There has been a sudden increase in the number of phishing scams surrounding the Coronavirus. Since the outbreak, cyber criminals have taken the opportunity to exploit people’s fears with fraudulent emails offering advice about the virus and even how to avoid it. With so much uncertainty and worry at the moment, it’s a playground for hackers to prey on people hungry for information.
What is phishing?
Phishing is a form of cyber-crime – a popular way for hackers to steal people’s data by sending fraudulent emails, pretending to be from reputable senders, inviting them to reveal sensitive information about themselves such as passwords and credit card numbers.
A steady stream of scams
A recent example is in the healthcare industry where cyber criminal gangs are targeting healthcare professionals. They are sending phishing emails, pretending to be from the company’s internal IT team, inviting staff to attend a seminar to talk about the deadly virus. Staff are asked to click on a link to register. The link directs to a third-party website disguised as an Outlook web app. Anyone who fills in that form ends up giving their details to the hackers.
This is just one example in a steady, growing stream of phishing emails sent since the Coronavirus outbreak started. Another includes an email claiming that an attached document details how recipients can prevent the disease’s spread. The attachment infects computers with malicious software.
It’s not just emails
Other identified threats include websites registered with names related to COVID-19, which are used to steal information or infect individuals’ devices with malware.
The attacks are versatile and can be conducted through various media, adapted to different sectors and monetised via multiple means, including ransomware, credential theft, bitcoin or fraud. The attempts have been seen in several countries, in varying languages, and can lead to loss of money and sensitive data. As the impact of the virus spreads this activity is almost certain to increase.
How can I avoid it?
Ultimately, phishing is very effective and it’s hard to stop fraudsters. But businesses and individuals can help themselves by becoming more aware of the situation and how to spot a scam by following these tips:
Many phishing emails have poor grammar, punctuation and spelling. Look carefully at the content and double check email addresses for any misspellings indicating an incorrect email.
Is it addressed to you by name, or does it refer to 'valued customer', or 'friend', or 'colleague'? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
Is the design and overall quality what you'd expect from the organisation which the email is supposed to come from?
Does the email contain a masked threat that asks you to act urgently? Be suspicious of words like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately'.
Look at the sender's name. Does it sound legitimate?
If it sounds too good to be true, it probably is. It's most unlikely that someone will want to give you money, or give you access to a secret part of the Internet. Don’t ever go to your Bank's website by clicking on a link included in an email. Your bank, or any other official source, should never ask you to supply personal information from an email.
Only enter sensitive data on secure websites: In order for a site to be ‘safe’, it must begin with ‘https://’ and your browser should show an icon of a closed lock.
Install and maintain updates with advanced Anti-Virus & Anti-Spam.
If in doubt, don't click it. Just delete it!
If you have concerns and would like further advice, please get in touch on firstname.lastname@example.org or 01684 882700.