Domain Names & GDPR

A recent ruling by a German court about GDPR also applies to personal information held in the worldwide whois service, and could mean that domain name admin and tech contact details may no longer be needed because of the GDPR ‘data minimisation principle’.

Up Until Now

Laws up until now have required ICANN, the Internet Corporation for Assigned Names and Numbers, to ask its accredited domain registrars to collect and store certain details of people who register / purchase domain names. These details include the owner’s name and address, and the name, postal address, e-mail address, telephone number, and (where available) fax number of the domain’s technical and administrative contacts. Many of these may, in fact, be the same person.

No More Collecting and Storing Details of Owners

The recent German court ruling came about because German registrar EPAG Domain services thought that one important aspect of GDPR, which came into force on May 25th, is the principle of data minimisation.

Under this key GDPR principle, personal data collected by companies should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. In other words, under GDRR, companies should only collect the personal data that is absolutely necessary to provide the service.

The German registrar EPAG Domain services used this GDPR principle to argue that it no longer needed or wanted to collect the personal details for the technical and administrative contacts of domains, although it would still be happy to collect the personal details of the actual domain name owners.

ICANN Still Wanted Details Collected

ICANN didn’t agree with EPAG, and pushed for an injunction to ensure that EPAG either continued to collect administrative and technical contact details, or pay a €250,000 (US$291,000) fine!

The court came down on EPAG’s side, and refused to grant the injunction on the grounds that there was no evidence that the extra information was needed, especially since the same person could be listed as the owner, technical, and administrative contact.

ICANN’s Own Policy Proposal

ICANN had already published its own temporary policy to cover how information gathered by registrars should be made publicly available through the global whois service. ICANN’s policy was for tiered / layered access to personal information, limiting it to users with a legitimate and proportionate purpose e.g. law enforcement, competition regulation, consumer protection or rights protection.

Irony

One ironic aspect of the court’s ruling is that ICANN itself doesn’t register any personal details for administrative and technical contacts, and only lists a single number for both contacts’ phone and fax, which turns out to be the main number for its network operations centre. It could be argued that this is data minimisation in action from a company that appears to have argued against it.

What Does This Mean For Your Business?

This story is a practical example of how GDPR could affect aspects of company operations that may not have really been considered until now. It shows how current ways of doing things can be, relatively easily challenged in some courts, the results of which could spread across a whole industry.

If the ruling, in this case, is taken on board in other European countries e.g. most other EU countries, it could save domain registrars some time, and could cut through bureaucracy while protecting privacy at the same time.

It is still early days for GDPR, and there are likely to be many different challenges and changes to come across many industries as a result.

Fruit Robots

Tests are being completed of ‘robot’ fruit-picking machines that can pick strawberries as carefully and quickly as humans, and can help growers solve the labour shortage challenge next growing season.

Belgian Prototype Very Promising

European strawberry growers in Spain, Belgium and the UK are welcoming tests of robotic prototypes that can harvest soft fruit mechanically.

One example that has enjoyed some publicity is the ‘Octinion’ robotic arm on a self-driving trolley. Produced by a Belgian start-up, it is claimed that the Octinion can compete with a human in terms of price and speed as it is able to pick one strawberry every four seconds, collect between 70% and 100% of the ripe fruit, and leave the berry with only the calyx (and not the stalk), which is the way European consumers are used to buying their berries.

The success of this robot, which can grip and turns the fruit by 90 degrees to snap it off its stalk just like a human, means that it is now completing final tests in partnership with real-world growers in the UK and continental Europe, and looks like being a realistic option for next season.

Dogtooth From Cambridge

Another soft fruit-picking robot prototype that looks like being a serious competitor is the ‘Dogtooth’ which has been produced by a Cambridge-based start-up, has recently been tested in Australia, and is also made up of a robot arm mounted on a self-driving trolley.

The Dogtooth has been designed to be able to pick strawberries the way UK retailers prefer, by leaving around a centimetre of stem still attached, because it has been found to extend shelf life.

