Monday, 6 July 2020

Phishing in the time of coronavirus

Grant McGregor has written extensively on this blog about the growing risk from phishing, spear phishing and social engineering. Now, experts warn these risks have got an extra boost from the coronavirus pandemic.

covid-19 phishing on phone

Grant McGregor has written extensively on this blog about the growing risk from phishing, spear phishing and social engineering. Now, experts warn these risks have got an extra boost from the coronavirus pandemic.

In April 2020, the UK’s National Cyber Security Centre (NCSC) launched a campaign to raise awareness of the increased threat from cybercrime during the COVID-19 pandemic.

In doing so, it highlighted its concern that criminals could seek to capitalise on the increased use of Internet-enabled devices.

The NCSC’s response to coronavirus-related cybercrime

As part of the campaign, the NCSC launched a new suspicious email reporting service.

At the same time, it announced that it had already:

• Taken down 471 fake online shops selling fraudulent “coronavirus related” items

• Removed 555 malware distribution sites

• Removed 200 phishing sites designed to capture password and credit card details

• Closed down 832 “advance-fee frauds” whereby a large sum of money is promised in return for a set-up payment.

However, the NCSC makes it clear that cyber criminals are continuing to use the pandemic as an opportunity to play on peoples fears and desire for information and exploit it for their own financial gain.

How to spot a coronavirus-related phishing email

The security company Norton has published a blog which identifies some of the phishing approaches being used by cyber criminals in the wake of the pandemic.

These include:

• Email messages that include an invitation to open an attachment to see the latest COVID-19 statistics for your area, but if you click on the embedded link or attachment, you download malicious software to your device.

• Email messages that offer a novel cure or way to protect yourself against the virus. Norton gives the example of one email that claimed “This little measure can save you”

• Email messages that replicate an internal company communication and include a link to a new company policy about safety precautions. When you click on the “company policy” you download malicious software.

One reason the coronavirus is such a tempting ploy for the cyber criminals is because it offers an ideal opportunity to trade on one of their favourite devices: the creation of a sense of urgency.

How to respond to a fake sense of urgency

Manufacturing a sense of urgency works because it can pressurise email recipients to make a bad decision.

If you feel pressured by an email to act upon it, this is a major warning flag that you might be dealing with a phishing attempt.

Take a step back: no matter how urgent it seems don’t be tempted to act on it immediately.

If possible, confirm the information in the email or reach out to the recipient in another way.

Don’t use the link in the email: find the website address for yourself. Or better, pick up the phone and speak with the person involved.

The growing risk of cyber crime

Trend Micro has also reported a rise in coronavirus-related cybercrime.

In its first-quarter Smart Protection Network survey, it says it has detected 737 different malware related to COVID-19 between January 1, 2020 and March 31, 2020. The company reports 907 thousand spam messages related to COVID-19 over the same period and a 220-times increase in spam from February to March. In particular, it highlights the risk of a coronavirus-themed ransomware.

KPMG warns of further scams

Further coronavirus-related cybercrime activity has been identified by consulting company KPMG. It has highlighted several scams:

• COVID-19 themed spear-phishing attempts

• COVID-19 phishing emails with macro-enabled Word documents which download Emotet or Trickbot malware

• Phishing emails purporting to come from the World Health Organisation

• COVID-19 tax rebate lures which direct recipients to a fake website that captures financial and tax information

The NCSC guidance

As part of its campaign, the NCSC published five simple steps that everyone should be taking to protect themselves online:

• Turn on two-factor authentication

• Protect accounts using a password of three random words

• Create a separate password that you use only for your main email account

• Update the software and apps regularly

• Protect yourself from being held to ransom by backing up important data

Are you doing enough to protect your staff from phishing?

As well as implementing sensible precautions such as email filtering and two-factor authentication, staff need to be empowered to spot phishing attempts.

At this time, it’s really important to make sure all your staff understand there is an increased risk of cybercrime during this period, especially with a coronavirus theme.

At the same time as you communicate this message, it’s worth reminding staff of the precautions they can take to protect themselves from phishing attacks:

Use strong passwords, especially for key accounts such as Office 365 access

• Look out for spelling and/or grammatical mistakes – these can indicate spam or phishing content

• Beware of online requests for personal or financial information

• Be wary of emails that insist you act immediately

• Confirm requests for information using a different channel (e.g. by phone or Teams messaging)

• Check email addresses and links before clicking on them

You can read more about phishing red flags here on our blog.

To find out what you can do to support staff, please speak with the Grant McGregor team. We’re always on hand to offer expert help and advice and more than happy to talk you through security approaches and solutions or staff training to help you to neutralise the threat of cybercrime.