People trying to stay safe from the coronavirus (Covid-19) pandemic are being targeted by cybercriminals. Amidst worldwide fear and concern about the novel virus, the perfect environment is being exploited by fraudsters who are using loathsome tactics to commit cybercrime.
The coronavirus crisis has seen the world move online. Digital communications have increasingly replaced face-to-face contact in the workplace, in retail and in our social lives.
As worldwide ‘lockdowns’ began to take hold, global internet traffic was said to have increased by over 30% – the single largest growth in online traffic ever seen.
Many sources have reported on how cybercriminals are taking advantage of people’s fears about the pandemic and their increased need to work, shop and seek information online. In the coronavirus alert it’s easy for people to let their guard down about the types of online risks to which they might normally be alert.
Between 1 February 2020 and 18 March 2020 Action Fraud received “reports from victims of coronavirus-related frauds with losses totalling close to £970.000. Many of these related to online shopping scams where people have ordered protective face masks, hand sanitiser and other products, which never arrived.” Some cases have been identified where fake testing kits have been offered for sale.
Over 200 reports had been received about “coronavirus-themed phishing emails attempting to trick people into opening malicious attachments or revealing sensitive personal and financial information.” (source: Criminal Prosecution Service)
Some of unsavoury tactics used by scammers include:
- Impersonating trusted organisations – Phishing scams about COVID-19 are on the rise. Scammers are using logos from highly-trusted sources such as the World Health Organization to lure victims into clicking on dangerous links in phishing emails. Others are using HMRC branding, and adapting an old scam, to offer false financial support.
- Sending Malware – some criminals are hiding malware in Covid-19 related websites and apps
- ’Smishing’ scams – criminals are sending false text messages (e.g. from HMRC) with malicious links in which texts are able to mimic genuine mobile numbers.
More people online means more opportunities for cybercriminals.
Coronavirus scams: How to spot them and stop them – Which?
Working From Home
Working from home has increased hugely since the UK government asked as many workers as possible to stay at home. This has accounted for much of the rise in internet traffic, combined with the general stay-at-home advice. This has meant a huge rise in people using their own computers, laptops and other devices at home and often without the cybersecurity usually provided in the workplace. Working remotely may also be a new experience to many workers not used to taking their own cybersecurity precautions.
Remote working can present special challenges to maintaining online security and privacy. Potential data breaches, malware and scams pose a threat to workers, the company’s files and data and that of your clients. It may seem low priority at the moment but there is still a need for businesses to remain GDPR compliant too during the Covid-19 pandemic – it’s all about reducing risk and taking the right precautions:
- Take care with personal details – Criminals will use a range of techniques to try and convince you to divulge your logon details and passwords. Legitimate sources will rarely ask you to reveal these details especially over the phone, email or text.
- Beware using new software and online tools – remote workers are turning to new online collaborative tools such as Zoom and Slack to stay connected with co-workers and friends. While these can be useful it’s important to consider security and privacy. What security information are the new tools collecting about you? How can you guard against downloading malware along with the new software?
- Unsecured networks – those working from home not on the company network will be using their home network and need to check filtering, firewalls, encryption and anti-virus protections. One common vulnerability is continuing to use the default password on their home routers leaving themselves open to attacks.
- BYOD (bring your own device) – workers not using company phones and devices may be at increased risk of data breaches and cyber-attacks because they will be not be protected to the same extent.
The best defence against cybercrime is prevention.
360ict Ltd is here to offer help and advice to businesses going remote. We can help keep your business and workforce resilient and safe online.