We know that cyber criminals are exploiting coronavirus fears and using the pandemic as bait in phishing attacks, but the public have been fighting back.

Earlier this week, the NCSC announced the launch of the Suspicious Email Reporting Service (SERS), in partnership with the City of London Police. It offers an opportunity to report suspicious emails directly to the NCSC. By doing so, reporters are helping to bring down malicious campaigns and it has already had good success.

As of Friday 12pm there has been more than 12,131 reports with 220 scams brought down.

The service was launched in line with the new Cyber Aware campaign which advises on recommended behaviors which can help people to stay secure online.

If you have spotted a suspicious email then you should take advantage of the reporting service by sending the emails to report@phishing.gov.uk. If you have been a victim of phishing have lost money then please contact Action Fraud.

Phishing guidance for individuals and families is also available here on the NCSC website.


Millions of fitness app users exposed after data breach

It has been reported that a firm behind a fitness app has unintentionally leaked data, including personal information, of millions of customers.

Kinomap, which specialises in indoor training, had inadvertently left its database exposed online, which meant that the records of 42 million users from 80 countries were viewable for at least one month.

The breach exposed full names, home country, email addresses, usernames, gender, and timestamps for exercises.

Kinomap says that the database was secured on the day they were alerted by cyber security researchers.

Large stores of data are a tempting target for attackers. The NCSC has published advice to businesses on how to adequately protect such information and how to protect against the phishing threat following data breaches.

Whilst this particular story does not involve AWS, this NCSC blog post does discuss similar issues.

Anyone concerned about the security of their online accounts should follow the guidance in ‘Top tips for staying secure online’.


Nintendo Switch owners urged to turn on 2FA following a spate of account hacks

Several Twitter users have reported they’ve lost money after hackers hijacked their Nintendo accounts.

After receiving an email alerting an unknown IP address logging into their accounts, users some users found that a linked credit card or PayPal account was been used to make expensive purchases.

In some instances, criminals bought ‘V-bucks’ – the in-game currency of popular video game Fortnite.

Technology news site ZDNet has published screenshots of recent listings on internet marketplaces purporting to sell V-Bucks acquired from Nintendo Switch accounts.

Nintendo hasn’t directly confirmed an increase in hacks targeting accounts but has tweeted guidance on how to turn on two-factor authentication (2FA) for Nintendo accounts.

Where possible, we recommend turning 2FA on to secure all online accounts.

Advice can be found in our setting up two-factor authentication (2FA) guidance, but these other pieces of advice may also be helpful: