Criminals increase scamming activity during COVID-19

We understand the difficulty in temporarily closing your business and, if you have staff working from home, now more than ever you need to have remote protection and protocols in place as cyber scammers and cyber criminals have increased their activity. Phishing attacks in particular have dramatically increased.  Our IT security team have been reminding all our staff on how to be extra vigilant in terms of business and personal scenarios. We recommend you do the same.

Phishing Scams

Cyber-criminals have a variety of tools and techniques at their disposal, including malware, ransomware and disrupted denial-of-service attacks. One of the most common and difficult-to-spot strategies hackers use is phishing scams, which require minimal technical know-how and can be deployed from anywhere in the world via a simple email.

In these scams, phishers send an email or direct users to fraudulent websites, asking victims to provide sensitive information. These emails and websites are designed to look legitimate and trick individuals into providing credit card numbers, account numbers, passwords, usernames or other sensitive information.

With every opened email, users risk becoming the victim of monetary loss, credit card fraud and identity theft. What’s more, successful phishing attacks often go unnoticed, which increases the risk of large and continued losses, particularly for businesses.

To fool the victims, attackers customise phishing emails to make them appear legitimate, sometimes using logos or dummy email accounts to improve the effectiveness of the attack. Usually, phishers will pretend to be a trusted source, like a hospital, bank or employer. The phishing message will likely include alarming or suggestive language to fool victims into:

  • Clicking a link
  • Opening a document
  • Installing software e.g. malware
  • Entering their username and password into a website that’s made to look legitimate

If a victim does any of the above, the hacker can infect their computer and steal sensitive information, often without having to use a single line of code. With phishing attacks, even the most top-of-the-line firewall can’t stop an individual from clicking on a malware-loaded email.

Of all the various types of cyber-crime, phishing attacks are some of the most dangerous, especially whilst preying on Coronavirus COVID-19 fears, curiosity and urgency during this period. Phishing messages can easily bypass standard antivirus software and pass through spam filters. As scammers don’t need to infect your computer with a virus to obtain your information, the criminals rely on psychology and misdirection.

Email Subject Lines used in Phishing Attacks

Globally, the following were the subject lines of the most clicked phishing emails in recent years:

  • Security Alert
  • Revised Holiday & Sick Time Policy
  • UPS Label Delivery 1ZBE312TNY00015011
  • A Delivery Attempt was made
  • All Employees: Update your Healthcare Info
  • Change of Password Required Immediately
  • Password Check Required Immediately
  • Unusual sign-in activity
  • Urgent Action Required

It’s not just your computers that are vulnerable…

Amazon Phone Scam

This phone scam aimed at Amazon customers plays automated messages about your Prime membership and that it is about to be renewed. It then instructs you to press 1 to cancel or query the payment, where you get re-directed to the scammer. You can hear an example call here.

You can add your number to the Telephone Preference Service. This stops legitimate UK marketing companies from calling you, a worthwhile use of 5 minutes, however those based abroad won’t be blocked. It may seem like common sense, but these individuals and organisations making millions out of scams like this can be very convincing, but the best course of action is the put the phone down and if necessary, call the company back on a known/legitimate number. Remember, Amazon won’t ask you to make payments over the phone, nor will it ask you for your password or bank details.

Action Fraud have run an article about the Amazon phone scam, here.

Beware of these new Coronavirus-related Scams too

Scammers are also making lots of money from the COVID-19 outbreak including:

  • Text messages offering “free passes” to Netflix for the period of Isolation
  • Text messages claiming you’ve been caught leaving your house and must pay a fine
  • Emails/texts pretending to be from the World Health Organization attaching a PDF containing advice on how to stay safe
  • Fraudsters posing as healthcare workers and going door to door selling home testing kits
  • Text messages asking you to enter your postcode to apply for a COVID-19 relief payment from the Government
  • Email pretending to be from the “Center for Disease Control” with links to a legitimate looking but fake website requiring your Microsoft Login details.

Summary

As always, ask yourself some basic questions to avoid becoming the victim of a phishing scheme:

  • Have I requested or am I expecting this?
  • Do these emails/texts look genuine?
  • Are there obvious spelling/grammatical errors?
  • Where do the links point if I hover over them?

And some further guidance:

  • Hover over and triple-check the address of any links before you click them
  • Verify a website’s security. Legitimate websites will have a URL that begins with https, and you should see a closed lock icon somewhere near the address bar
  • Avoid replying to the sender if you suspect an email is malicious. If you recognise the individual or company sending the suspicious email, follow up with them offline to ensure they meant to contact you
  • Never enter personal information or click links in a pop-up screen and definitely do not give any financial information to anyone with whom you have any doubt over authenticity
  • Check the news and google.  Often the scams spread far and wide and are quite publicised so a little research can help you find what to look out for on that email or text message.

TH March offer a wide range of cyber insurance cover options. Be prepared and ensure you implement suitable protection to help deter cyber criminals from targeting your business. Contact TH March on 01822 855555 or commercialinsurance@thmarch.co.uk to obtain a free quote.

Read our other posts

TH March Refresh Brand Identity

TH March Refresh Brand Identity

TH March is taking the next step forward in its evolution with a brand refresh, including new logo, website enhancements and refined messaging that support the company’s enriched mission. Thanks to a new look and a digital transformation, the refreshed identity blends TH March’s product portfolio into a unified family and infusing new energy.   […]

Keeping Mobile Devices Cyber-secure

Keeping Mobile Devices Cyber-secure

Cyber-security is a subject that many employers have become more aware of in recent years, but there will always be more to learn and additional adaptations to make. As technology continues to evolve, so do the methods by which a cyber-attack might take place. One key example of a potential cyber-security step that organisations may […]

Government Announces Plans for Reopening England

Government Announces Plans for Reopening England

In the wake of the UK’s latest lockdown, Prime Minister Boris Johnson has announced a four-step plan that the government hopes will allow England to reopen safely. This process is currently projected to start on 8th March, and each of the four stages will last a minimum of five weeks. Johnson has made it clear […]

Understanding Musculoskeletal Disorders

Understanding Musculoskeletal Disorders

Musculoskeletal disorders are among the most common work-related ailments that employers must be aware of. These issues can severely decrease quality of life and may even affect workers for the rest of their lives. Furthermore, a wide variety of factors can contribute to these disorders, making them a threat across many different industries. According to […]

Understanding the New Brexit Deal

Understanding the New Brexit Deal

Following a significant amount of suspense spanning much of 2020, the UK and EU finally reached a trade agreement on 24th December 2020. This new deal will regulate how many UK organisations across a variety of sectors will be conducting business with partners and clients in the EU. As far as trade considerations go, employers […]