Cyber criminals are using COVID-19 cover stories in new phishing attacks

blog image

CybSafe

We are CybSafe. We’re a British cyber security and data analytics company.

March 18, 2020

Here’s how to spot and stop the attacks

Criminals are using COVID-19 stories to convince people to do things they’d never normally do.

In one deplorable scam, cyber criminals email elderly targets. The criminals claim they represent medical organisations. They ask for deposits on COVID-19 vaccines (no such vaccine currently exists). 

In other attacks, criminals email people with “important updates” on COVID-19. The emails ask people to click links or open attachments. The links and attachments are, of course, fake. They unleash malware when clicked or opened.

How can you protect yourself and vulnerable members of society?

 

Spotting the attacks is tricky

As people, we’re inclined to act on emotional grounds. And the COVID-19 outbreak has gripped hearts worldwide.

You might feel angry about the outbreak. Or worried. 

Your heightened emotions make fake emails harder to spot.

 

How to keep yourself and others safe

That said, there are a few rules we can all follow to spot fake emails and unmask criminals. We’ve taken the following advice from the CybSafe module on social engineering. If you’re a CybSafe customer, review the advice in full here.

 

1. Ask yourself if you were expecting the email

If the email is out of the blue, it’s a red flag.

 

2. Ask yourself if the email conveys an undue sense of urgency

Cyber criminals want you to act quickly. They don’t want you to stop and think. So their fake emails tend to convey a sense of urgency. 

Emails might claim COVID-19 “vaccines” are limited in supply. Or they might ask you to open an attachment detailing “updates” immediately. 

If an email asks you to act quickly, take that as a cue to slow down and think.

 

3. Check the sender details

The criminals behind fake emails usually impersonate trusted sources. Like the NHS. Or the government. Or your boss. 

However, the sender details offer clues that the email is fake. The sender name might be NHS, for example. But the sender email might be nhs@gmail.com. 

The gmail account shows you’ve probably been contacted by a cyber criminal.

 

4. Avoid clicking suspicious links or opening suspicious attachments

Search Google for genuine links instead. And forward suspicious attachments to your IT or security team. Security professionals can investigate in a controlled environment.

 

5. Verify

If in doubt, verify the sender’s identity. Call them (or their organisation) using a known contact number. Avoid calling them on telephone numbers supplied in emails.

 

6. Report!

When you report fake emails, you don’t just protect yourself. You protect others, too. Your security or IT team can blacklist senders so no-one falls victim to scams you spot. 

The same applies to your personal email providers. Report the fake emails you spot to keep others safe.

The COVID-19 outbreak is indeed unsettling. So always remember you can take control of your own security.

Report fake emails to prevent cyber crime. You’ll keep yourself secure. And you’ll help vulnerable members of society in the process.

Post-pandemic, CISOs are overlooking an important cyber defence

Post-pandemic, CISOs are overlooking an important cyber defence

Following COVID, no CybSafe employee will be bound to a physical office. Instead, CybSafe will be joining the growing list of organisations “working from anywhere”. Not temporarily. Permanently. And not “working from home”. Working from anywhere. Questions about office hours and moving overseas quickly begin. They showcase people’s excitement. But they also highlight an interesting point – For months now, most security professionals have been desperate to “secure remote workers”. 

read more
We thought we needed to secure remote workers. We were wrong.

We thought we needed to secure remote workers. We were wrong.

Following COVID, no CybSafe employee will be bound to a physical office. Instead, CybSafe will be joining the growing list of organisations “working from anywhere”. Not temporarily. Permanently. And not “working from home”. Working from anywhere. Questions about office hours and moving overseas quickly begin. They showcase people’s excitement. But they also highlight an interesting point – For months now, most security professionals have been desperate to “secure remote workers”. 

read more