cybercrime
,

Five cybersecurity trends to watch in 2019

Scrutinising the cybersecurity landscape, here are some of the key trends you can expect in 2019.

  1. Cybersecurity is now a threat to every organisation

Cybersecurity has been brought into the mainstream. Modern criminals are no longer content with targeting banks and other financial institutions. Instead, they are affecting all kinds of organisations from hospitals to law firms, local authorities to businesses.

Common threats include ransomware, phishing and malware.

You can check out the latest data security incidents by sector on the ICO’s website.

  1. Hefty fines are coming

Since the introduction of the GDPR, the ICO has taken a proactive stance when it comes to commenting on large-scale breaches. But, as yet it is still focused on supporting organisations to take appropriate action in the immediate aftermath of any privacy violation. And helping to prevent breaches from happening in the first place.

So, we haven’t yet seen the enormous fines promised for those that don’t look after our data properly. But you can be sure they are coming. And, according to data protection lawyers, the Ticketmaster data breach could be a real test to see if the legislation will hold companies to account.

  1. Methods of attack are becoming increasingly more sophisticated

While the majority of attackers are still going after easy “low-hanging fruit” there are signs that cybercriminals are becoming increasingly sophisticated.

For example, last year two friends were jailed after breaching the TalkTalk website in 2015 as part of a group of hackers. During the raid, the pair managed to get away with the names, addresses and dates of birth of 1.6 million customers, before sharing much of the data online. And while TalkTalk was fined £400,000 by the Information Commissioner’s Office (ICO) for not appropriately securing the data, the “significant, sophisticated systematic hack” is thought to be one of the biggest data breaches in history.

AI-assisted imposters are also set to become an increased threat. With machine-learning helping to make existing cyber-attack efforts like identity theft, denial-of-service attacks and password cracking faster, more formidable, and more effective.

Furthermore, as we move deeper and deeper into the Internet of Things (IoT), more and more devices and data are going to be connected to the internet. Keeping these safe from hackers is going to be an ongoing challenge.

  1. The law is still evolving when it comes to data protection

 In 2019, it is much easier to bring compensation claims for distress, rather than as an add-on to a financial loss claim. What’s more, the courts are looking at a wider-range of factors when deciding on appropriate compensation.

There is also more emphasis on the relationship between privacy rights and data protection from a legal perspective. This is good news for individuals as it means they can start a claim based on more than one ground (i.e. for the misuse of private information and for breach of data protection obligations).

  1. Cybersecurity is now political

We’ve all read about how Facebook was allegedly used to corrupt our democratic process following the Cambridge Analytica scandal. With questions raised over whether our data was used to influence the outcome of the Brexit referendum.

What’s more, a recent parliamentary committee warned that our critical national infrastructure is at risk from cyber attackers. And, The National Cyber Security Centre (NCSC) cautioned that hostile states are likely to target British infrastructure.

For example, experts are predicting that smart energy meters could leave householders vulnerable to cyber-attacks and higher bills. Perhaps even more concerning, in March 2018 the National Grid was put on alert amid fears of a Russian cyber-attack, and given advice on how to boost its defences to prevent power cuts and avoid a catastrophic attack.

Awareness is crucial

At Hayes Connor, we believe that raising awareness of the growing cybersecurity threat will help organisations across the UK improve their data protection processes. But it’s also vital that we all do our bit to protect ourselves as individuals.

For more advice on how to keep your data safe, follow us on Twitter and Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

 

 

libel
,

Online defamation and libel: know your rights

Defamation is a bit of a hot topic at the moment. Earlier this year, writer and food blogger Jack Monroe won a libel action against Katie Hopkins, and was awarded £24,000 damages, for tweets which suggested that Monroe approved of defacing a war memorial during an anti-austerity demonstration in Whitehall. As a result of the fine, Hopkins had to apply for an insolvency agreement to avoid bankruptcy. Libel is a form of defamation.

Other instances where defamation has been brought into the public eye include where high-profile celebrities or businesspeople have brought an injunction to prevent the publication of material that would be damaging to their reputation (so-called gagging orders).

If you have been the victim of online defamation, it’s vital that you know your rights and what you can do to protect your reputation and achieve redress.

What is defamation?

Defamation is an all-encompassing term that covers any statement that damages someone’s reputation.

