We’re all dealing with the Covid-19 pandemic, which has been trying for the entire world. You’d think that would be more than enough to worry about; however, we also have to be on the lookout for cybercriminals and their scams.
Cybercriminals have been extremely active in looking for ways to take advantage of the novel coronavirus. In fact, some of the most common scams are branded to look as if they’re coming from the UK government, when they’re actually being created by cybercriminals. Their hot topic is Covid-19.
Along with the surge in Covid-19 scams, more people are working from home during the pandemic. This has been in an effort to slow transmission of the virus. However, with more people working from home, they’ve become more vulnerable to these cyber threats.
While individuals are being targeted in many of the scams, many businesses of all sizes are also coming under attack from Covid-19 scams.
Social engineering is the method scammers use to scam individuals and companies. If you’re not familiar with the term, social engineering is the art of using human psychology to gain access to systems, data, and more.
For example, during the coronavirus cybercriminals are taking advantage of everyone’s fear and concern over the pandemic. The scammers may try to get a person to open an email attachment with the promise it contains useful information, while in reality it contains malware.
To take the scam one step farther and make it convincing, the criminals make the message appear to be from the UK government through the use of logos and more. If an email looks official, there’s a high probability people will open it. This is just one example of social engineering.
Criminals are ingenious and can make an email, webpage, and more appear to be from a reputable sender. They can even mimic a company’s email to employees. This is an extremely serious problem.
Phishing emails may contain links to fake webpages or email login pages. They may also send an email that looks to be from an employee’s company, asking them to download and open an attachment. Again, the attachment is promised to include information the employee needs about the pandemic.
Titles of emails, malware attachments and more may be titled with Covid-19 themes. These are used to cause curiosity about the contents or play on peoples’ fears of the pandemic.
The NCSC (National Cyber Security Centre) has noted that there is an increase in the number of phishing attacks that are using social engineering tactics related to the coronavirus. You may see emails with the titles that look similar to these:
- Coronavirus updates
- 2019-nCOV: New confirmed cases in your City
- 2020 Coronavirus updates
- 2020 Covid-19 Updates
Unfortunately, the emails will contain a call to action to click on a link, which has been created by cybercriminals with the goal of stealing personal information. Valuable personal information can include:
- Credit card information
- And more
According to the BBC, Google has been blocking 18 million coronavirus scam emails every day.
In addition to using various means of communications via email and SMS, cyber criminals may even contact people through their social media channels (Twitter, Facebook, Instagram, and more).
Another tactic cyber criminals are using is SMS phishing. Carrying on the Covid-19 theme, the SMS phishing attacks may use financial incentives to get people to provide valuable personal data. The messages may contain promises of financial help from the government, tax rebates and more. The theme is usually financial.
These coronavirus SMS phishing schemes may also look as if they’re official messages from the UK government. They may ask for information such as email, mailing address, name and even banking information. While the messages may look official, they will include links that take the recipient directly to a phishing site.
Not only are criminals using SMS for phishing attacks but are also luring victims through other messaging apps such as WhatsApp and more. These attacks are predicted to keep going as long as the Covid-19 pandemic and government compensation is offered. The theme of these scams will continue to be linked to the coronavirus.
Working from Home Dangers
During the pandemic, many companies have shifted employees to working from home, and have supplied them with cloud services, VPNs to access IT networks and more. While VPNs are able to provide some level of security when working from home, criminals have been taking advantage of known vulnerabilities found in many VPN apps and other remote work tools.
And criminals are also exploiting vulnerabilities found in communication tools such as Microsoft Teams and Zoom. With the move to work from home, many employees are relying on these tools to stay in touch with teams. As a result, cyber criminals have been sending out phishing emails that looks as if they come from these communication platforms.
The emails contain attachments that may have names such as “zoom-uszoom_####.exe” or “Microsoft-teams_V#mu#D#####.exe, where “#” will actually be a string of numbers.
Not only are they using these phishing methods, but criminals are also able to gain access to teleconferences and even online classrooms. These have usually been set up with no security controls or people are using unpatched versions of the communication software.
If you receive an email or other form of communication that seems to be part of a scam, stop and review it carefully. Don’t click any of the links or attachments. Does this look like it might be a fake message?
Remember that organisations such as your company, bank, the government, the police, and more will never ask you to withdraw or transfer money to another account. They will never ask for your username, password or PIN.
If the message could be genuine, then contact the organisation directly. Remember, don’t use any links in the email, don’t use phone numbers or open attachments contained in the emails. Instead, go directly to the organisation’s site to find their contact information.
For instance, if the message appears to be from your bank or a government office, the best thing is to phone the organisation. Explain that you’ve received an email that may be suspicious and ask if they’ve sent it. Then they’ll give you guidance on how to proceed.
During the Covid-19 pandemic, it pays to be careful about all communications received via various channels, which include phone calls, email, SMS and more. Not only will you avoid falling victim to these scams, but you’ll keep your personal data and company safe and secure in these difficult times.
23rd June 2020