Phishing has always been a notorious tactic used by cybercriminals. However, the sheer volume of the people affected by coronavirus and the global impact of the situation presents a unique opportunity for cyber criminals to capitalise on fear and confusion in the workplace. People who are already in a vulnerable state are easier to deceive. These attacks are directed at individuals, organisations, major corporations in both private and public sectors.
Barracuda Networks detected over a 600% increase in email scams linked to coronavirus within the last month. According to their recent report, out of 467,825 email scams detected in between March 1st and 23rd, 9116 (about 2%) of these incidents were directly corona-related spear-phishing attacks. These attacks were categorised into 3 topics and the breakdown is as follows; 77% were scams, 22% were brand impersonations, and 1% were business email compromise.
In the scam and brand impersonation categories extra vigilance is necessary for emails offering scarce items such as medical supplies, cures and facemasks. Numerous fraudsters are asking for investments in fake companies that claim to be working on the development of coronavirus vaccines, and still other cyber-crime relates to collecting donation requests to fake charities.
Especially following the recent circulation of malicious spams that impersonate the World Health Organisation (WHO), and the intelligence agencies around the world, including the National Cyber Security Centre UK, warnings are issued about fraudsters who strive to make money or get access to credentials and confidential data using public fears surrounding COVID-19.
BBC reported phishing emails that were detected in different languages and provided examples of these email scams to warn the public. A major highlight of the BBC’s report is a series of fake email campaigns mimicking the Centre for Disease Control and Prevention, that makes a claim about the coronavirus now being airborne and urges people to either follow a link to a ‘map’ or to make a donation. On the event that an individual falls prey to this scam either by clicking on the link provided or downloading an attachment, a malware software takes over the victims’ device and provides the criminal with access to sensitive data.
Overall, it is highly important to be suspicious of emails that require immediate action and particularly of those asking for donations in contemplation of a ‘cure’ or providing links that offer additional ‘safety measures’.
If you think you have fallen victim to phishing, National Cyber Security Centre UK advises the following:
- Use an antivirus software to run a full scan.
- Change all of your passwords and upgrade their quality (No more choosing 123myname! as your password, use favourite phrases and a friend’s phone number prefix for example).
- Contact your IT department if you are using a work device and make sure your devices are insured for data breach, protected with anti-virus and/or two-factor authentication.
- If you think any money or data is stolen, report this to Action Fraud as soon as possible and if you think you or anyone you know is in immediate danger call 999.
- Be cautious of any emails requesting users to open attachments or click links.
- Pay close attention to any communications claiming to be from sources that you normally would not receive emails from.
- Always double check email addresses of organisations you regularly communicate with.
- Find credible charities, be extra cautious when providing your card details and donate directly through verified organisations’ website.
Just as you are doing for the virus: Isolate yourself from those who may carry virus into your IT environment and be careful to keep home devices on secure WiFi and under close observation if you have different people with access to your work area.
Cybertonica uses Machine Learning and Artificial Intelligence to manage risk and fraud, increasing trust and growing frictionless banking and m/e-payments globally. Cybertonica’s service increases conversion and sales by up to 25% while managing card-not-present and other categories of fraud at world-class compliant standards.
Cybertonica has won numerous distinctions and awards since its product came to market, including the “Best Use of Payments Data Award” at Emerging Payments Awards 2018 and the “Best Data Analytics and Science Award” at Merchant Payments Ecosystem Awards 2018. Visit cybertonica.com to join us and build the future of Trust in Transaction™.