Unlike the Octinion’s machine which has been built to work on fruit grown on raised platforms in polytunnels, Dogtooth’s machine has been designed to be able to pick traditional British varieties in the field.

Genuine Labour Shortage

Some commentators have suggested that the motivation for producing the robots is simply to replace migrant labour with a cheaper, more efficient alternative, but strawberry producers across Europe and the US have insisted that they face a genuine shortage of workers to pick their fruit.

In the UK for example, the value of sterling following the Brexit vote has made it difficult to recruit overseas workers, and UK-based workers don’t appear to find seasonal picking work attractive or practical.

What Does This Mean For Your Business?

This is an example of how a range of technologies have been combined to produce a tool that can meet very real agricultural challenges, and could revolutionize a whole industry across the world. Although these machines may be expensive to buy, they can pay for themselves over time because, unlike humans, they don’t require wages, can work any number of hours, and they don’t take holidays, get sick or leave. They also mean that growers can plan their production with more certainty and don’t have to expend time, effort, and money on recruitment.

Automation, aided by huge technological advances, is a growing trend across most industry sectors. For example, a report by PwC from March 2017 claimed that over 30% of UK jobs could be lost to automation by the year 2030. According to the report, 44% jobs in manufacturing (where there are already many robots e.g. car manufacturing), especially those involving manual work, look likely to go to AI led software or robots. Transportation jobs are also in the high-risk category for robot replacements, and according to the report, 56% of jobs could be lost to autonomous vehicles. Jobs in the UK’s largest sectors, wholesale retail jobs, also look vulnerable to automation into the future.

AI and robotics will alter what jobs look like in the future, but it is also important to remember that, as with the strawberry-picking robots, they could provide huge advantages and opportunities for businesses.

Workers can only really try to insulate themselves from the worst effects of automation by seeking more education / lifelong learning, and by trying to remain positive towards and adapting to changes. How much automation and what kind of automation individual businesses adopt will, of course, depend upon a cost / benefit analysis compared to human workers, and whether automation is appropriate and is acceptable to their customers.

Smart Solar Power Savings From Google

Google, in partnership with energy supplier Eon, with help from German software firm Tetraeder, has released an online tool called ‘Project Sunroof’ that uses Google’s Earth and Maps apps to estimate how much money homeowners could by switching to solar power.

How?

Smart ‘machine learning’ is at the heart of the tool, and it is able to examine factors like its roof area and angle, and weather data, and sun positioning to help it arrive at an estimate of the ‘solar potential’ of a house, and the total amount of sunlight that falls on a particular rooftop every year.

7 Million Rooftops

The partnership with E.On covers seven million rooftops across Germany. It uses E.On’s solar power and battery product offerings to calculate how much a specific household could save by installing solar panels and a battery pack.

Renewable Energy

The idea is part of a move towards countries, including the UK, adopting more renewable energy ideas, and is clearly a way to help inform and convince homeowners to cut energy bills, and help the environment by installing solar panels on their roofs.
International Energy Agency figures show that, even back in 2016, renewable energy accounted for two-thirds of new power added to the world’s grids. Solar power was the fastest-growing source of new energy worldwide that year, and is still growing in popularity now.

In the EU, the Renewable Energy Directive set out for all member countries to reach a 20% renewables target before 2020. Google’s shared project, therefore, helps to feed into that goal.

In recent years, many UK homeowners have taken advantage of grants and tariffs e.g. the Feed-in Tariff and Generation Tariff schemes to install and get money back / save money on the green energy they help produce and feed / sell into the grid.

Fears

Some fears have been expressed that the spread of renewables such as solar and wind across the US (for example) could suffer if the US International Trade Commission imposes tariffs on imports of Chinese solar panels.

What Does This Mean For Your Business?

There is wide agreement that sustainable, renewable, green energy sources are needed to meet world demand while minimising the impact on the environment, and not contributing to climate change. Many businesses, some of which are big polluters, are coming to accept the many benefits that renewables and involvement with green projects have to offer.