A defamatory statement can be made in:

  • Verbal form. This is classed as slander because only the spoken word is involved. Slander can be difficult to prove
  • Written form. This is classed as libel. A case for libel is easier to bring because evidence can be documented.

Defamation makes an ordinary person modify their opinions of another person as a direct result of hearing or reading the statement. Under UK law it is possible to defame businesses as well as individuals. A person that has suffered a defamatory statement can sue the person that made the statement under defamation law.

What is libel?

Online defamation tends to involve libel. You could accuse someone of libel against you if they:

  • Sent an email, or an email attachment defaming you, where that email is widely posted or forwarded
  • Made defamatory material available via a web page
  • Posted defamatory material to an email list or newsgroup
  • Streamed defamatory audio or video.

Anyone who actively transmits defamatory material may also be liable as part of any legal action.

What about freedom of expression?

It is accepted in a democratic society that individuals have a right to express their views and preferences. The internet offers great potential to do this.

Defamation is an abuse of this freedom of expression; where untrue statements may have a harmful impact on a person’s reputation.

It is critical to ensure that unfounded claims should not be allowed to damage a person’s reputation, but it is also vital for the law to balance such protections with the rights to freedom of expression. As such, the issue of defamation has become a much contested topic.

Of course, there is a balance to be had between one person’s right to protect their good name and another person’s freedom of speech. However, if someone has made an untrue statement about you, which was published on the internet, and which caused you injury, then you are entirely in your rights to sue for online defamation.

notjusthackers
, ,

Make sure you enter your email address correctly when signing up online!

According to a recent report, people are unwittingly “handing over the keys to their digital life”. BBC News has revealed that journalists were able to see details of a stranger’s credit report after an individual entered the wrong email address when signing up to the online service.

In this case, a person signed up to a credit service, but when doing so, entered a slightly incorrect email address. This email address then doubled as the account username.

When an email was sent from the credit service to confirm the account, it was, therefore, sent to the wrong person. Someone whose email address was almost the same as theirs.

And because this stranger had full access to the account, they could get into the account and even change the password. So, one small mistake let the wrong person see a huge range of personal information including the date of birth and previous addresses of the actual account holder, as well as information about their applications for credit.

The problem with email

Most of us hand over our email addresses in return for services. And we do so willingly. But our email address provides a way into our digital life. Just one wrong letter or a dot in the wrong place could mean that our personal and sensitive information falls into the wrong hands.

In most cases, if someone with a name like yours gets access to a service you signed up for they are likely to delete it (often thinking it might be spam). But are you willing to take that risk?

In this case, the information accessed would be extremely valuable to cybercriminals, who could use it to apply for loans and other credit in your name.

How to protect yourself

At present, most businesses have processes in place to respond to errors and stop fraud from happening. But what if you don’t know you have made a mistake until it is too late?

Valuable data is being put at risk by people inputting the wrong email address. So simply having a few words of warning on a site asking people to check that they have entered the right details isn’t working.

In response, companies are being urged to find other ways to check their customers are who they say they are (e.g. two-factor authentication and ensuring people signing up for a service enter their email address twice  – with no cut and paste option).

But to keep yourself safe online it’s vital that you do everything you can to protect yourself from fraud, and become more vigilant when signing up online.

For more advice on how to keep safe online, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895.

notjusthackers
, ,

What can happen when sensitive information gets sent to the wrong address?

Cybercrime is rarely out of the headlines, leaving many of us worried about what could happen if our personal data became a target of online fraudsters. But in most cases, it is human error rather than cybercrime that is the biggest cause of data breaches. And, these errors are just as likely to happen offline.

In a recent case, our solicitors saw the impact of what can happen when sensitive information was sent to the wrong address by mistake.

What happened in this case?

In this data breach, a local authority sent a copy of a court order containing sensitive personal information about a father (our client) and his daughter to the wrong postal address.

Just a small error saw the letter being sent to a neighbour, who brought it round to the right address. But the letter had been opened and after talking to the neighbour it soon became clear that it had also been read.

What’s more, when the letter was passed to the right house, it wasn’t handed to the right person. Because it was opened, it was then read by another member of the family who became distressed at the contents. This went on to cause difficulties in the family.

