Cyber Crime and COVID-19
We’re all familiar with cyber crime and opportunist criminal activity. Malicious individuals and groups have always used well known marketing strategies to target their attacks. In these uncertain times though we’re seeing a huge increase in COVID-19 themed attacks preying on the fears of businesses and individuals.
In this blog post, we hope to highlight some of the techniques used in Phishing and other online attacks and how to be on your guard:
1 – Be wary of your search results
Some malicious website are ranking highly in Google at the moment. If you’re looking for accurate information, try to only go to trusted and mainstream news sources.
As Brian Krebs wrote in his recent blog, some cybercriminals are commercially selling an infection kit allowing them to distribute malware via an online infection map. There are many other examples of malicious websites popping up.
Always check the URL before opening a link and make sure it’s from a news source that you trust.
Be particularly wary of domain names that are Coronavirus-themed. There has been a spike in registrations for these domain names, which are 50% more likely to be malicious than other domains – take a look at this Checkpoint Security blog for more information.
2 – Be aware that spam emails are not the only way scammers can contact you…
The government sent a text message out to all UK registered mobiles on the 24th March that looks like this:
It was quickly pointed out by various security researchers online that this was an ill-thought out method of communicating. SMS is not a secure method of communication and anyone could potentially send an SMS with the name “UK_Gov” following this message and it would appear as though it is from the same source, as evidenced by security researcher Jake Davis:
3 – Be extra vigilant about Phishing emails
You, like us, have probably received an influx of emails from companies that you may have forgotten ever dealing with, regarding their business closures or changes to operating procedures. If the email is from a sender you don’t recognise, simply delete the email.
Scammers are trying to exploit people’s fears regarding COVID-19, so also be wary of emails claiming to be from known sources (such as supermarkets or online retailers). Pay very careful attention to links being sent to you, and look for character substitution and how the domain name appears in both the sender’s address and the link you have been sent.
If in doubt, and you know the sender, give them a call to check that the email is legitimate, or contact our team to check the email out.
The Electronic Frontier Foundation have written a great article on this here.
4 – Ensure the same level of security exists for your home users as it does in the office
With more of us being forced to work from home (including many who have never done this before), and with pressure to ensure business continuity within tight timeframes, many people are resorting to using their family PC’s for work.
The temptation is to just “get things working”, without thinking about the security of these devices, which may not be to the same standard as devices issued by your business.
Business owners should be ensuring that devices belonging to the team in their homeworking environment have the same level of protection and control as they do in the office, if not greater. Where possible, businesses should be issuing dedicated devices to their team members that have the same corporate controls, antivirus and logging as they do in the office.
Security controls certainly shouldn’t be relaxed in this challenging time.
We hope you find this useful. Stay safe folks – both online and offline.