Tescos Online Banking Thefts
Tesco Bank is reported to be working with the National Crime Agency to investigate an incident where suspicious transactions resulted in money being taken from thousands of customer current accounts.
Money Taken.
In what was described by Tesco as a ‘sophisticated’ attack last weekend, suspicious transactions were spotted by Tesco’s automated monitoring systems in an estimated 40, 000 customer accounts. In what many security commentators are saying appears to be a bank hack on an unprecedented scale, Tesco moved to suspend all transactions while the event was taking place.
Unfortunately there have been reports that despite Tesco’s attempts thwart the attack, money was actually taken from 9,000 current accounts.
Refund Pledge Made Good.
Tesco is reported to have already made good on a pledge to refund any money taken from the customer accounts in the attack. Latest reports show that the 9,000 account holders affected have now been given a total of £2.5 million in refunds.
Core System Thought To Be Safe.
Security commentators have suggested that because customers were still able to ATMs the indications are that the core computer system looks unlikely to have been affected. Tesco did, however, suspend online debit transactions and blocked customers from making online payments using their debit card since Sunday to prevent further criminal activity.
Not Many Current Accounts.
Although Tesco Bank has 7.8 million customers, it only has 137,000 current accounts, with the rest of the business being based around loans and credit cards. This is a much smaller number of current account customers than the big 4 banks of Lloyds Banking Group, HSBC, Royal Bank of Scotland and Barclays.
The majority of Tesco Bank’s business is carried out via an online app, and therefore cyber security is a key concern. This latest attack has therefore come as a major shock, and looking on the plus side, Tesco Bank was able to spot the incident early, take preventative action, and start warning customers by text, and promptly issue refunds.
Via Website.
The speculation by some security commentators at the time of the attack was that criminals may have been able to exploit an issue in a third party’s connection to Tesco’s website to get in.
Tesco, however, have since stated that they know the exact nature of the attack but are not able to say more because it is part of a criminal investigation.
Tesco Bank Chief executive Benny Higgins has apologised to customers.
What Does This Mean For Your Business?
The financial sector has been warned about the likelihood of cyber attack attempts and, as customers, it is frustrating to hear that major banks can be affected in this way.
As bank customers, the kinds of precautions we can take are to make sure that we have a very strong password (one that isn’t used elsewhere), and to make sure that the security software on the PC, phone or tablet is kept up to date.
It is also important to watch out for phishing emails. It may also be the case that we need to be extra vigilant in the wake of an attack as some cyber-criminals have been known to send out spam (posing as updates from the affected company) in order to trick customers into parting with their password details.
It is noted that were the speed of response not as quick, the impact could have been a lot worse. This reinforces the fact that all companies need to maintain disaster recovery plans and policies to adhere to in the event of a major issue.
Security Fears About Software Than Can Copy Your Voice
After its unveiling in a live demo at the Max Conference San Diego last week, Adobe’s Project VoCo audio / voice manipulation software has been the subject of some concern over its potential for misuse.
What Is Project VoCo?
Project VoCo is an audio editing program that enables you to edit speech as easily as you can text or pictures. This is why it has also been dubbed the “Photoshop of speech”.
How Does It Work?
The program needs around 20 minutes of voice samples from a person. These samples are then broken down by the program into phonemes which are the smallest units of sound in speech. These phonemes are then transcribed, and the voice model is then created.
What’s The Problem?
The potential problem with the program that has caused the voicing of concerns is that the program is so flexible that it could be misused. For example, VoCo allows you to use the same voice model to create completely new recordings. In other words, you can take a recording of a person’s voice and make a new version from it that includes words and phrases the original speaker never used.
Some critics have therefore said that VoCo has the potential to undermine trust in journalism or even pose a security threat. Other critics have suggested that the developers of the program had somehow missed or ignored the ethical dilemmas involved in creating a voice manipulator of this kind.
Some of the main concerns about the capabilities and availability of the program include that:
- It could mean that digital media may therefore not be able to be used e.g. by lawyers and journalists, because of doubts about authenticity.
- It could be used to fool bank security systems where voiceprint verification is being used for customers who phone in.
No Ship Date Announced.
So far, just the demo of VoCo has been shown to the world, and although Adobe are standing by their product for the many positive benefits that it will bring, no ship date has been announced for it and the release date is not imminent.
