Criminals increase scamming activity during COVID-19

We understand the difficulty in temporarily closing your business and, if you have staff working from home, now more than ever you need to have remote protection and protocols in place as cyber scammers and cyber criminals have increased their activity. Phishing attacks in particular have dramatically increased.  Our IT security team have been reminding all our staff on how to be extra vigilant in terms of business and personal scenarios. We recommend you do the same.

Phishing Scams

Cyber-criminals have a variety of tools and techniques at their disposal, including malware, ransomware and disrupted denial-of-service attacks. One of the most common and difficult-to-spot strategies hackers use is phishing scams, which require minimal technical know-how and can be deployed from anywhere in the world via a simple email.

In these scams, phishers send an email or direct users to fraudulent websites, asking victims to provide sensitive information. These emails and websites are designed to look legitimate and trick individuals into providing credit card numbers, account numbers, passwords, usernames or other sensitive information.

With every opened email, users risk becoming the victim of monetary loss, credit card fraud and identity theft. What’s more, successful phishing attacks often go unnoticed, which increases the risk of large and continued losses, particularly for businesses.

To fool the victims, attackers customise phishing emails to make them appear legitimate, sometimes using logos or dummy email accounts to improve the effectiveness of the attack. Usually, phishers will pretend to be a trusted source, like a hospital, bank or employer. The phishing message will likely include alarming or suggestive language to fool victims into:

  • Clicking a link
  • Opening a document
  • Installing software e.g. malware
  • Entering their username and password into a website that’s made to look legitimate

If a victim does any of the above, the hacker can infect their computer and steal sensitive information, often without having to use a single line of code. With phishing attacks, even the most top-of-the-line firewall can’t stop an individual from clicking on a malware-loaded email.

Of all the various types of cyber-crime, phishing attacks are some of the most dangerous, especially whilst preying on Coronavirus COVID-19 fears, curiosity and urgency during this period. Phishing messages can easily bypass standard antivirus software and pass through spam filters. As scammers don’t need to infect your computer with a virus to obtain your information, the criminals rely on psychology and misdirection.

Email Subject Lines used in Phishing Attacks

Globally, the following were the subject lines of the most clicked phishing emails in recent years:

  • Security Alert
  • Revised Holiday & Sick Time Policy
  • UPS Label Delivery 1ZBE312TNY00015011
  • A Delivery Attempt was made
  • All Employees: Update your Healthcare Info
  • Change of Password Required Immediately
  • Password Check Required Immediately
  • Unusual sign-in activity
  • Urgent Action Required

It’s not just your computers that are vulnerable…

Amazon Phone Scam

This phone scam aimed at Amazon customers plays automated messages about your Prime membership and that it is about to be renewed. It then instructs you to press 1 to cancel or query the payment, where you get re-directed to the scammer. You can hear an example call here.

You can add your number to the Telephone Preference Service. This stops legitimate UK marketing companies from calling you, a worthwhile use of 5 minutes, however those based abroad won’t be blocked. It may seem like common sense, but these individuals and organisations making millions out of scams like this can be very convincing, but the best course of action is the put the phone down and if necessary, call the company back on a known/legitimate number. Remember, Amazon won’t ask you to make payments over the phone, nor will it ask you for your password or bank details.

Action Fraud have run an article about the Amazon phone scam, here.

Beware of these new Coronavirus-related Scams too

Scammers are also making lots of money from the COVID-19 outbreak including:

  • Text messages offering “free passes” to Netflix for the period of Isolation
  • Text messages claiming you’ve been caught leaving your house and must pay a fine
  • Emails/texts pretending to be from the World Health Organization attaching a PDF containing advice on how to stay safe
  • Fraudsters posing as healthcare workers and going door to door selling home testing kits
  • Text messages asking you to enter your postcode to apply for a COVID-19 relief payment from the Government
  • Email pretending to be from the “Center for Disease Control” with links to a legitimate looking but fake website requiring your Microsoft Login details.

Summary

As always, ask yourself some basic questions to avoid becoming the victim of a phishing scheme:

  • Have I requested or am I expecting this?
  • Do these emails/texts look genuine?
  • Are there obvious spelling/grammatical errors?
  • Where do the links point if I hover over them?

And some further guidance:

  • Hover over and triple-check the address of any links before you click them
  • Verify a website’s security. Legitimate websites will have a URL that begins with https, and you should see a closed lock icon somewhere near the address bar
  • Avoid replying to the sender if you suspect an email is malicious. If you recognise the individual or company sending the suspicious email, follow up with them offline to ensure they meant to contact you
  • Never enter personal information or click links in a pop-up screen and definitely do not give any financial information to anyone with whom you have any doubt over authenticity
  • Check the news and google.  Often the scams spread far and wide and are quite publicised so a little research can help you find what to look out for on that email or text message.

TH March offer a wide range of cyber insurance cover options. Be prepared and ensure you implement suitable protection to help deter cyber criminals from targeting your business. Contact TH March on 01822 855555 or commercialinsurance@thmarch.co.uk to obtain a free quote.

Read our other posts

Ensuring Cyber-security by Managing Access and Privileges for Users

Ensuring Cyber-security by Managing Access and Privileges for Users

Your organisation’s data and intellectual property are invaluable resources, but they also present a tempting target for cyber-attacks. If your systems are compromised, there may be irreparable harm done to your organisation’s finances, reputation and future. One of the most important steps in addressing cyber-risks is regulating what information is accessible, and by whom. Many […]

Managing Employees Who Struggle to Work Remotely

Managing Employees Who Struggle to Work Remotely

As many organisations are adapting to newly remote teams, leaders are challenged with addressing the challenges of the remote environment. Remote work remains a relevant topic for employers, and it will continue post-coronavirus. Many managers find themselves tasked with effectively leading remote employees and helping their teams adapt to the virtual workplace. While many employees […]

Preparing for a Second  Wave of COVID-19 Cases

Preparing for a Second Wave of COVID-19 Cases

Even as the UK continues to ease lockdown measures, daily operations won’t be business-as-usual for many across the country. The coronavirus (COVID-19) pandemic is still going on, despite businesses reopening. Moreover, public health officials and experts are warning of a potential second wave of COVID-19 cases. Of course, no one knows if or when a […]

Protecting Your Privacy While Using Video Conference Software

Protecting Your Privacy While Using Video Conference Software

During the COVID-19 pandemic, technology has proven to be invaluable in allowing organisations to stay as connected as possible. Video chat software and apps have been particularly useful, as employees have been able to continue to attend virtual meetings and feel a sense of connection to their co-workers while working remotely. But, while video conferences […]

Managing the Return of Clients, Customers and Employees

Managing the Return of Clients, Customers and Employees

The UK has started the process of easing lockdown measures. This means that many businesses have either already reopened, or are in the process of doing so. Despite recent optimism, there are still significant risks related to the coronavirus pandemic that organisations should be taking seriously. As employees return and your business begins to welcome […]