As a direct response of a seemingly small admin error when posting the letter, this data breach has caused considerable distress, upset and embarrassment to our client and his family. Not only did our client have to explain a sensitive situation to his family in more detail than might otherwise have been necessary, but his neighbours are also aware of a very private and sensitive situation – one which has been talked about within the small local community where he lives. As such the consequences of the error were far-reaching.

What can you do to stop this from happening to you?

There are a few lessons that can be learned from this case. For example, when handing over your postal address in return for services it is vital that you check that these details have been taken down correctly.

You are completely within your rights to ask for a copy of the data a local authority (or any other organisation) holds about you. This is called making a subject access request (SAR). Find out more about making a SAR.

Of course, this won’t guarantee that an error doesn’t result in a letter going to the wrong address (especially if the label is handwritten), but it is a good safety precaution to take.

Alternatively, if you are an employee of a local authority and want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the addresses of your customers are correct. This is especially important if you deal with sensitive information. Such steps could include things like additional data protection training, and checks and balances on systems generating correspondence.

For more advice on how to keep safe online, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.

takeover fraud

Bank customer loses thousands of pounds in takeover fraud

In the latest example of takeover fraud, a customer of the Royal Bank of Scotland (RBS) had more than £4,300 stolen from her account despite the fraudulent caller answering one of her security questions incorrectly.

What is takeover fraud?

Takeover fraud happens when a criminal uses another person’s account information (e.g. a credit card number) to buy products and services. Takeover fraud is also used by scammers to extract funds from a person’s bank account.

With more than 24,000 reported cases, takeover fraud increased by 7% last year with bank accounts the most popular target.[1]

What happened in this case?

According to a report by BBC Watchdog Live, the bank maintained that the customer was aware of the transaction and refused to refund her. To make matters worse, the Financial Ombudsman Service – which helps to sort out disputes between financial businesses and their customers – backed RBS after the initial complaint.

However, following a BBC investigation, was revealed that in a recording of the fraudulent phone conversation, a woman can be heard incorrectly answering a security question.

What’s more, a second transaction request made during the same phone call was refused after the caller was unable to answer additional security questions. This eventually led to a warning being raised against the account. The bank’s records also show that the fraudster failed the bank’s voice recognition checks and that the transaction was marked as a “potential account takeover”.

Despite this, a transaction of £4,318 was approved by the bank in a decision which it refused to reverse.

RBS has now apologised to the woman and issued her a full refund. However, it is unclear whether this would have happened without the Watchdog Live investigation.

Worryingly, the bank failed to consider the evidence in this case, including warnings raised by its security processes.

A new code of conduct

Since the con took place, most banks have signed up to a new code of conduct which provides an additional layer of protection to customer affected by bank scams. The new code is designed to minimise the number of financial cybercrimes by encouraging consumers to remain vigilant.

In essence, the new code means that a bank (or another financial provider) can only refuse to reimburse stolen funds where the customer has shown a very significant degree of carelessness. In this case, as the bank failed to heed the warning signs and the woman was in no way negligent, RBS would be liable for the subsequent loss.

Furthermore, under the new guidelines banks should not automatically blame the victims of increasingly sophisticated scams and must take a fairer approach to compensation. What this means is that you can be confident that any claim for reimbursement will be given fairer and quicker consideration.

The code is expected to be finalised next year.

Cybercriminals are becoming increasingly sophisticated

Online criminals are becoming increasingly sophisticated. And it’s not just lone hackers people should worry about. Today, cybercrime syndicates are evolving from existing criminal structures. And, as they strive to become as rich as possible, these criminals are sharing information and collaborating.

As such, banks must make sure that their processes are just as sophisticated and robust.

In this case, it was revealed that the woman’s phone line was diverted to a mobile number on the day of the call. This led to the bank to believe that they were speaking to her at her home address. However, if all the other security checks and processes had worked, the woman would not have been left without her funds for over a year.

Can you get help for takeover fraud?

If you have been the victim of a takeover scam and need help getting your money back, there is some good news.

As well as setting out a new industry code designed to minimise the number of scams by encouraging consumers to remain vigilant, the new industry protections will help victims to secure compensation.

If you need legal help following a takeover scam, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have, and advise you on what to do next.

