How to prepare for the increased risk of cyber crime during the COVID-19 pandemic.
Cyber criminals will be using COVID-19 to increase their activities to attack organisations and private individuals. The National Cyber Security Centre has reported increased criminal activity aiming to obtain money from victims using fear of COVID-19 as a tactic.
Extra awareness is needed to defeat these attacks. We must not become complacent in these unprecedented and challenging times when perhaps our focus is elsewhere.
In January a number of spam or phishing emails emerged that referenced COVID-19 but by early March they represented a significant percentage of all malicious traffic. In addition, an increasing number of malicious websites are being created using the coronavirus, or related terms with over 42,000 sites being registered since early February.
Many individuals are now working from home for the first time in their working career, another step that poses possible further risks.
1. Phishing emails
- Emails that appear genuine are sent asking to install software onto a device.
- Special offers from commercial organisations offering free medical products or trials.
- A coronavirus cure.
- Tax refund support or the offer of financial aid from the UK Government.
- Safety advice from the World Health Organisation.
- Home working and contacts from bogus HR Departments.
- Extortion requests demanding payment or confidential information will be released.
2. Malicious websites
- Creation of malicious websites e.g. a bogus John Hopkins University website map that provides COVID-19 updates.
- COVID-19 tracker applications (downloaded from third-party Android app stores).
Accessing these websites or downloading the software to your computer, smartphone or tablet is very dangerous. There’s a very strong chance that you are downloading malware (malicious software) that could lock you out of your device or lock all of your files. There will then be a demand for money within a set time or all information on the device will be deleted. Other types of malware can monitor your activity without your knowledge or take control of your device and use it to attack others.
Some phishing emails also request financial details which can result in money being taken from your bank account.
Many cyber attacks can be defeated by following good practice and implementing basic security controls. These include the following:
- Continually raise awareness and remind individuals of the importance of computer security.
- Encourage and support individuals with training so they can identify threats and how to respond.
- Back up your data regularly and in more than one place, if you are using an external hard drive - do not leave your backup connected to your device when not in use.
- Keep portable devices safe e.g. use PIN/Password protection/fingerprint/face recognition, keep device software updated, do not connect to public spot hots use 3G/4G or VPNs, replace any devices no longer supported by manufacturers.
- Prevent malware damage e.g. regularly update anti-virus software and update your devices with the latest software patches. Only use approved software, control access to removable media i.e. memory sticks, ensure your firewall is always enabled.
- Avoid phishing attacks e.g. scan for malware, change passwords if a successful attack is detected, look out for poor spelling, grammar or images that may be indicative of a rogue email.
- Protect data using strong passwords and encryption. Avoid using predictable passwords, provide secure storage for passwords.
- Have a tried and tested response plan in the event you do fall victim to an attack.
- Continually assess and test the robustness of your cyber defences.
- Learn from any incidents and update your defences.
For more information on cyber threats and some of the measures you can take to reduce the risk, please see our full cyber security guidance