Google’s involvement with this scheme is consistent with its recent, public commitment to green energy, and having the Google brand name involved in the project is a positive association that could help to convince customers to adopt solar. For example, back in December 2016, Google announced that all of its data centres and the offices for its 60,000 staff would be powered entirely by renewable energy from 2017, a formidable target that it now claims to have met. Even when the announcement was made, Google was already the world’s biggest corporate buyer of renewable electricity.

Google’s image and brand can only benefit from its public commitment to renewable energy, as it will from ‘Project Sunroof’, although Google’s commitment is also based on reducing costs in the longer term, and being seen to pave the way for other corporations.

1 – 0 In England Vs World Cup Hackers

It has been reported that the England football team will be briefed before flying out to their World Cup base in St Petersburg about how they and UK fans can avoid falling victim to Russian hackers.

NCSC Advice

The briefing is being delivered by The National Cyber Security Centre (NCSC), which is part of GCHQ. The advice will focus upon cyber security e.g. for mobile devices and using Wi-Fi connections safely while in Russia.

The same advice has been included in an NCSC blog post that is aimed at anyone travelling to Russia to watch any of the World Cup game, and is entitled ‘Avoid scoring a cyber security own goal this summer”.

The NCSC suggests that is it should be read alongside other UK government online advice pages such as the “FCO Travel Advice” page relating to Russia (https://www.gov.uk/foreign-travel-advice/russia), and the “Be on the Ball: World Cup 2018” pages (https://www.gov.uk/guidance/be-on-the-ball-world-cup-2018).

Why?

Many security experts and commentators have noted that sporting events have become a real target for cyber criminals in Russia in recent times. Russia-based security company, Kaspersky, reported seeing spikes in the number of phishing pages during match ticket sales for this year’s World Cup. Kaspersky reported that every time tickets went on sale, fraudsters mailed out spam and activated clones of official FIFA pages and sites offering fake giveaways, all claiming to be from partner companies.

Kaspersky says that criminals register domain names combining the words e.g. ‘world,’ ‘worldcup,’ ‘FIFA,’ ‘Russia,’ etc, and that if fans look closely they can see that the domains look unnatural and have a non-standard domain extension. The Security Company advises that fans should take a close look at the link in the email or the URL after opening the site to avoid falling victim to scammers.

The general advice from Kaspersky is to give cheap tickets a wide berth, not to buy goods from spammers in the run-up to kickoff (because the goods may not even exist), not to fall for spam about lotteries and giveaways because they may be used for phishing, not to visit dubious sites offering cheap accommodations or plane tickets, and only to watch broadcasts on official FIFA partner websites.

Kaspersky also advises visitors to use a VPN to connect to the Internet, because, in the aftermath of the government’s attempt to block Telegram, popular sites in Russia are either unavailable or unstable.

England Team’s Briefing

England team Manager, Gareth Southgate, has noted that the England team players are young people who will look for things to occupy their time while in hotel rooms e.g. playing video games, and using multiple devices such as smartphones, tablets and gaming devices. The fact that technology will play a big part in the England team’s downtime throughout the tournament is the main reason why the FA is taking cyber security so seriously.

It is understood, therefore, that the NCSC will be advising the players on the rules to follow on e.g. which devices they can safely use and where. Also, the devices belonging to players and staff will be thoroughly screened to make sure they have the right security software installed.

What Does This Mean For Your Business?

Anyone travelling abroad for business or pleasure, particularly to countries where certain cyber security threat levels are known to be high should read the UK government’s advice pages relating to cyber security while travelling.

In the case of travelling to Russia for the World Cup, some of the measures people can take before travelling are to check which network you will be using and what the costs are, to make sure all software and apps are up to date and antivirus is turned on, to turn on the ability to wipe your phone should it be lost, and to make sure all devices are password protected and use other security features e.g. fingerprint recognition.

On arriving in Russia, the advice is to remember that public and hotel Wi-Fi connections may not be safe and to be very careful about what information you share over these connections e.g. banking. Also, don’t share phones, laptops or USBs with anyone and be cautious with any IT related gifts e.g. USB sticks, and to keep your devices with you at all times if possible rather than leave them unattended.