[1] Cifas

cybercrime claims
,

UK banking customers at risk as scammers steal half-a-billion pounds

According to the latest figures, over £500m was stolen from British banking customers in the first half of 2018.

What’s more, a whopping £145m of that was due to authorised push payment (APP) scams. A push payment scam happens when a cybercriminal tricks someone into sending them money online.

Purchase scams, where people are tricked into paying for products or services that do not exist, were the most common form of APP fraud reported in the first half of 2018.

There were also 3,866 cases of impersonation scams reported. This is where cybercriminals pretended to be from a trusted body (e.g. a bank or the police) to trick account holders into transferring money.

During the same period in 2017, push payment scams saw £101m stolen from UK banking customers. This year’s £44m increase is thought to be partly down to more banks reporting data.

Another £358m has been lost to unauthorised fraud. This includes transactions made without account holders’ knowledge.

How to protect yourself from push-payment fraud

UK Finance, the body behind the latest report offers the following advice:

  • Never disclose security details, such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic
  • Don’t be rushed – a genuine organisation won’t mind waiting
  • Listen to your instincts – you know if something doesn’t feel right
  • Stay in control – don’t panic and make a decision you’ll regret.

However, according to a spokesperson from consumer group Which? the banks’ efforts to tackle fraud has been “woefully insufficient”. He said: “They have not done enough to protect their customers, who continue to lose life-changing sums of money to ever-more sophisticated crooks”.

Can victims of bank fraud get their money back?

While unauthorised fraud victims are usually refunded by their banks, until now, most victims of push-payment scams do not get their money back.

However, the industry has recently introduced new safeguards to help victims of push payment scams to secure compensation as well as a new industry code designed to minimise the number of scams by encouraging consumers to remain vigilant.

This means that victims of push payment fraud can be confident that any claim for reimbursement will be given fairer and quicker consideration.

In fact, your bank can only refuse to reimburse stolen funds where you have shown a very significant degree of carelessness.

Crucially, banks should not automatically blame the victims of increasingly sophisticated scams and must take a fairer approach to compensation. Where a bank still refuses compensation, you can take your case to the Financial Ombudsman Service.

Get legal help making a cybercrime claim

If you want to claim compensation following a push payment (or any other form of cyber-scam or bank fraud), Hayes Connor can help.

Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

If you have a straightforward case, our quick claims form will help you to start this quickly and easily. This means you receive your compensation in the shortest possible time. However, if we believe you have a large, complex case, we’ll go through your options and may be able to act for you on a NO WIN, NO FEE basis.

At Hayes Connor Solicitors we make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making a cybercrime claim, it’s essential to act now.

START YOUR CYBERCRIME CLAIM TODAY

What can you do if your bank refuses to reimburse you following a Push Payment Scam?
,

What can you do if your bank refuses to reimburse you following a Push Payment Scam?

A push payment scam happens when a cybercriminal tricks someone into sending them money online. And it’s more common than you might think. In fact, in 2017, UK bank customers lost more than £236m due to push-payment scams.

In most cases, the push payment scam is successful because the victim believes the fraudster to be genuine. For example, scammers often call people up claiming to be the police or the bank. They might state that someone is at risk of a security threat, and that they are calling to help stop it. In other cases, an email with an address that looks genuine could request payment (e.g. from a solicitor or tradesperson).

The money lost due to push payment scams can be devastating. For example, a mother and daughter In Kent were tricked out of their life savings after unknowingly transferring £113,665 to a criminal, rather than their solicitor.

Another woman was conned into losing her mother’s care-home fees after a criminal claiming to be from her bank’s fraud team flagged up unusual transactions on her bank account. The fraudsters ran through some security questions and extracted the information they needed to access her account and rename her current account “frozen”. When the woman went to check online, it did appear that her account had been locked. She was then asked to move her balance to a new “protected” account. However, when she called her bank to check the transfer had gone through, they knew nothing about it.

Historically, banks and other organisations have avoided paying push payment scam compensation to victims. And, because payments have been authorised by the customer, there has been little chance of redress.

So, can you get compensation for a push payment scam?

If you have been the victim of a push payment scam and need help getting your money back, there is some good news.

The industry has recently introduced stronger protections to help victims of push payment scams to secure compensation. It has also set out a new industry code designed to minimise the number of scams by encouraging consumers to remain vigilant.

