InfoSec / Cyber

Cybersecurity warning: Coronavirus fraud attacks

The National Fraud Intelligence Bureau has so far identified 21 reports of fraud where coronavirus was mentioned since February 2020 with victims' losses so far totalling more than £800,000 in a month.

This figure includes 10 criminal scams where victims tried to buy protective masks from fraudsters. Other reports involved coronavirus themed phishing emails designed to trick people into opening malicious attachments or revealing sensitive information. 

A common tactic used by scammers is to send messages purporting to be from research groups linked with the Centres for Disease Control and Prevention and the World Health Organisation. The scammers claim to be able to provide a list of people infected with COVID19 using a link which takes the victim to a malicious website which steals data or asks the victim to make a payment in Bitcoin.  The potential for data loss and data breaches is very real and steps need to be taken to guard against this by schools and other organisations that hold sensitive personal and financial data. Prevention is possible.

Ensure that all of your staff know about these scams and do not open emails if they are unsolicited. All emails from unsolicited senders can be sent to spam where it can be picked up by your service provider and dealt with if it is malicious.  

Urge staff to be data safety conscious and follow online safety advice online guidance, including how to spot and deal with suspicious emails as well as mitigate and defend against malware and ransomware https://www.ncsc. malware-and-ransomware-attacks

The City of London Police has advised: "Don't click on the links or attachments in suspicious emails and never respond to unsolicited messages and calls that ask for your personal or financial details."