The full UK government advice can be found here https://www.ncsc.gov.uk/blog-post/avoid-scoring-cyber-security-own-goal-summer.

Two More Security Holes In Voice Assistants

Researchers from Indiana University, the Chinese Academy of Science, and the University of Virginia have discovered 2 new security vulnerabilities in voice-powered assistants, like Amazon Alexa or Google Assistant, that could lead to the theft of personal information.

Voice Squatting

The first vulnerability, outlined in a recent white paper by researchers has been dubbed ‘voice squatting’ i.e. a method which exploits the way a skill or action is invoked. This method takes advantage of the way that VPAs like smart speakers work. The services used in smart speakers operate using apps called “skills” (by Amazon) or “actions” (by Google). A skill or an action is what gives a VPA additional features, so that a user can interact with a smart assistant via a virtual user interface (VUI), and can run that skill or action using just their voice.

The ‘voice squatting’ method essentially involves tricking VPAs by using simple homophones – words that sound the same but have different meanings. Using an example from the white paper, if a user gives the command “Alexa, open Capital One” to run the Capital One skill / action a cyber criminal could create a malicious app with a similarly pronounced name e.g. “Capital Won”. This could mean that a voice command for Capital One skill is then hijacked to run the malicious Capital Won skill instead.

Voice Masquerading

The second vulnerability identified by the research has been dubbed ‘voice masquerading’. This method of exploiting how VPAs operate involves using a malicious skill / action to impersonate a legitimate skill / action, with the intended result of tricking a user into reading out personal information / account credentials, or to listen-in on private conversations.

For example, the researchers were able to register 5 new fake skills with Amazon, which passed Amazon’s vetting process, used similar invocation names, and were found to have been invoked by a high proportion of users.

Private Conversation Sent To Phone Contact

These latest revelations come hot on the heels of recent reports of how a recording the private conversation of a woman in Portland (US) was sent to one of her phone contacts without her authorisation after her Amazon Echo misinterpreted what she was saying.

What Does This Mean For Your Business?

VPAs are popular but are still relatively new, and one positive aspect of this story is that at least these vulnerabilities have been identified now by researchers so that changes can (hopefully) be made to counter the threats. Amazon has said that it conducts security reviews as part of its skill certification process, and it is hoped that the researchers’ abilities to pass-off fake skills successfully may make Amazon, Alexa and others look more carefully at their vetting processes.

VPA’s are now destined for use in the workplace e.g. business-focused versions of popular models and bespoke versions. In this young market, there are however, genuine fears about the security of IoT devices, and businesses may be particularly nervous about VPAs being used by malicious players to listen-in on sensitive business information which could be used against them e.g. for fraud or extortion. The big producers of VPAs will need to reassure businesses that they have installed enough security features and safeguards in order for businesses to fully trust their use in sensitive areas of the workplace.

Tech Tip – Alexa Skills Commands That Could Help At Work

Amazon’s Echo speakers may be used mainly in the home, but putting the listening / privacy fears aside, they can be useful in a business setting, particularly in small business settings / home offices. With this in mind, here are four skills commands that could help you:

Create Reminders – Alexa can act like a personal assistant. For example, you can tell Alexa exactly what you need to remember e.g. business appointments on certain days / times and it will remind you of that task and time. To create a reminder, say the task and its time such as, “Alexa, remind me to review customer accounts 10 a.m. every Monday”.

Create Distinctive Voice Profiles – By setting up voice profiles, Alexa can distinguish who is issuing the command e.g. different people in the office can ask “Alexa, what’s on my calendar?” Ask Alexa for details of how to do it.

ChatBot Skill – By enabling the ChatBot skill, workers can audibly request Alexa to post on their behalf. This can aid productivity. It can be achieved by linking an Amazon account to a Slack account. Users can then post to a specific channel by asking simply Alexa.

Find Your Phone – You can use Alexa to help you find your phone by using your voice. This is a free skill available from Amazon here: https://www.amazon.com/gp/product/B076PHYQD2?ie=UTF8&ref-suffix=ss_rw. The phone should ring even if it is on silent. It may not work if your phone is in Do Not Disturb mode, but you can add multiple people by name to call different phones instead of just one.

