General News

Criminals seek to exploit Coronavirus fears

Experts at the National Cyber Security Centre have revealed criminal phishing attacks are exploiting worries over COVID-19

The National Cyber Security Centre which operates as part of GCHQ and created to keep the UK safe only has revealed that a range of ‘phishing’ attempts have been seen in several countries

by criminals exploiting COVID19. Such attacks have been seen since the start of the year and are being used by criminals to obtain money and sensitive data resulting in serious data loss and data breaches. One of the techniques used is bogus emails with links claiming to have important information updates.  Once the links are clicked devices are infected and data is lost.

The public and businesses are therefore being urged to follow online safety advice online guidance, including how to spot and deal with suspicious emails as well as mitigate and defend against malware and ransomware In addition, the National Cyber Security Centre has taken measures to automatically discover and remove malicious sites which serve phishing and malware. These sites use COVID-19 and Coronavirus as a lure to make victims ‘click the link’.

Paul Chichester, Director of Operations at the National Cyber Security Centre stated “We know that cybercriminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the Coronavirus outbreak. Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails. In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”

The National Cyber Security Centre has seen an increase in the registration of webpages relating to the Coronavirus suggesting that cybercriminals are likely to be taking advantage of the outbreak. Reporting on their website that

“These attacks are versatile and can be conducted through various media, adapted to different sectors and monetised via multiple means, including ransomware, credential theft, bitcoin or fraud. Continued global susceptibility to phishing will probably make this approach a persistent and attractive technique for cybercriminals. Moreover, if the outbreak intensifies, it is highly likely that the volume of such attacks will rise.”

On 16 February 2020, the World Health Organisation (WHO) warned of emails being sent impersonating them and issued a warning and guidance Cybercriminals have also impersonated the US Centre for Disease Control (CDC), creating domain names similar to the CDC’s web address to request passwords and even bitcoin donations to fund a fake vaccine. Previously in January 2020, attackers spread the Emotet banking trojan in Japan by posing as a state welfare provider to distribute infected Word documents. Similar operations have been observed in Indonesia, the US and Italy, with attackers attempting to spread the Lokibot info stealer, Remcos RAT and other malware.

The National Cyber Security Centre has reported that Individuals in the UK have also been targeted by Coronavirus-themed phishing emails with infected attachments containing fictitious ‘safety. While the identified specific Coronavirus-themed email campaign has been narrow in its focus, it features malicious Microsoft Word documents, exploits a two-and-a-half-year-old vulnerability, and installs AZORult, an information-stealing malware. 

All emails with Coronavirus-themes and attachments should be treated with caution, even if they don’t appear to be directly health-related. Whist attacks seem to presently be focused in more commercial areas of the public and private sectors it is not beyond the realm of possibility that schools could be targeted.  

Ensure that your systems for dealing with malware are robust and up to date and that you use trusted Government websites to obtain up to date information concerning COVID19.

Advice from the National Cyber Security Centre includes tips on spotting phishing emails

  • Many phishing emails have poor grammar, punctuation and spelling.
  • Is the design and overall quality what would you'd expect from the organisation the email is supposed to come from?
  • Is it addressed to you by name, or does it refer to 'valued customer', or 'friend' or 'colleague'? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
  • Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately'.
  • Look at the sender's name. Does it sound legitimate, or is it trying to mimic someone you know?
  • If it sounds too good to be true, it probably is. It's most unlikely that someone will want to give you money or give you access to a secret part of the Internet.
  • Your bank, or any other official source, should never ask you to supply personal information from an email. 
  • Try to check any claims made in the email through some other channel. For example, by calling your bank to see if they actually sent you an email or doing a quick Google search on some of the wording used in the email.
  • If you do spot a suspicious email, flag it as Spam/Junk or Suspicious in your email inbox. This will take it out of your inbox, and also tell your email provider you've identified it as potentially unsafe.