What this means is that you can be confident that any claim for reimbursement will be given fairer and quicker consideration. And that your bank (or another financial provider) can only refuse to reimburse stolen funds where you have shown a very significant degree of carelessness. Crucially, banks should not automatically blame the victims of increasingly sophisticated scams and must take a fairer approach to compensation.

Where a bank still refuses compensation, you can take your case to the Financial Ombudsman Service.

If you want to claim compensation following a push payment scam, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

If you have a straightforward push payment scam case, our quick claims form will help you to start this quickly and easily. This means you receive your compensation in the shortest possible time. However, if we believe you have a large, complex case, we’ll go through your options and may be able to act for you on a NO WIN, NO FEE basis.

At Hayes Connor Solicitors we make sure you receive the maximum compensation possible in the shortest possible time. However, with strict time limits in place for making push payment fraud compensation claims, it’s essential to act now.

START YOUR CLAIM TODAY

ticketmaster data breach claim
, ,

Ticketmaster Data Breach Worse Than Thought

Last week, Ticketmaster revealed a significant breach of user payment details after cybercriminals hacked the company’s website. The data breach affects Ticketmaster, TicketWeb and the resale website Get Me In!

Appallingly, it has since been reported that Ticketmaster knew about the data breach two months before it revealed its payment pages had been hacked, AND that some customers of the ticket sales company have had their cards used fraudulently.

To make matters worse, while Ticketmaster has declined to say how many of its customers have been affected – and is referring all press inquiries to its PR agency – early estimates predict that 40,000 people in the UK have had their payment details swiped. However, the number could be even higher.

HOW CAN CYBERCRIMINALS USE YOUR PRIVATE DATA? 

The Ticketmaster data protection breach has compromised customer names, addresses, email addresses, phone numbers, payment details and Ticketmaster login details. Digital bank Monzo believes that some Ticketmaster customers have had their cards used on money transfer service Xendpay, Uber gift cards and Netflix (among other items).

Along with the financial info stolen, the hackers also gained access to personally identifiable information (PII). PII includes any data that can be used to identify a specific individual, and, if it gets into the wrong hands, it can be used to undertake identity fraud.  For example, with enough information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts and access your existing accounts.

Signs that criminals have used your data following the Ticketmaster data breach include:

  • Bills or emails showing goods or services you haven’t ordered
  • Unfamiliar transactions from your account
  • An unexpected dip in your credit score
  • Unsolicited communications that ask for your personal data or refer you to a web page asking for personal data.

Crucially, it doesn’t matter if you haven’t lost out financially as a result of the hack. A personal data breach is a 21st-century version of being burgled and being the victim of a crime can have a significant impact on you mentally and physically. So, if the data breach has caused you stress or anxiety, then the law agrees that you are entitled to compensation.

HOLDING TICKETMASTER TO ACCOUNT

While Ticketmaster was the victim of a cyber-attack, it was responsible for protecting your personal information. So, if you have suffered damage or distress caused by this hack, you have a right to claim compensation.

According to Monzo, it warned Ticketmaster that it might be at risk as early as April, but an internal investigation failed to reveal any security issues.

Commenting on this case, Natasha Vernier, Head of Financial Crime at Monzo said:

 “On Friday 6th April, around 50 customers got in touch with us to report fraudulent transactions on their accounts and we immediately replaced their cards.

“After investigating, our Financial Crime and Security team noticed a pattern: 70% of the customers affected had used their cards with the same online merchant between December of last year and April this year. That merchant was Ticketmaster. This seemed unusual, as overall only 0.8% of all our customers had used Ticketmaster.”

As the matter intensified, between 19-20 April, Monzo sent out six thousand replacement cards to customers who had used Ticketmaster. However, on 19 April, Ticketmaster claimed that there was no evidence of a breach. It also said that no other banks were reporting similar security patterns.

IS TICKETMASTER TO BLAME

Now having to defend this behaviour, Ticketmaster is blaming third-party supplier Inbenta for the security breach. And, it has been confirmed that the hack occurred due to a single piece of JavaScript code customised by Inbenta to meet Ticketmaster’s requirements. Identifying a weakness in this code, attackers used this vulnerability to extract customer information as they were paying for tickets.