Fined For Using a Smart Watch At Traffic Lights

In a recent court case in Canada, an Apple smartwatch was classified as being the same kind of distraction as a mobile phone as a student was handed a fine for being observed looking at her Apple watch while waiting at traffic lights.

Distraction Law in Ontario

Student Victoria Ambrose is reported to have fallen foul of Ontario’s strict ‘distracted driving’ law.

In Ontario, the law states that using a phone to talk, text, check maps or choose a playlist while you’re behind the wheel all count as distracted driving, as do other activities like eating, reading or typing a destination into a GPS.

In the case of Victoria Ambrose, the judge likened the Apple smartwatch to being as much of a distraction as a “cell phone taped to someone’s wrist”.

Defence

In her defence, the student said that she had looked at the watch to tell the time, and that, because the watch was securely fastened to her wrist, it should be subject to an exemption in the Ontario law which covers devices that are “securely mounted”.
The Judge rejected both arguments, and said that the amount of time she was observed looking at the watch meant that she was distracted while driving, rather than simply glancing at her watch to find out the time.

According to Ontario’s Ministry of Transport data, deaths from collisions there, caused by distracted driving have doubled since 2000, and 2013 data shows that one person is injured in a distracted-driving collision every half hour, and a driver using a phone is four times more likely to crash than a driver focusing on the road

Fine

In this case, the student was fined Canadian $400 (£230).

Warning In The UK

Back in 2014, the UK Department for Transport (DfT) issued a warning about looking at smartwatches while driving, saying that smartwatches are covered by existing laws designed to stop people checking gadgets while on the move, and that drivers caught texting from a smartwatch will have given police enough material to be able to charge them.

What Does This Mean For Your Business?

This story illustrates that while technology can be helpful, it can also be potentially dangerous and / or costly distraction.

In the workplace, for example, studies show that smartphone-users touch their device somewhere between twice a minute to once every seven minutes, and that conducting tasks while receiving e-mails and phone calls can reduce a worker’s IQ by approximately ten points relative to working in uninterrupted quiet.

In an age where 85% of UK citizens use smartphones (Deloitte figures, Oct 2017), there are arguments as to whether they, and other gadgets e.g. with BOYD policies, are helping or hindering productivity.

For companies with employees who drive as part of their work, this story should illustrate the need to warn employees of the current law and safety recommendations regarding distraction, and if possible, to ensure that they have appropriate hands-free equipment to use while handling work calls.

Facebook Losing the Battle For Teenage Attention

A study by Pew in the US has found that Facebook is now lagging behind YouTube, Instagram and Snapchat, as a platform where teenagers spend their time.

Down To 4th Place

The study, which involved 750 teens in one month earlier this year, found that Facebook has experienced a 20% point drop since 2015 in its usage by teenagers. Even though 51% use Facebook, this is still a long way behind the 85% preferring YouTube (Google-owned), 72% preferring Instagram (which is owned by Facebook anyway), and the 69% preferring Snapchat.

What’s Been Happening?

An eMarketer report illustrates what’s been happening. The report predicts that in 2018, 2.2 million 12 to 17-year-olds and 4.5 million 18 to 24-year-olds will regularly use Facebook in the UK, but this is 700,000 fewer than in 2017. Most of the young defectors appear to be going instead to Snapchat.

The same report shows that there has been a surge in older users of Facebook, and over-55s will become the second-biggest demographic of Facebook users this year. For example, 500,000 new over-55s are expected to join Facebook in 2018, and this will bring the number of 55- to 65-year-old-plus regular Facebook users this year to 6.4 million.

Passing Over Instagram For Snapchat

One of the reasons why Facebook bought Instagram was so that it could at least keep some of the young people who were deserting Facebook as customers as of one of its services.

Unfortunately, what’s been happening is that young people appear to have been leaving Facebook, and going to Snapchat instead of Instagram. For example, in the last 3 years Snapchat has more than doubled its take-up rate among UK users of social networking sites and apps to 43%.

