Cyber Officers now make contact with organisations who have been identified as having potential risks with their IT systems as cyber criminals are actively exploiting these vulnerabilities.
"If a police officer out on the beat sees a house or car door left open or insecure, they would naturally make reasonable steps to notify the owner as part of conventional crime prevention measures. Similarly notifying an organisation of a potential weaknesses in its IT infrasturcture is part of our digital beat responsibility."
Detective Sergeant Shelton Newsham, Yorkshire and Humber Regional Cyber Crime Unit
How to verify an Officer’s Identity
If you are in any doubt of the officers identity, you should contact their police force to verify them. Use a reputable search engine to find the contact details of the police which are all listed at https://police.uk/forces/
- YHROCU through host force West Yorkshire Police on 101
- Humberside Police on 101
- North Yorkshire Police on 101
- South Yorkshire Police on 101
- West Yorkshire Police on 101
Please ensure you select the correct police force from the menu if you are outside of that police force geographical area. The call handler will not know the content of the notification as its sensitive, however, they can verify the officers details. The Officer should have provided their:
- ID / Collar Number
- Mobile telephone number
- Email address
- Cyber Crime Unit for which they work
Genuine police email addresses end in:
- @yhrocu.pnn.police.uk
- @humberside.pnn.police.uk
- @northyorkshire.pnn.police.uk
- @southyorkshire.pnn.police.uk
- @westyorkshire.pnn.police.uk
The Notification
The Officer WILL NOT REQUEST ANY SENSITIVE INFORMATION FROM YOU
The Officer will provide you information verbally or by email if it is not possible to attend in person. You should always ensure emails and attachments have been scanned by antivirus software before opening them. Most companies have systems that do this by default – but check if you are not sure. It is entirely up to you how you act on the information provided.
Delivered Notifications:
| Date | Notification | Links |
| Dec 2019 | Critical Citrix / NetScaler ADC Gateway vulnerability CVE-2019-19781 |
https://www.ncsc.gov.uk/news/citrix-alert/ |
| Dec 2019 | Compromised Remote Desktop Protocol (RDP) details | Sensitive |
| Mar 2020 | VPN vulnerability | https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities |
| Apr 2020 | Sophos XG Firewall vulnerability | https://www.ncsc.gov.uk/news/sophos-vulnerability-statement/ |
Cyber Awareness Training
We are offering organisations the opportunity for a free education and awareness through a variety of avenues. Further details are available on our site at https://www.yhrocu.org.uk/departments/regional-cyber-crime-unit/protect/