Phishing Attacks & Covid-19
Cyber criminals across the world have not been slow during the current pandemic, to seduce users with a barrage of Covid-19 themed Phishing mails. The rate of Phishing has according to many sources, snowballed since the outbreak; with vulnerable users falling prey to financial scams, Ransomware and/or loss of Confidential data (to name just a few outcomes of Phishing attacks). This at a time when businesses least need the additional cost and chaos that this intrusion causes.
Recent threat activity has seen numerous versions of Phishing text and e mail which attempt to simulate messaging from central government or HMRC; offering individuals a tax refund. (Example below)
The link embedded in the body of the message will divert anyone fooled into clicking it; to a site which again has the appearance of an official Gov.UK website. Here the unsuspecting individual is asked to enter personal information like their National Insurance Number; to further convince them of it’s legitimacy. Finally a fake tax refund value is calculated and the individual asked to provide credit/debit card details in order that the refund can be paid. Once in receipt of these details, the fraudsters are free to use them or sell the details on to other criminals via the Dark Web.
In keeping with the whole Phishing concept, these Phishing attacks hope to prey on those individuals left desperate by the Covid-19 pandemic; who may be far too worried about their situation even to think they’re being conned.
A simple check of the links validity, by hoovering over it with your mouse; soon reveals its suspect nature. (See above example)
Phishing still remains the preferred attack option for Cyber criminals in not only extorting personal information and money from victims; but the deployment of Ransomware aimed at business targets. Ransomware itself has developed in recent times and no longer simply locks files in order to leverage a payment. The latest versions employ malicious code which also allows the theft of data from the victims network, which in turn is used as an additional incentive to pay the Ransom demand.
Report Phishing to NCSC
The governments National Cyber Security Centre (NCSC), has responded to the significant damage being done to business and private individuals through Phishing attacks.
In April the NCSC launched it’s Phishing reporting service.
The day following launch it had received over 5000 reports which resulted in the closure of 80 malicious websites. In late May the centre reported it had received over 614,000 reports and removed over 4,500 URLs from use.
So if you receive something suspicious, report it and help fight back.
Ensure your staff remain aware of the Threats
It is important now as ever before, that staff are continually reminded of this type of threat and its impacts. Phishing under Covid-19 poses a real threat to all and your users will encounter attacks.
Regular data security updates, reminders and awareness training is an essential element of any robust defence against data threats and in meeting organisational measures required by law. Routine Phishing tests of your staff can also help highlight gaps in staff awareness and identify further training needs.