Why?

It is an age-old feature of teenagers and young people, because of a need for independence and privacy, they would prefer not to go to the same places as their parents, and this is what has been happening on Facebook to some extent.

Also, many more young people have smartphones, and they use them to go where other members of their age / peer group go i.e. on Snapchat. It doesn’t help also that Facebook has received a lot of bad publicity recently over its involvement with the sharing of user data with Cambridge Analytica, and the part it played in allegedly being used by representatives of certain foreign powers to help sway the election result towards Trump.

Facebook has also proved particularly attractive in recent years to older people who have found that its video and photo features are easy to use, and enable them to keep up with the social lives of their older children, and grandchildren,

Facebook For Kids

Facebook has long known that it has been attracting an older demographic, and that young people have been leaving the platform in pursuit of a new experience, and to stay in touch with other members of their peer group.

Attracting a new, young group of Facebook users looks likely, therefore, to be one of the main reasons why, back in December 2017, Facebook announced that it was launching a kind of Facebook for children the form of ‘Messenger Kids’. Some commentators said at the time that it appeared to be a way for Facebook to recruit its next generation of users, and to capture the attention of 6 to 12-year-olds before Snapchat or a similar social network competitor

What Does This Mean For Your Business?

For Facebook, even though it recognises (and is trying to solve) the problem that it faces in attracting teenage users, it still remains the most popular social networking sites in the UK by a long way, boasting 32.6 million total regular users this year. Also, Facebook’s Instagram is looks likely to grow its user base from 15.7 million to 18.4 million this year, although it also appears to be losing young users to Snapchat.

For businesses wishing to advertise, Facebook is likely, therefore, to be a way to advertise to older age groups e.g. those in their 40,s, 50s, and above. In fact, Facebook has also announced an overhaul of its news feed algorithm to prioritise what friends and family share, and to reduce the amount of non-advertising content from publishers and brands.

Businesses with older customer demographics may also want to keep making the most of their company Facebook business page.

Google Accused of Being ‘Unethical’ Over Cryptocurrency Ad Ban

Some industry commentators have suggested that Google’s motives for introducing a blanket ban on cryptocurrency ads may not be all they seem, and could make the company appear unethical.

What Ban?

Back in March, Google followed Facebook’s lead (from January) and imposed a blanket ban on all cryptocurrency adverts on its platforms. The ban, which starts from this month, was announced following reports of scammers using adverts on popular platforms to fraudulently take money from people who believed they could cash in on the massive rise in the value of cryptocurrencies such as Bitcoin.

A popular con has been to use scam ad campaigns to sell units of a cryptocurrency ahead of its launch – known as initial coin offerings (ICO). Research has found that 80 per cent of ICOs have been fraudulent.

Also, the cryptocurrency value bubble led to the rise of ‘crypto-jacking’, where devices are taken over by people trying to mine crypto-currencies e.g. using Android phone-wrecking Trojan malware ‘Loapi’.

Why Unethical?

Online tech commentators have been quick to point out that even though Google has said that it made the move to ban cryptocurrency ads to confront criminality, protect web users, and to regulate what their users are reading, Google is also believed to have an interest in cryptocurrencies itself.

For example, back in May, Google is reported to have approached the founder of the world’s second most popular cryptocurrency, Ethereum, to explore possible market opportunities for the two companies. In fact, some commentators believe that Google may be acting unethically by banning cryptocurrency adverts because it is planning to launch its own cryptocurrency and, therefore, wants to give its own product the best chance in the marketplace.

This idea has been strengthened by the fact that Google continues to show adverts with links to gambling websites and other services which some would describe as unethical. It has been suggested that Google appears willing to ban cryptocurrency adverts, but still allows job postings, and adverts for anti-virus software or charities, all of which can also be known entry points for scammers.

Blockchain Ambitions

Google is also thought to have ambitions to make use of blockchain, which is among other things, the underlying technology behind the bitcoin currency. It is interesting that this interest follows Facebook, which is reported to be setting up a blockchain group that will report directly to the company’s CTO, Mike Schroepfer.