However, the Inbenta CEO has said that:

 “Ticketmaster directly applied the script to its payments page, without notifying our team. Had we known that the customized script was being used this way, we would have advised against it, as it incurs greater risk for vulnerability.”

Either way, it is likely that Ticketmaster or Inbenta was negligent in safeguarding your data due to insufficient security systems. Just because they were a victim of a crime does not mean they are any less liable.

Worryingly, a senior software developer at a leading UK cybersecurity company has added:

“If the malicious actor had access to this ‘backend’ what else have they done and what dormant malicious code could still be residing ready to activate?”

 With data breaches on the rise, something has to be done to make big companies accountable for data losses, so claiming compensation isn’t just in your best interests, it could be the only way to ensure that businesses everywhere implement more secure processes.

 HAVE YOU BEEN AFFECTED?

UK customers who purchased, or attempted to buy, tickets between February and June 23 this year may be at risk, as well as international customers who purchased, or tried to purchase, tickets between September 2017 and June 23.

Ticketmaster has said that it has informed those involved. But, while it has offered customers free security software, it has not provided data breach compensation.

If you have been emailed by Ticketmaster and told that your details are at risk, make sure that by agreeing to any free offers, you are not inadvertently signing away your rights to make a data breach compensation claim.

 WHAT SHOULD YOU DO NOW?

With an ICO investigation now underway into the Ticketmaster data breach, whoever is to blame for this appalling data protection failure will no doubt have to pay a hefty fine. And, while the ICO does not award data breach compensation, our data breach solicitors can help you with that.

We have already been contacted by a high number of Ticketmaster customers who are worried that their personal data was not looked after as carefully as it should have been.

In response, at Hayes Connor, we are preparing to launch compensation claims for everyone who has had their data accessed in the Ticketmaster data breach. Depending on the numbers involved we may even start a group action against Ticketmaster.

To start your compensation claim, you will need you to register with us. We’ll let you know what is happening in this case and if and when you can make a data breach compensation claim.

Data breaches often have severe consequences for those affected so you could be entitled to around £5,000 in compensation.

REGISTER NOW

hayes connor solicitors
,

Can you make a data breach claim against Yahoo?

Yahoo has been fined £250,000 after 515,000 UK accounts were compromised. This comes following a sophisticated and persistent attack in 2014. The data protection hack led to user’s names, email addresses, telephone numbers, passwords and security information being stolen by cybercriminals.

Following the fine by the Information Commissioner’s Office (ICO), those affected should now consider a data breach claim against Yahoo.

What happened in this case?

In 2014, a Russian state-sponsored cyber-attack resulted in personal data being stolen from over 500m Yahoo user accounts worldwide. Despite evidence that the firm knew about the hack soon after it happened, the data breach wasn’t reported until September 2016.

What was the result of the investigation?

The investigation focused on UK accounts that were co-branded Sky and Yahoo, and which the London-based branch of Yahoo had responsibility for.

Following its inquiry, the ICO found that Yahoo had “failed to prevent” the hack. The ICO also condemned “inadequacies” that had been in place at Yahoo for some time without being “discovered or addressed”.

The investigation also found that:

  • The firm failed to ensure that its data processor complied with the appropriate data protection requirements
  • The firm failed to ensure that the credentials of employees with access to customer data were monitored
  • There was a lengthy period before the flaws which led to the breach were discovered or addressed

According to an ICO spokesperson:

“The failings our investigation identified are not what we expect from a company that had ample opportunity to implement appropriate measures, and potentially stop UK citizens’ data being compromised.”

As a result, the watchdog imposed a £250,000 fine. However, this represents less than 0.4% of Yahoo UK’s 2016 gross profit.

What can you do?

The ICO has said that cyber-attacks are a fact of life, and that companies have to make it as difficult as possible for them to get in. That it is “no good locking the door if you leave the key under the mat.”

But, while the ICO has the power to impose fines on organisations who fail to meet their data protection obligations, it does not award compensation to victims. However, once an organisation has been found guilty by the ICO – as in this case – you can use that information to support a data protection compensation claim.

What’s more, it doesn’t matter if there is no evidence that the data has been used to carry out identity theft or fraud. If the data breach has caused you stress or anxiety (in a way that could be diagnosed by a psychologist), then the law agrees that you are entitled to compensation.

