Message from the Police Cyber Crime Unit, following the press release statement of the NSRA on 3 May 2023
Dear Members, (the content of the email below, has been sent to the Club Secretary on 12May 2023).
We are posting the email here for our members to read and take their own action, should they wish to do so:
“Good morning,
I am a Police Cyber Protect Officer working in the Digital Investigations and Intelligence Cyber Crime Unit at Wiltshire Police HQ. If you wish you can verify my identity by contacting Wiltshire Police through 101 and asking to verify contact from me with details in signature block below. The switchboard will not have any knowledge of the reason for my contact but will confirm my identity and contact details.
I will not be asking you for any information as a result of this contact. I am here to provide you with information and advice and it is your decision how you act in response. [This email intentionally has no links to click on as unsolicited links are common in phishing attacks. Use a search engine to find the information referred to.]
I am contacting you as a result of a cyber-incident which has affected the National Small-bore Rifle Association. They have published a press release on their website giving more information about the circumstances of the incident and their response to it.
As part of the Police investigation, being led by the South-East Regional Organised Crime Unit (SEROCU), we are contacting all organisational members of the NSRA whose data may have been affected by this incident. Cyber criminals are known to use incidents such as this to try and attack other organisations such as yourselves, using the original incident as a cover story or excuse for the contact and trying to persuade you to take some action which results in you becoming a further victim. They may use stolen data from the breach, such as names and contact details, to try and convince you of the legitimacy of their communication.
In response, you should be especially vigilant for phishing attempts against your organisation. These may come in the form of emails, telephone calls, text messages or other digital contact such as over platforms like LinkedIn. All those involved in the running of the organisation should be made aware of the potentially heightened risk. The UK’s National Cyber Security Centre (NCSC) has a wealth of guidance on defending against phishing which can be found with a simple internet search. We would encourage you to review this and take action. The NCSC also offer a free cybersecurity E-Learning programme for staff.
We would encourage you to take this opportunity to think about your organisational cyber security and review your key defences – like using strong unique passwords, implementing two-factor authentication and ensuring devices are kept up to date. The NCSC has comprehensive guidance for organisations of all sizes and you can create a free action plan for improvement on their website.
The national Cyber Protect network exists to support you, and as part of that in my role I offer:
Free in person awareness sessions covering all aspects of basic cyber crime awareness and online safety for not only individuals but for organisations and charities along with signposting to helpful and informative resources.
There are also free national services including the NCSC Early Warning programme and Police CyberAlarm which may benefit you. I can provide more information on those if you wish.
Should your individual members ask questions about what to do in response to this incident, SEROCU have created a dedicated web page giving information on what individuals can do to protect themselves after a data breach. This can be found by searching for ‘South East Cyber Police Data Breach’.
If members have any immediate concerns about the security of firearms in their possession, they should review their storage arrangements against the Firearms Security Handbook. Any further questions or concerns should be raised with their local Police Firearms Licensing Team who have also been made aware of this incident.
Kind Regards,
Simon Goodwin 70465
Cyber Crime Prevent/Protect Officer
Digital Investigations and Intelligence Unit
Wiltshire Police HQ, Llewellyn Room, Devizes, SN10 2DN”