We understand the difficulty in temporarily closing your business and, if you have staff working from home, now more than ever you need to have remote protection and protocols in place as cyber scammers and cyber criminals have increased their activity. Phishing attacks in particular have dramatically increased. Our IT security team have been reminding all our staff on how to be extra vigilant in terms of business and personal scenarios. We recommend you do the same.
Cyber-criminals have a variety of tools and techniques at their disposal, including malware, ransomware and disrupted denial-of-service attacks. One of the most common and difficult-to-spot strategies hackers use is phishing scams, which require minimal technical know-how and can be deployed from anywhere in the world via a simple email.
In these scams, phishers send an email or direct users to fraudulent websites, asking victims to provide sensitive information. These emails and websites are designed to look legitimate and trick individuals into providing credit card numbers, account numbers, passwords, usernames or other sensitive information.
With every opened email, users risk becoming the victim of monetary loss, credit card fraud and identity theft. What’s more, successful phishing attacks often go unnoticed, which increases the risk of large and continued losses, particularly for businesses.
To fool the victims, attackers customise phishing emails to make them appear legitimate, sometimes using logos or dummy email accounts to improve the effectiveness of the attack. Usually, phishers will pretend to be a trusted source, like a hospital, bank or employer. The phishing message will likely include alarming or suggestive language to fool victims into:
- Clicking a link
- Opening a document
- Installing software e.g. malware
- Entering their username and password into a website that’s made to look legitimate
If a victim does any of the above, the hacker can infect their computer and steal sensitive information, often without having to use a single line of code. With phishing attacks, even the most top-of-the-line firewall can’t stop an individual from clicking on a malware-loaded email.
Of all the various types of cyber-crime, phishing attacks are some of the most dangerous, especially whilst preying on Coronavirus COVID-19 fears, curiosity and urgency during this period. Phishing messages can easily bypass standard antivirus software and pass through spam filters. As scammers don’t need to infect your computer with a virus to obtain your information, the criminals rely on psychology and misdirection.
Email Subject Lines used in Phishing Attacks
Globally, the following were the subject lines of the most clicked phishing emails in recent years:
- Security Alert
- Revised Holiday & Sick Time Policy
- UPS Label Delivery 1ZBE312TNY00015011
- A Delivery Attempt was made
- All Employees: Update your Healthcare Info
- Change of Password Required Immediately
- Password Check Required Immediately
- Unusual sign-in activity
- Urgent Action Required
It’s not just your computers that are vulnerable…
Amazon Phone Scam
This phone scam aimed at Amazon customers plays automated messages about your Prime membership and that it is about to be renewed. It then instructs you to press 1 to cancel or query the payment, where you get re-directed to the scammer. You can hear an example call here.
You can add your number to the Telephone Preference Service. This stops legitimate UK marketing companies from calling you, a worthwhile use of 5 minutes, however those based abroad won’t be blocked. It may seem like common sense, but these individuals and organisations making millions out of scams like this can be very convincing, but the best course of action is the put the phone down and if necessary, call the company back on a known/legitimate number. Remember, Amazon won’t ask you to make payments over the phone, nor will it ask you for your password or bank details.
Action Fraud have run an article about the Amazon phone scam, here.
Beware of these new Coronavirus-related Scams too
Scammers are also making lots of money from the COVID-19 outbreak including:
- Text messages offering “free passes” to Netflix for the period of Isolation
- Text messages claiming you’ve been caught leaving your house and must pay a fine
- Emails/texts pretending to be from the World Health Organization attaching a PDF containing advice on how to stay safe
- Fraudsters posing as healthcare workers and going door to door selling home testing kits
- Text messages asking you to enter your postcode to apply for a COVID-19 relief payment from the Government
- Email pretending to be from the “Center for Disease Control” with links to a legitimate looking but fake website requiring your Microsoft Login details.
As always, ask yourself some basic questions to avoid becoming the victim of a phishing scheme:
- Have I requested or am I expecting this?
- Do these emails/texts look genuine?
- Are there obvious spelling/grammatical errors?
- Where do the links point if I hover over them?
And some further guidance:
- Hover over and triple-check the address of any links before you click them
- Verify a website’s security. Legitimate websites will have a URL that begins with https, and you should see a closed lock icon somewhere near the address bar
- Avoid replying to the sender if you suspect an email is malicious. If you recognise the individual or company sending the suspicious email, follow up with them offline to ensure they meant to contact you
- Never enter personal information or click links in a pop-up screen and definitely do not give any financial information to anyone with whom you have any doubt over authenticity
- Check the news and google. Often the scams spread far and wide and are quite publicised so a little research can help you find what to look out for on that email or text message.
TH March offer a wide range of cyber insurance cover options. Be prepared and ensure you implement suitable protection to help deter cyber criminals from targeting your business. Contact TH March on 01822 855555 or email@example.com to obtain a free quote.