What Does This Mean For Your Business?
As a product that could be potentially used by businesses, VoCo could be a very powerful, useful and value-adding / time saving tool for example when used to fix podcasts, create marketing communications, or even to fix audio book recordings.
Businesses also have the right to feel nervous about how the program could be used in the wrong way e.g. by criminals are part of cyber fraud /cyber attack on the business or on the bank that the business uses.
At present, the Biometrics companies (who are now being used by banks) are re-assuring people by saying that their systems would not be fooled by VoCo. Research is also under way to find a way to enable detection of the use of the software e.g. by some kind of watermark.
Thor Virus hitting hard with small business.

A new variation of the well-established crytolocker virus is doing the rounds. It is being spread by an attachment in an unsolicited email. The email is very convincing and comes either from companies house or as an invoice for you to pay, the look of the email is spot on and at first glance looks legitimate, in fact without opening the attachment you would be hard pressed to notice any glaring tells that point at it being a virus.
Once opened the word or excel attachment pulls down a macro that infects your machine and renders your files unusable. There is no fix for this and only recovering the files from a recent back up will save your data.
Please be vigilant regarding any emails with attachments, as a best practice Never open Word or Excel files from an email. If in doubt reply to the email requesting a PDF to be sent in its place, if the email is legitimate then a PDF should follow.
If you need to review your back up services, please get in touch.
MPs Want ‘Roaming’ Allowed In Poor Coverage Areas
The cross-party ‘British Infrastructure Group’ of 90 backbench MPs have asked mobile phone companies operating in the UK to work together to enable customers to roam between networks in places where reception is poor.
Coverage and Reception Problems.
The group of MPs have produced a report in support of their proposal which shows that around 17 million customers in the UK have poor mobile phone reception in their area. The report also shows that there are 525 areas of the UK where there is no mobile phone coverage at all.
It is not uncommon for people in poor reception areas of the UK to have to walk or drive sometimes long distances to find a signal. As well as being disruptive to home or business life, poor mobile phone reception could also be a risk in the case of emergencies.
Unacceptable Situation.
As well as the leader of the group of MPs (Grant Shapps) describing the poor mobile connectivity in areas of the UK in 2016 as “unacceptable”, the group’s report highlighted how mobile phone coverage in the UK has not improved significantly since 2014 when the government agreed a £5bn investment deal with the network operators. The report also stated that the UK looks likely to fall short of its 90% phone coverage by 2017 target.
Suggested Solutions.
The solutions suggested by the MPs and technology commentators focus on network roaming and using SIMs that allow switching to better performing foreign networks.
The MPs have argued to have the law changed allow domestic roaming in the UK. This means that customers would able to roam between different phone networks to get the best reception. This could reduce costs for customers and help to identify the worst phone networks.
With this idea, customers could use a foreign SIM or a global roaming SIM to enable them to receive better overall network coverage. It has also been suggested that customers could operate a dual SIM phone which could use a UK SIM for most of the time but could switch to a foreign SIM when there was no signal.
Commentators representing the views of mobile phone companies have said, however, allowing network roaming in the UK would not provide the right incentives for operators to make future investments.
What Does This Mean For Your Business?
With mobile devices now being used extensively by businesses and with websites now recording more traffic globally from mobile devices than from desktops, this is an important issue for UK businesses.
The fact that MPs are seeking to highlight things from the network user’s point of view and to put pressure on the mobile operators to allow solutions such as network roaming is good news for UK businesses. Unfortunately, coverage targets for the UK look set to be missed so more pressure from MPs and mobile network users may be needed to bring UK coverage and reception up to the standard of other countries.
Chancellor Says We Need To Retaliate Against Cyber Attacks.
In a speech describing the UK government’s plans for spending £1.9bn on cyber security, the Chancellor Philip Hammond has said that the UK needs to be able to retaliate in kind against state-sponsored cyber attacks.
In the National Cyber Security Strategy speech at the recent ‘Future Decoded’ conference, Mr Hammond focused on key national cyber security challenges and the need to “deter those who seek to steal from us, or harm our interests”.
Retaliation.
Mr. Hammond stated that the ability of the UK to trace cyber attackers and to retaliate in kind would be a deterrent.
