News
Paul Brown
27.03.2020
IT security professionals have seen a huge rise in the number of malicious cyber-attacks since the outbreak of the coronavirus (COVID-19). With the unprecedented rise in companies transitioning to remote working, these attacks have the potential to be more damaging and disruptive than they have ever been. Find out what to look out for and how to protect yourself as well as the company you work for and your colleagues
What is a cyber-attack?
One of the most common forms of cyber-attacks is phishing. This is when criminals send out electronic communications that impersonate an individual or organisation with the aim of stealing money, private personal information, or by infecting your device with software that can steal private personal information or confidential corporate files.
Such electronic communications can include those by:
- SMS
- Instant messengers e.g. WhatsApp, Skype, WeChat, iMessage, Facebook Messenger, KiK, Discord etc.
- Social media posts or direct messages (DMs)
Some organisations that criminals are known to be impersonating include:
- World Health Organisation (WHO)
- Health services or healthcare providers
- Government bodies
- Utility companies
- Banks and building societies
- Well-known trusted companies including eBay, Amazon, Alibaba, Walmart
What do these attacks look like?
The content of the current coronavirus phishing attacks includes, but is by no means limited to:
- Communications from well-known shopping sites, retailers, or health care providers offering hand sanitiser, face masks, or cures or remedies
- Emails from government bodies offering vaccines, cures, funds, free school meals, or compensation
Other types of scam to be aware of include:
- Criminals impersonating charities seeking funds and donations
- Criminals offering health or virus prevention tips
How can I recognise a potential cyber-attack?
- Have I received an offer that seems too good to be true?
- Has this person or organisation ever communicated with me before, particularly on this channel? A bank, government agency, healthcare organisation or similar will never contact you directly by social media or messaging app
- A bank, government agency, healthcare organisation or similar legitimate organisation will never ask you for a username, password, social security number/national insurance number, or payment to release information, funds, compensation, or prizes
- Is there a clear sense of urgency for me to respond to them?
If yes to any of the above, follow these common-sense approaches to stay safe:
- Look at the email address of the sender – does it match the sender’s name?
- Carefully check the spelling of the sender’s full email address – it is extremely common for criminals to use an email address that looks like a legitimate organisation but is slightly misspelled or includes additional punctuation
- Read the communication carefully – are there any typos or grammatical errors?
- If using a desktop computer, hover the cursor over any included links to see if it leads to where it claims. In desktop browsers the target destination of the link will appear in the bottom left of the page but be careful not to click on any of the links
- DO NOT download files or attachments from senders you do not recognise, or senders who seem suspicious as per the above bullet points
- Ask a friend or a colleague for a second opinion
- If uncertain, call that person or organisation directly using contact information from their website and do not use any email, phone number, form, or link included in the message
- If a suspicious communication has been received on a company device immediately forward it on to your information security or IT team – do not click or download anything you feel is suspicious.
For more information on what to look out for and how to stay safe, visit:
- UK Government National Cyber Security Centre
- US Government Consumer Federal Trade Commission
- Electronic Frontier Foundation