According to the ICO, Yahoo has informed those affected. If you are concerned that your data was treated negligently by Yahoo, contact Hayes Connor Solicitors immediately. We can help you to claim the maximum amount of compensation in the minimum amount of time, on a no-win, no-fee basis.

Following massive data breaches, companies often set aside funds to pay compensation, so you have nothing to lose.

IF YOU THINK YOU MAY HAVE A CLAIM THEN COMPLETE OUR CONTACT FORM.

With strict-time limits in place for making most compensation claims, it’s essential to act now.

cybercrime solicitors
,

Can you get your money back after a “push” fraud?

Last week, an article revealed the sad case of a widow who was conned into losing her mother’s care-home fees. In a highly-sophisticated cybercrime attack, the woman was defrauded of £20,000 in a so-called “push” scam.

What is push fraud?

Push fraud – also called authorised push payment (APP) scams – happen when criminals deceive individuals into sending them money. Because the victim believes the fraudster to be trustworthy and genuine, they authorise the handover of cash. The money is then quickly transferred by the fraudster to different accounts, often abroad, which makes getting it back almost impossible.

Common types of push payment scams include:

  • Sending falsified invoices that look exactly like ones victims are expecting (e.g. from a child’s school or a legitimate tradesperson)
  • Convincing people to transfer money to someone official, such as a solicitor (e.g. when buying a house)
  • Conning people to transfer cash into fraudulent bank accounts
  • Sending emails pretending to be from a friend asking for money.

While in many cases, the criminals involved might call hundreds of people in the hope of tricking someone, often these cybercrime scams are highly targeted and come after hacking a victim’s emails to identify the information needed to defraud them.

In this latest case, the criminal claimed to be from the Royal Bank of Scotland fraud team flagging up unusual transactions. The fraudsters ran through some security questions to extract the information they needed to access her online banking and rename her current account “frozen”. So, when the woman went to check via the proper channels, it did appear that her account had been locked. In a following call, she was then asked to move her balance to a new “protected” account. But when she called RBS to check the transfer went through okay, they knew nothing about it.

The rising problem of push fraud

The problem of transfer fraud is increasing in the UK. Indeed, according to consumer group Which? in the first two weeks after launching an online cybercrime reporting tool, more than 650 people came forward claiming a loss of over £5.5 million.

Overall, the latest official figures show that over £100 million was unknowingly handed over to criminals through push scams between January and June last year. Over this period around 17,000 people were victims of these scams, and they lost an average of £3,000 each.

How to protect yourself against push fraud

To keep you safe, UK Finance offers the following advice:

  • Never disclose security details such as your PIN or full banking password
  • Don’t assume an email, text or phone call is authentic
  • Just because someone knows some personal information about you (i.e. your mother’s maiden name), that doesn’t mean they are genuine
  • Banks or other trusted organisations will never contact you and ask for your PIN or full password, or ask you to transfer money to a safe account
  • Don’t be rushed into handing over sensitive information, take the time to contact the company directly using a trusted email or phone number to check the request is genuine
  • Listen to your instincts. If something doesn’t feel right don’t be pressured into making a decision there and then
  • Never automatically click on a link in an unexpected email or text.

Are the banks liable?

According to the banks, they make it very clear that customers should never make a payment at the request of someone over the phone or email. So, while millions have been lost by unwitting victims, because the transfers were authorised, until now banks have been unable (or unwilling) to return nearly 74% of the money.

Don’t be fobbed off by the banks!

If you have been the victim of a push fraud and need help getting your money back, there is some good news. Under new plans, the regulator is coming down on the side of consumers and people tricked into transferring money directly to a fraudster can expect stronger protections.

A new industry code will be in place from September, helping victims of such scams to secure compensation. What this means in practice is that victims of push scams can be confident that any claim for reimbursement will be given fairer consideration.

If you want to claim compensation following a push payment scam or another type of cybercrime, Hayes Connor can help. Our professional, friendly team will be pleased to answer any questions you might have, and advise you on whether you have a valid claim.

 We can help you to claim compensation from the fraudster, your bank, and any organisation that may have put your data at risk (where this data was then used to facilitate a push scam).

Start your claim