Current Cyber Threats You Should Know About – Insights for South West Businesses from CRYPTEGRIDY

The cyber threat landscape is constantly evolving, and businesses across the South West are increasingly being targeted by both opportunistic scammers and sophisticated criminal operations. CRYPTEGRIDY has shared recent threat intelligence that has revealed a worrying range of scams and vulnerabilities affecting our region, from job fraud to misleading advertising and high-stakes cryptocurrency crimes.

1. Impersonation and Recruitment Fraud via Calls and Messaging

Businesses and employees are being targeted with unsolicited job offers over phone and messaging platforms. One example involved a caller using an AI-generated female voice from a UK mobile number, asking recipients to contact them via WhatsApp Business—registered under a fictitious name. WhatsApp, Telegram, Signal, and social media direct messaging platforms are now common vectors for these scams.

What to do: Never respond to unexpected recruitment outreach via messages or unknown numbers. Check the sender's identity through official channels, and make staff aware of scripted or copy-pasted job offers. If it seems scripted (generic wording, wrong format, no prior application), treat it as suspicious.

2. QR Code Scams at Public Locations

In a South West service station, scammers displayed billboards with QR codes themed around ChatGPT and named individuals (e.g. “Rachel from Accounts”). Scanning the QR code took users to a flagged web page related to “BBX Exchange”, subsequently identified as suspicious by malware detection tools.

What to do: Educate staff and customers to avoid scanning QR codes in public without verifying the source. Encourage the use of scanner apps with security checks, and report suspicious outdoor marketing or adverts.

3. Phantom Crypto ATM Schemes

CRYPTEGRIDY identified a London-based crypto ATM brand (referred to here as "CryptoATM Ltd") that appeared out of order—yet still accepted deposits. Despite reports to regulators, the ATM continues operating. While not directly in the South West, this reflects wider issues around legitimacy and fraud in crypto infrastructure that could target regional businesses.

What to do: If you spot unattended or malfunctioning crypto kiosks, report them to regulatory bodies (e.g. FCA) or local police. Advise staff and customers to avoid using such machines and to verify legitimacy before depositing funds.

4. Deepfake or Manipulated Investment Ads Featuring Public Figures

Recently, an ad circulated on YouTube claimed well‑known TV presenters were endorsing a high-return investment product, accompanied by a malicious QR code. Investigation showed that the video was manipulated (or deep‑faked), and the QR code led to phishing. The content is now flagged as malicious.

What to do: For businesses that rely on public or industry figures, emphasise staff awareness about fake celebrity endorsements, especially if a QR code is involved. Never scan QR codes from unverified adverts—especially those promising guaranteed returns or fast profits.

5. Physical Forces Targeting Crypto Holders – Real-World Heists

A disturbing global trend known as "wrench attacks": criminals using force, threats, or coercion—sometimes during business meetings or at homes—to extract private keys or seed phrases. These cases include kidnappings, physical assaults, and even torture. Victims often hold significant crypto assets and are targeted for immediate transfer of funds.

What to do: Crypto holders in businesses (e.g. fintech SMEs) must treat operations security seriously:

• Avoid publicly broadcasting crypto holdings or business profits

• Keep private keys and seed phrases strictly offline and secure

• If managing digital assets for clients, consider multi-signature wallets and strict access controls

• Introduce physical security protocols and emergency procedures

• Ensure whole‑team awareness about social engineering and in-person coercion risks

6. Cryptojacking in Retail Tech Infrastructure

One retail chain in the UK reportedly discovered cryptojacking software embedded in their systems—unknown scripts or malware hijacking CPU or GPU time to mine cryptocurrency, without anyone knowing. These attacks degrade performance and raise energy costs without obvious alerts.

What to do: Conduct regular penetration testing and vulnerability scans of your IT infrastructure. Use endpoint protection tools with cryptojacking detection. Educate staff about safe browsing habits and avoiding suspicious downloads.

7. Poor Cyber Hygiene Exposed in High-Street Locations

CRYPTEGRIDY also observed lax physical and operational security at tech and retail stores—including unlocked cabinets, visible login notes stuck to monitors, and unattended paperwork. These issues can be easily exploited by opportunistic criminals.

What to do: Assess your premises for visible credentials, open access to electronics, or exposed data. Encourage staff to adopt 'clean desk' policies, lock cabinets, and use password managers. Ensure physical and digital security practices are in place and audited periodically.

Summary: Improving Cyber Resilience Across the South West

• Scams are now using voice AI, messaging apps, QR codes and physical threats—targeting both individuals and businesses.

• Crypto-related fraud is expanding much further than online theft—into real-world actions, deepfakes, and physical coercion.

• Cyber risk is not just digital—it encompasses physical security, personnel protocols, and operational discipline.

CRYPTEGRIDY’s analysis highlights that no organisation is untouched. Whether you're an SME in professional services, retail, or digital ventures funding crypto, it's vital to be aware—and to act.

Thank you to CRYPTEGRIDY for sharing these insights—helping us raise awareness and build defence strategies for the South West business community.

If you would like help reviewing your cyber posture or training your staff to recognise these threats, please get in touch.