Beware coronavirus phishing attacks: Stop, Think and Be Safe
Blog posted by: Nick Wilding, General Manager, Cyber Resilience, AXELOS and Head of RESILIA, 20 March 2020.
One group who are clearly enjoying the coronavirus pandemic are cyber criminals. It’s proved yet another valuable opportunity for them to play on our fears, doubts and vulnerabilities through simple phishing scams. Yet, like regularly washing our hands to avoid getting sick, we can take some simple measures to stay vigilant and safe from attack.
In the UK alone victims have reported losses totalling over £800,000 since February according to the National Fraud Intelligence Bureau. These are only reported cases. Ten of the 21 scams identified that month involved desperate buyers of face masks, with one person apparently paying £15,000 for masks that were never delivered. As the coronavirus pandemic intensifies it is highly likely that the volume of these sort of attacks will also rise.
We all need to beware of the rumours, misinformation, hoaxes, and snake oil cures that the coronavirus has spawned. Cyber threat investigators have also identified targeted attacks on the global shipping industry and those industries susceptible to shipping disruptions including manufacturing, industrial, pharmaceutical and transportation.
Paul Chichester, Director of Operations at the UK’s National Cyber Security Centre (NCSC), has said: “We know that cyber criminals are opportunistic and will look to exploit people’s fears. Our advice to the public is to follow simple guidance, which includes how to spot suspect emails. If someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”
Here are some simple clues to spotting coronavirus phishing emails:
- Many will have poor grammar, punctuation and spelling.
- If the email refers to you as a 'valued customer', 'friend', or 'colleague' this suggests the sender does not know you and this might be suspicious;
- Does the email suggest that you need to act urgently? As the NCSC says - be suspicious of phrases like: “send these details within 24 hours” or “you have been a victim of crime, click here immediately”.
- Check the senders name – does it sound legitimate or are they trying to mimic someone you know?
- If the email is offering something that sounds too good to be true, then it probably is.
- Be careful not to provide personal information on what you believe are trusted websites. The World Health Organization (WHO) has already highlighted scams from people disguising themselves as the WHO. If you are contacted by a person or organization that appears to be from the WHO or other trusted website, verify their authenticity before responding.
For you as an individual or consumer the above advice can go a long way to helping you secure yourself online. If you do spot a suspicious email, flag it as Spam/Junk or Suspicious in your email inbox. This will take it out of your inbox and tell your email provider you've identified it as potentially unsafe. You can also report suspicious emails, phone calls or SMS messages to Action Fraud at https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime.
Within your organization if you spot a suspicious email you should report it to your manager or IT or Security team. This is vital in quickly stopping others doing the same thing and advising everyone what to look out for. We all must have the insight to know what to do next and the confidence to tell others quickly to minimise the threat your organization might face.
Latest News from
ITIL 4 – the small things that are actually huge27/09/2021 13:20:00
Blog posted by: Jonathan Wafford – Global Service Delivery Lead, Capgemini Government Solutions, 24 September 2021.
Lessons learned from project managing a baby24/09/2021 13:20:00
Blog posted by: Ana O’Sullivan – project management expert and mother, 22 September 2021.
Workforce and talent management – maximizing employee motivation13/09/2021 10:20:00
Blog posted by: David Billouz – CEO, Ociris, 10 September 2021.
Running a project management office10/09/2021 13:20:00
Blog posted by: Christopher Poyntz – Audit Transformation Project Manager, PwC, 09 September 2021.
IT asset management and ITIL 4’s guiding principles07/09/2021 13:20:00
Blog posted by: Charlie Miles – Principal Consultant, Pink Elephant, 06 September 2021.
PRINCE2 at Saint Xavier University, Chicago, USA06/09/2021 13:20:00
By Mark S. Rosenbaum, Dean and Paul Bujak, Adjunct Professor – Graham School of Management, 03 September 2021.
Job hunting using ITIL03/09/2021 13:20:00
Blog posted by: Solmaz Purser – Project Editor, AXELOS, 01 September 2021.
P3M3 and how organizations need to mature change capabilities31/08/2021 13:20:00
Blog posted by: Emma Arnaz-Pemberton, director of consulting services – Wellingtone Project Management, 27 August 2021.