Categories
IT Security

COVID-19 Scams Increasing

COVID-19 never seems to be out of the news at the moment and ironically here we are writing about it.

Businesses and individuals are being targetted alike, as the pandemic has affected every aspect of life as we know it.

Covid 19 Scams

Citizens advice has reported a near 20% increase in visitors requesting support and over 30% of Britons reporting they’ve been targeting by various methods of scams using COVID-19 as the hook.

Scams include false / fraudulent claims, fake vaccines, fake testing kits, scam Government refunds & grants and even false claims of 5G causing the pandemic.

“Tried-and-tested scams still pose huge threat” says Citizens Advice, as fraudsters on average pocket almost £3,000 per victim

Gillian Guy, chief executive of Citizens Advice Tweet

Businesses and individuals are being targetted alike, as the pandemic has affected every aspect of life as we know it.

Citizens advice has reported a near 20% increase in visitors requesting support and over 30% of Britons reporting they’ve been targeting by various methods of scams using COVID-19 as the hook.

Scams include false / fraudulent claims, fake vaccines, fake testing kits, scam Government refunds & grants and even false claims of 5G causing the pandemic.

HMRC have also been active in trying to close down some of these COVID-19 scam websites by way of filing over 300 take-down requests to Internet Service Providors (ISPs). [292 as of 23 March 2020, as reported by Infosecurity Magazine].

As you’d expect, the National Secuity Cyber Centre has also been removing online scams as fast as they can, topping 2,000. Such scams are exploiting the virus to create fake/scam ‘shops’, fake cures, fake virus inhibitors and even indentity thieves capturing personal information to be abused at a later date.

Phishing Emails (Fake Emails)

Threats and scams via fake emails (phishing) are keeping up with the COVID-19 scam trend too, with attackers leaning on this critical form of business – and personal – communication. Even more critical since the pandemic hit with isolation and remote working.

With individuals isolated, unable to quickly ask a collegue what an email is, we’re seeing more and more people bite the bait of phishing scams. One of the most frequent, most successful scams is an official looking “HMRC COVID-19 Tax Refund” or “HMRC COVID-19 Business Grant”. The email encourages the user to click a link where they are asked to input personal details, financial details and/or both.

Attackers have stolen identities, critical business information, bank details, card details and personal details.

We’ve even seen scammers pretending to be charities asking for donations to provide COVID-19 relief (normally in cryptocurrency – Bitcoin).

A lot of email phishing scams get caught by our bClean email & spam filtering service but some get through when using clever techniques like sending email from a compromised email account that’s already trusted by the receipient (or even relaying email through globally trusted email servers as Forbes recently reported Samsung being exploited in this manner).

How to Spot Phishing Emails

Sometimes phishing emails are very easy to spot, and almost comical if they weren’t so sinister, with their badly spelt and worded content.

Users need to be proactively checking for bad actors via email. Another phishing email we’ve seen claims that they’re a doctor from the (NHS or similar) and have details of a vaccine currently being held from the general public by the (Chinese and/or UK) Government(s). A link in the email – designed to alarm users – captures personal information.

The text of phishing emails is the biggest giveaway a lot of the time and includes sentances such as:

We know that the world has been struggling to contain this deadly virus developed and sprayed by wicked scientists to reduce the population of the world so the government will have control over you.”

This coronavirus is a weapon created to discredit rival government health systems or the other way to control the citizens of the world but due to some people like us and our medical teams hate the injustice going in this world.”

Although some of these are easy to spot, we have seen reports of an alarmingly high number of people clicking the links in these emails.

Protect Your Business from Email Scams

I previously mentioned that email filters like our bClean catch of lot of email scams but unfortunately they can’t catch them all.

We have seen our client targeted with email scams sent from people they communicate on a regular basis because that person fell for a scam and exposed their email access credentials, allowing the attacker to pose as them. An email filter can’t do much here so long as the email isn’t worded too suspiciously.

The ultimate line of defence against these types of attacks are the human element. Services like our bSecure and bTrain provides your staff with cyber security training and awareness. Your staff will be given the resources they need to be able to spot email scams – as well as other scams including compromised websites and even scam telephone calls. They’ll also be tested randomly and the results sent back through to decision makers.

There are other services available to patch any last possible holes in security like our bPhish (a phishing simulation tool) and bBreach (rapidly locates any users exposed credentials).