Mike Wills 18 May 2022

Hoax calls: How local authorities can protect themselves

Hoax calls: How local authorities can protect themselves image

Recently, video clips have been released of calls with senior cabinet ministers and an imposter posing as Ukrainian Prime Minister Denys Shmyhal. The British government has blamed the Kremlin for the stunts, stating they were part of a Russian disinformation campaign.

These are classic information operations tactics, which are as old as time. In these cases, they have sought to undermine and embarrass the British government, while distracting from the major issues of the day and diverting attention away from what’s happening in Ukraine.

It’s important to remember that the fraudsters who carried out these pranks are well-resourced. They’re the Hollywood blockbuster actor-standard of scammers and a lot of time and effort will have been put into preparing for and conducting these attacks. They’ll have done their background research, knowing they have a single chance to be utterly convincing from the first point of contact.

War isn’t just about bombs and bullets – it’s about every facet of human endeavour. It includes the physical combat sphere and the ethereal information sphere. The Russians are past masters at this; within their state apparatus, they’ll have infantry fighters, combat fighter pilots and tank gunners, as well as the best in terms of intelligence and influence operations.

While this time, the fraudsters have been cunning and managed to get into the top level of government, this can – and does – happen to any local authority at any time.

Councils should always make themselves as hard to hack as possible, but more so than ever given that Russia will be seeking to create instability within western countries – which is easier to achieve virtually. The international Five Eyes community has also issued warnings of further cyber and misinformation attacks in response to the heavy sanctions placed on Russia.

So, how has this been allowed to happen? In theory, the government will have verified the other participants in the meeting were who they said they were. This isn’t always easy, but there are simple tactics you can use to identify potential fraudsters.

If conducted by means of a phone call, you’d want to take control of that call so you know who you are dialling. This can be done by asking the caller for their full name and the organisation they’re working for. Then, tell them you’re going to call them back via the front desk phone number of the organisation – which you can get from a credible source online – and ask to be put through to them internally. Here, you’re taking control of the situation by going to a known phone number.

However, in these cases, communication appears to have taken place via an online virtual meeting, which means it’d probably been set-up by an email from a credible source – suggesting the email address has either been intercepted or cloned.

With this in mind, local authorities should consider resetting passwords in case they’ve been breached and are enabling access to web portals and email accounts, as well as remind employees to think twice before opening or clicking links on any suspicious emails.

Multi-factor authentication – which requires users to provide two or more verification factors to gain access to a resource – should be implemented wherever possible, and software upgrades and patches should be up to date.

Once you’re on the call – whether voice or video – people should confirm who is on the other end of the line before revealing information. If taking place over the phone, try and work out if you recognise their voice. This is difficult, but there may be someone within the department who has regular communication with the caller. If so, bring them into the room and ask if they can confidently verify their identity. This can be done by a brief discussion based on previous conversations and historic pleasantries.

For video calls, insist the other party turns on their camera and Google their name to see if you can identify them. With cyber and misinformation attacks being so common and pervasive, it’s important people develop the confidence and feel comfortable in verifying someone’s identity for their own protection and resilience.

Local authorities should also dust off, review and rehearse incident response plans so they know how to react swiftly to any incident and are able to minimise its potential scope, scale and associated impact.

Finally, it’s vital to ensure employees understand the importance and necessity of information security, which can be carried out through data and cyber security awareness training. This will help to ensure confident, compliant and resilient staff, which, in turn, creates a well-protected council.

Mike Wills is director of strategy and policy at cyber and data security firm CSS Assure

Skate parks are not the only fruit image

Skate parks are not the only fruit

On Go Skateboarding Day, Susannah Walker asks councils and their leisure and park departments to think differently about what facilities they provide for teenagers.
SIGN UP
For your free daily news bulletin
Highways jobs

Travel Information Data Technician

Essex County Council
Up to £25581 per annum
This is an exciting opportunity to work across all aspects of the Integrated Passenger Transport Unit (IPTU). Working with a passionate and dedicated England, Essex, Chelmsford
Recuriter: Essex County Council

Planning Strategy & Implementation Manager

Essex County Council
£57621 - £61410 per annum
Planning Strategy & Implementation Manager Permanent, Full Time £57,621 to £61,410 per annum Location
Recuriter: Essex County Council

Senior Accountant

Telford & Wrekin Council
£39,571 - £42,614
Are you a qualified Accountant looking to take the next step in your career? Telford, Shropshire
Recuriter: Telford & Wrekin Council

Family Assessment Worker

Telford & Wrekin Council
£25,419 to £27,514
We have a great opportunity for a full time Family Assessment Worker in the Parenting Assessment Team. Telford, Shropshire
Recuriter: Telford & Wrekin Council

Neighbourhood Enforcement Officer

Telford & Wrekin Council
£23,023 - £24,920
The post holder will tackle environmental crimes and unlawful parking. Telford, Shropshire
Recuriter: Telford & Wrekin Council

Partner Content

Circular highways is a necessity not an aspiration – and it’s within our grasp

Shell is helping power the journey towards a circular paving industry with Shell Bitumen LT R, a new product for roads that uses plastics destined for landfill as part of the additives to make the bitumen.

Support from Effective Energy Group for Local Authorities to Deliver £430m Sustainable Warmth Funded Energy Efficiency Projects

Effective Energy Group is now offering its support to the 40 Local Authorities who have received a share of the £430m to deliver their projects on the ground by surveying properties and installing measures.

Pay.UK – the next step in Bacs’ evolution

Dougie Belmore explains how one of the main interfaces between you and Bacs is about to change.