Circumvented

Putting a blanket ban on cryptocurrency adverts does not appear to have been an entirely successful strategy for others i.e. Facebook. For example, some advertisers have been able to circumvent Facebook’s cryptocurrency ad ban by abbreviating words like cryptocurrency to c-currency, and by simply switching the letter ‘o’ in the word bitcoin to a zero.

What Does This Mean For Your Business?

Google is a powerful private company, and with other big players in the market, it is looking to make the most of market opportunities e.g. Facebook, and it is only natural that Google is likely to also want to explore the potential of those opportunities, even if it has made an ethical stand in public about cryptocurrency adverts.

This story does illustrate, however, that ethics play an important part in business, and can play an important role in supporting the value of a brand, particularly in a digital world where inconsistencies can be spotted and widely reported immediately.
When you think about it, Google has a trusted brand and is well placed in the market to perhaps get involved in, or even produce its own cryptocurrency, particularly where there are profits to be made and when cryptocurrencies appear to have an important future beyond the initial bubble of bitcoin-mania. The important thing for Google is that it, along with Facebook, was seen to be doing the right thing when cryptocurrency scam adverts began making the news, and there is still no real, firm proof that Google will commit itself to its own cryptocurrency yet.

It is also not surprising that companies such as Google and Facebook would want to explore the huge potential opportunities that blockchain offers. It is worth remembering that blockchain has shown itself to have many great uses beyond just cryptocurrecies e.g. enabling students to share their qualifications with employers, recording the temperature of sensitive medicines being transported from manufacturer to hospital in hot climates, as a ledger to record data about wine certification, as a ledger for ownership and storage history, as a system for tracking consignments that addresses visibility and efficiency, and for sharing information between energy suppliers to speed the supplier switching process. Dubai has also invested in using blockchain to put all its documents on blockchain’s shared open database system by 2020 in order to help to cut through Middle Eastern bureaucracy, speed up civic transactions and processes, and bring a positive transformation to the whole region.

Both cryptocurrencies and blockchain have a long way to run yet, and Google and Facebook will certainly not be the only web giants exploring their potential.

834% Rise in TSB Customer Attacks

Following the IT ‘meltdown’ at TSB last month which led to chaos for customers who were locked out of their own accounts, research has found that the number of phishing attacks targeting TSB customers leapt by 843% in May compared with April.

Fraudsters Taking Advantage

The statistics, reported recently in Computer Weekly, appear to indicate that fraudsters may have been quick to take advantage of the bank’s IT meltdown.

For example, an investigation by Wandera security found that in May, TSB was the second most used bank brand by scammers attempting to obtain customer details. In April, for 100,000 UK devices using Wandera security, there were only 28 TSB-themed phishing attacks. In May, the number jumped to 236 such attacks.

According to Wandera’s figures, in April TSB appeared in the top five financial services apps to be impersonated for attacks for the first time this year, and this may be an indication that TSB wasn’t a major target for phishers prior to the systems meltdown incident.

All of this information has led security commentators to conclude that the rise in fraud against TSB customers is likely to be linked to the systems problem that the banks experienced May.

What Happened?

Back in May, 1.9 million TSB customers were affected when a migration to a new system didn’t go to plan and resulted in what some commentators have described as a ‘meltdown’ of its banking systems.

Some of the problems experienced by customers included : not being able to access their own money, having no access to any mobile and online services, problems with direct debits, and amounts of money appearing and disappearing. It was even reported that one customer was mistakenly credited with £13,000.

What Does This Mean For Your Business?

This information should give businesses some idea of the ruthless and opportunistic nature of cyber criminals, and how quickly they can focus their efforts when vulnerabilities are spotted. Weaknesses in banking systems would, of course, have been a particularly attractive target.

In the case of TSB, as in the aftermath of many IT system problems, scammers were quick to use the bank’s IT problems as an opportunity to target its desperate customers with mobile phishing attacks. Customers would have been hoping / expecting to hear from the bank at the time, and so would have let their guard down when emails and any communication that looked as though it was from the bank, asking them for personal details / login details.