews and insights into the forthcoming event. They will also be adding new content regularly in the lead-up to CYBERUK 2023. 

CYBERUK applications close on 17th March

Securing an open and resilient future
Scottish Government
Police Scotland
Cyber and Fraud Centre – Scotland
Back to top of the page