Amid the panic and anxiety that COVID-19 is bringing to the world, cybercriminals are seeing this as a perfect opportunity to strike while your guard is down.
The National Cyber Security Centre (NCSC) have stated: "Individuals in the UK have been targeted by coronavirus-themed phishing emails, with infected attachments containing fictitious 'safety measures'."
The Chartered Trading Standards Institute (CTSI) has urged the public to be aware of emails that look official and claim to be from the government. These emails say they are offering a tax rebate to support people through this time – then ask you to click on a link and fill in personal details, including banking information, allowing the cybercriminals to access your money.
Other emails include World Health Organisation (WHO) impersonations - these emails say they have crucial COVID-19 advice with an attachment for you to download. Unbeknownst to the victims, once they download the attachment a keylogger is installed, allowing the scammers to follow the online movements of the user and gain access to their device and personal data.
In addition to this, cybercriminals have been targeting healthcare professionals with phishing emails claiming to be from their internal IT teams. Sky News received an example of this email, and we’ve highlighted the key signs that show this is a scam email below –
The parts highlighted orange show grammar and spelling mistakes, as well as double spaces – phishing emails typically feature spelling mistakes and broken English. Furthermore, they will have a sense of urgency about them, which can be seen in the part highlighted red.
When someone clicked on the link, they were redirected to a fake Outlook web app where their personal data was stolen, including their email and password.
What can you do?
Please be cautious of any email you receive that seems suspicious, even if it's regarding COVID-19. If you're unsure, do not open it, do not click on links and do not download attachments - if you can, contact the person who sent it to make sure it's genuine.
Enable Multi-Factor Authentication (aka MFA/2FA)
Add an additional layer of security to your emails and data by enabling Multi-Factor Authentication wherever you can. If you're unsure where or how you can do this, please get in touch and we'd be happy to help you get started.
User Awareness Training
Educate your employees with user awareness training to keep them vigilant to the latest security threats. As most of the world is having to work from home at the moment, we have provided our staff and customers with online training courses on 'How to Stay Safe Online', 'Think Before You Click' and more within our Client Portal.
Online training courses are great ways to get your staff to absorb the information and retain it. If you're interested in learning more about our online security courses, please get in touch.
Phishing emails sent to businesses are typically more targeted and harder to detect than ones sent to your personal accounts. If you're unsure what signs to look out for, we have written blogs on different types of cyberattacks.
Phishing is defined as, ‘the fraudulent practice of sending emails claiming to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.’
This blog provides details about each type of phishing attack, from Smishing (text scams) to Clone Phishing (replicated emails) and the signs you should look out for.
Phishing scams are the easiest way for cybercriminals to gain access to your business data, which is why you need to keep your users aware and alert to the latest scams.
Whaling is another form of phishing that often targets senior management – this type of social engineering targets ‘High Level’ users and attempts to make them send money, divulge business data and more.
Whaling phishing emails are highly sophisticated and can be difficult to detect, like the email seen above from Sky News. If you think of an email you may have seen in your spam before, you would have noticed the bad grammar or lack of personalisation, so you clearly could see it wasn’t a genuine email.
These types of phishing emails have:
• A sense of urgency
• Personalised information about the target and/or organisation
• Corporate/business tone of voice and jargon
Cybercriminals sending Whaling emails would have researched your business and even researched you via social media.
Our Whaling Phishing blog provides examples and screenshots of whaling cyberattacks so you can clearly see the usual warnings signs, with a few tips on other ways to detect them.
Please stay vigilant and cautious of any email you receive. If you’re sent an email that looks suspicious, please contact your service desk. If you need help, please get in touch - we can provide guides, user awareness training for your staff, as well as multi-layered security solutions for your business.
This is a difficult time for everyone, and keeping on top of your security should not be a second thought. We're all in this together, so please stay safe and observant to cyberattacks.