Cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the coronavirus outbreak, according to the UK official National Cyber Security Centre (NCSC). For example, bogus emails claim to have important updates, only once links are clicked on, lead to devices being infected.
Paul Chichester, Director of Operations at the NCSC, said: “Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails. In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”
The NCSC says that it has seen an increase in the registration of webpages relating to the virus. These attacks are versatile and can be conducted through various media, adapted to different sectors and monetised via multiple means, including ransomware, credential theft, bitcoin or fraud, according to the NCSC.
The NCSC points to its online guidance, on how to spot and deal with suspicious emails; and mitigate and defend against malware and ransomware.
Among examples, in February, the World Health Organisation (WHO) warned of fraudulent emails sent by criminals posing as the WHO. This followed a warning from the US Federal Trade Commission about scammers spreading phishing ‘clickbait’ via email and social media, as well as creating fraudulent websites to sell fake anti-viral equipment. Also impersonated is the US Center for Disease Control (CDC), whereby scammers have created domain names similar to the CDC’s web address to request passwords and bitcoin donations to fund a fake vaccine.
Jake Moore, at the cyber-security company ESET, said: “The spread of fear is just as contagious as COVID-19 and people are falling for these scams in panic mode. Cyber criminals are relying more on social engineering, which is the practice of deceiving or manipulating someone. Right now this tactic is proving very popular; people feel they have limited time to research the background and validation of sites. Panic is a psychological feeling that threat actors use widely, especially when there is a pandemic. I’m also seeing a huge increase in texting scams. I’ve seen employees targeted with texts which are supposedly from their boss, requesting that they send Amazon vouchers to their business partners to apologise for business inconvenience. Employees need to verify these requests by phoning their management on the number they know to be correct before any financial transactional is made.”