Cybersecurity experts at the National Cyber Security Centre (NCSC) – part of GCHQ – have found that a number of cyber criminals are exploiting the current situation; the Coronavirus outbreak, to conduct scams and malware attacks. Understand how to identify such scams, and find out how to protect yourself and your business during this difficult time.
How Cyber Criminals are Exploiting COVID-19
“We know that cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the Coronavirus outbreak” remarks Paul Chichester, NCSC Director of Operations.
It is apparent that cybercriminals across the globe are making the most of the current climate by tapping into people’s worries about coronavirus in a variety of ways. Scams are being adapted to different sectors, and have included:
- Emails containing links for COVID-19 advice/updates
- Ads for unsolicited websites
- Social media ads and links
The NCSC has reported that there has been an increase in website registrations that contain domains relating to the coronavirus, which indicates the prevalence of dishonest activity. In fact, according to Check Point cybersecurity firm, over 4,000 domains relating to coronavirus have been set up since January this year – 3% of these are said to be malicious and another 5% are suspicious.
Examples of Coronavirus-related cyber crime
The types of attacks that have been seen so far have had a number of different goals and outcomes:
- A link which, when clicked, leads to a ransomware infection. The aim of this kind of attack is for the victim to pay a ransom fee to regain control of their computer and have their data returned to them
- Phishing attacks which look like genuine emails and communications, asking for personal information which can then be used for fraudulent activity
- The sale of false products, such as equipment that is supposedly designed to protect a user from COVID-19
Some real life examples of recent scams include:
- Cyber criminals impersonated members of the World Health Organisation (WHO) sent out fraudulent phishing emails
- Cyber criminals posed as the US Center for Disease Control (CDC) and set up websites asking for bitcoin donations to fund an anti-COVID-19 vaccination
- In the UK, cyber criminals have sent out phishing emails containing (infected) attachments which contained false safety measures to carry out to tackle coronavirus
As with any event that can be capitalised on by cyber criminals, it’s said that those carrying out attacks are becoming increasingly sophisticated, and are now targeting specific sectors. So far, there have been directed attacks on the shipping, transport, and retail sectors.
Coronavirus Cyber Crime in the Retail Sector
The most valuable way to protect a business in the retail sector from such cybercrime, is to ensure that anyone who uses a computer or device is well-informed of the dangers. A company’s human firewall is vital in tackling cybercrime, because a huge proportion of attacks happen as a result of human error.
In the case of cyber criminals exploiting fear during the coronavirus outbreak, such opportunities are presented simply because the criminals know that people will click on the link, or believe what they read. This can be avoided simply by educating staff about the presence of such activity. Encourage employees to question emails, and raise issues if there are uncertainties. If in doubt, assume that a link or website is malicious and seek information from a reputable source instead.
As society changes with the introduction of social distancing and isolation policies, more staff are working from home. Those in the retail sector who might be running online shops need to be aware of the safety of their connection while remote working, in order to limit the possibilities of cybercrime. If your employees will be connected to your server, and will therefore have access to the company’s data, make sure their devices are properly protected with quality anti-virus security software.
The rapid spread of COVID-19 has led to an unprecedented time of uncertainty which will likely impact every business in some way. While tackling the day to day problems of running a company in such trying times, attention is more likely to be demanded in other areas, rather than cybersecurity. It’s imperative that consideration is given to this area, however, so that your business remains protected and can bounce back as strong as ever once the outbreak has passed.
Credit: Dan May, commercial Director at ramsac.