The chancellor talked of the need for the UK to keep up to speed with the threats that the country faces such as those carried out by “perpetrators who then try to deny their involvement”. Although he didn’t refer to one country directly, many political and tech commentators appear to believe that he was referring to the threat of Russian state sponsored cyber attacks.
This is especially likely, considering that MI5 recently reported that Russia poses an increased cyber-threat. Those speaking on behalf of the Kremlin have described the MI5 report as “unfounded and groundless”.
Somewhere Between Ignoring It And A Military Response.
Mr. Hammond put the idea of being able to respond and retaliate to cyber attacks such as those designed to disable the UK’s power network or an air traffic control system as being the middle choice between simply “turning the other cheek” or choosing a “military response”.
Spending The £1.9bn Strategy Budget.
The £1.9bn National Cyber Security Strategy budget (allocated by the previous Chancellor George Osborne) is currently being (and will be) spent in many different areas. Areas of spending so far have included automated malware and spam screens for the UK, and systems to verify where emails come from in order to help prevent tax fraud campaigns aimed at the UK.
There will be future spending on the recruitment of more than 50 specialists to work at the cyber-crime unit at the National Crime Agency, as well as the setting up of a fund to help security-based start-ups who work on cyber-security tools and defences.
Reportedly, there are also plans for the creation of a Cyber Security Research Institute to co-ordinate research into improving defences for smartphones, laptops and tablets. A national scheme will also be set up to retrain high-aptitude professionals as cyber security experts.
What Does This Mean For Your Business?
Cyber crime levels in the UK are currently very high and all businesses, as well as the nation’s infrastructure systems, face the daily risk of cyber attacks. As well as the schemes such as the national filter for spam and malware, businesses in the UK could benefit from a boosted National Crime Agency, money for cyber security start-ups as well as the increased cyber security expertise and knowledge and other potential spin-offs from the government’s much-needed investment in this critical area.
The introduction of the EU’s new GDPR data security rules in the UK in 2018 means that an investment in cyber security help for the UK should be very much welcomed by businesses of all kinds.
There’s Now More Mobile Than Desktop Web Traffic.
‘Desktop’ has always been the way that most people access the web although this trend has been in decline in recent years. Now the latest figures show that mobile access overtook desktop for the first time in October.
StatCounter figures for October have shown the balance tipping away from desktops for the first time with 51.3% of global web traffic accessing the web using smart-phones and tablets.
Desktop Still Most Popular in the UK & the U.S.
Although the trend globally is in favour of mobile access, here in the UK, the desktop is still the main route to getting online. 55.6% of traffic still comes from the desktop and only 44.4% comes from mobiles and tablets.
The picture in the U.S. is similar but with the desktop being even more popular. Over there, 58% of traffic comes via desktops with only 42% via using smart-phones and tablets.
Reasons For Growth in Mobile Popularity.
There are a number of related reasons why the desktop is now taking 2nd place globally to smart-phones and tablets, namely around the fact that smart-phone and tablet ownership has been growing.
Smart-phones have become a central hub of many peoples’ daily lives and are now in the pockets of 70% of UK adults. Mobile-only internet usage has become more common, driven predominantly by Millennials, of which 21% are no longer using desktop computers to go online.
There has also been a huge increase in the UK in the numbers of 55-64 year-olds who are joining the smart-phone revolution. Ownership in this age group has more than doubled since 2012, from 19% to more than 50%.
The use of smart-phones and tablets has also been aided by better and faster connections such as 4G.
Internet Access Greatest in Advanced Economies.
Although Internet access is growing in poorer nations, it is in the advanced economies where most people have Internet access and smart-phones. This latter group are able to make them part of their daily lives.
Countries where Internet access and smart-phone usage are highest include South Korea, Australia, Canada, the U.S and the UK. At the other end of the scale, Ethiopia, Uganda, Pakistan and Burkino Faso have access levels below 20%.
What Does This Mean For Your Business?
Businesses now need to make sure that their website is mobile friendly in order to take advantage of online opportunities and to compete effectively.
It is particularly important to have a mobile-friendly website that provides a good customer experience if your business is trying to attract Millennials and even Generation-Z customers. Making sure your website is mobile compatible can also help with your search engine rankings as Google now favours mobile friendly websites.
There is also an argument that if UK businesses (post-Brexit) want to trade in other countries where mobile usage is particularly high e.g. India, then a mobile friendly website is a must.