Phishing scams are on the rise due to hackers taking advantage of the fear and anxiety caused by the global pandemic. But what can you do to stay vigilant?
Cyber criminals exploiting the concerns and fears of those facing stressful situations is nothing new.
But the current coronavirus pandemic is providing a new avenue for these criminals to steal credentials and distribute malicious software.
There has been a noted increase in phishing scams and malware being circulated over the past couple of months under the guise of information about coronavirus.
The rise of coronavirus-related phishing emails
Cyber security firm Kaspersky told the BBC that it has detected more than 513 different files with coronavirus in the title, which contain malware. There have been many more articles appearing in the media from outlets such as Wired, ZDNet, Cofense and UN news reporting this phenomenon, since January.
The National Cyber Security Centre (NCSC) has also revealed many of these attacks and is urging people to follow online safety advice, while taking its own measures to automatically discover and remove malicious sites.
David Emm, principal security researcher at Kaspersky told the BBC that he expects the number of coronavirus-related phishing emails and those containing malware and ransomware as the biological virus also continues to spread.
This seems very likely, and as such people need to be extra vigilant during these times.
What is particularly nasty is that cyber criminals are preying on public fears and anxiety which make people much more susceptible.
Emails purporting to contain information on cures, or links to alleged ‘government’ information are things to look out for: researchers from Malwarebytes identified malicious code in a website that claimed to show an up-to-date global heatmap of coronavirus reports.
A public health sector website in the United States has also been hit with a ransomware attack.The attack took down a website providing valuable medical information at a time when it is needed most.
The Champaign-Urbana Public Health District (CHUPD) website was taken hostage by a ransomware called NetWalker, and as such the health district is urging people to follow its Facebook page for ongoing information on coronavirus.
These attacks all underline the importance of staying vigilant and making sure security measures are up to date and that systems are protected, not least because with the possibility of isolation measures, digital communications channels become more vital than ever.
It’s very important to keep on the lookout for possible phishes and scams.
Key tips to spot scams
- Do not click on links from emails that appear to be from bodies such as the WHO or the NHS - instead, go to their websites independently and check if the information in the email is corroborated
- Check legitimate websites for things that organisations will not do. For example, many websites will state that they will never ask you for your password or payment details via email
- Be wary of emails or messages offering cures or new information on the coronavirus. Again, check websites independently instead of clicking on links or replying
- Members’ IT support or network staff can report concerns to our CSIRT team. They are on hand to help should you be concerned about your organisation’s cyber security. The Janet CSIRT team can be contacted on 0300 999 2340 or at firstname.lastname@example.org
The immediate concerns are the volume and nature of phishing attacks, and the risk of malware and ransomware taking key systems offline. It’s important therefore to make sure your systems are properly up to date with security, and that information is backed up so you can restore systems in the event of an attack.