One of the UK’s intelligence agencies has made a rare announcement to warn the public about criminals who are using the coronavirus outbreak to launch online attacks.
Experts from the National Cyber Security Centre (NCSC) – a part of GCHQ – have said that a range of attacks are being conducted by cyber criminals to make money out of exploiting people’s fears over COVID-19.
Bogus emails posing as communications from health authorities are being sent with links claiming to provide important updates, which when clicked instead lead to devices being infected with malware.
The NCSC stated: “Individuals in the UK have been targeted by these coronavirus-themed phishing emails, with infected attachments containing fictitious ‘safety measures’.”
Internationally, organisations such as the US Centre for Disease Control and the World Health Organisation have been impersonated by cyber criminals.
The criminals create domain names similar to these organisations’ real web addresses in order to dupe email recipients and “request passwords and even bitcoin donations to fund a fake vaccine”, according to the NCSC.
The shipping, transport and retail sectors are commonly being targeted as well by criminal organisations who steal documents and encrypt computers to hold their victims to ransom.
Criminals are also taking advantage of the outbreak on dark net marketplaces, where normal listings for drugs and hacking tools are being joined by offers for surgical face masks.
Away from the dark web, hundreds of websites have been registered and set-up within the past few weeks offering heavily discounted face masks.
But, as risk firm Digital Shadows told Sky News, there is a huge risk that these products are counterfeit, and in some cases the masks potentially don’t even exist at all – and once enough consumers have handed over their money, the website will simply disappear.
According to the UK’s national fraud intelligence bureau, British people have been swindled out of more than £800,000 by attempting to buy masks from fake sellers.
Cyber criminal gangs are also targeting healthcare professionals with phishing emails about “coronavirus awareness” – part of a wave of scams capitalising on the pandemic.
Sky News has seen a copy of an email scam sent to a number of healthcare organisations that pretends to be from each firm’s internal IT team.
The email – which has the subject “ALL STAFF: CORONA VIRUS AWARENESS” – tells employees that “the institution is currently organising a seminar for all staff to talk about this deadly virus”, asking them to click on a link to register.
The link takes anyone clicking on it to a third-party website disguised as an Outlook web app. Anyone who fills in that form ends up giving their details to the hackers.
Paul Chichester, the NCSC’s director of operations, said: “We know that cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the coronavirus outbreak.
“Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails.
“In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”
The NCSC is urging businesses and the public to consult its online guidance, including how to spot and deal with suspicious emails as well as mitigate and defend against malware and ransomware.