How to stay protected against COVID-19 scams

ramsac cybercovid 1 e1585644078953

Posted on April 2, 2020 by Samantha Baidoo

Cybercriminals are unscrupulous people who will capitalise on anything to extort money from individuals and organisations. The current Covid-19 (coronavirus) pandemic is no exception. Since the early days of the virus, we’ve seen hackers exploiting people’s fears by sending phishing emails and messages related to the Coronavirus.  And at a time when many organisations have taken their eye off the importance of IT security to focus on their immediate response to the UK lock down, the impact of these attacks has been greater than ever. In this blog, we explore some of the latest coronavirus cybersecurity scams that are currently circulating. 

The WHO Scam

World Health Organization logo

Cybercriminals have started posing as the  World Health Organisation to steal money and information from the public. The attacks range from fake landing pages, downloads and malicious email attachments all relating to the coronavirus outbreak. 

In a recent press release, the WHO said: “If you are contacted by a person or an organisation that appears to be from WHO, verify their authenticity before responding”. 

HMRC text message

Tax refund message

Almost as soon as the Government had announced greater support from HMRC, we started to see text messages supposedly from HMRC, promising a goodwill tax refund if recipients just follow the link. 

 

On closer inspection, there are grammar mistakes in the text, and HMRC has confirmed that they would never text you a link for claiming a tax refund. If you look closely, you’ll see that the link does not look like a legitimate link to HMRC or gov.uk which is a classic sign that an offer is too good to be true.  If you are unsure about any text messages, you receive you should always call the company to call to verify the legitimacy of the message. 

City Council text message

Tax refund message

This example of smishing (a form of phishing where someone tries to trick you into giving them your private information via a text or SMS message), is this text supposedly from the ‘City Council’ again stating that they want to give you a tax refundNote that they have even managed to spell Covid-19 wrong! often poor grammar in the message is a clue – but these are desperate times and people have been falling for this message.  

UK GOV website

Tax refund website

 

The Gov.uk website has been realistically copied in order to lure people into sharing personal information, in this example, the website looks similar to the gov.uk site, however, the URL does not look legitimate. The poor spelling also pointto the fact that this is fraudulent website, note they have called it the COVID-19 Relieve scheme instead of COVID-19 Relief scheme. 

GOV UK Email

Tax refund email

And on a similar theme, we’ve also seen this email, claiming that the Government has taken action to provide people with a tax refund.  This imitated GOV UK with the email design and also had links for the recipients to click on to “Access their funds”. 

We’ve said it before – but this just isnt how the Government would proceed – they wouldn’t ever make it that simple! Remember, if it looks too good to be true – it probably is! 

Email screenshot

In the example above (source: Cofense) the email is directly impacting people’s fears by giving false information on the current pandemic by suggesting that the virus is airborne. This email has been created by using the legitimate Centres of Disease Control (CDC) emails but it has been sent using a spoofing tool. By sending an email of this kind during a period of such high stress and uncertainty, cybercriminals are capitalising on people’s fears to trick them into giving out their details.  

Microsoft Teams  

Recently there have been reports of phishing scams through Microsoft Teams. According to Tech radar, criminals are using fake Microsoft Teams alerts to try and gain Office 365 access to compromise peoples accounts. If the user clicks on the link via a fake Teams alert, it takes the user to an imposter landing page which will ask for personal details and can result in a data breach.  There has generally been an increase of hacks through video conferencing channels due to the rise of users during the coronavirus pandemic 

It is vital that people are taught how to spot the signs of a phishing text, email or website, to protect themselves and the organisation they work for. 

The UK government has recently been working with various social media firms to help to stop the spread of fake news and dangerous content, and they will shortly be re-launching their ‘Don’t feed the beast’ campaign to help the public think about the content that they are sharing on the internet. More information can be found here on the HM Government website. 

The key message here is to be extra vigilant when reading emails and text messages related to the Coronavirus. Many hackers are currently exploiting people’s nervousness through phishing attacks. Many employers have taken their eye off the ball when it comes to cybersecurity as they have taken a ‘do whatever it takes’ approach to getting their people set up to work from home. This is not the time to cut back on your security services, and indeed, perhaps this is the perfect time to get your staff to spend some extra time on cyber awareness training. Do get in touch if you want some ideas on how to best do this. 

Email screenshot

For more information on how to spot phishing messages take a look at our cyber chat video on phishing or our blog on phishing emails.

Related Posts

  • How to set up a secure password policy in Microsoft 365
    March 6th, 2024

    How to set up a secure password policy in Microsoft 365

    Cybersecurity

    Discover the essentials of a robust password policy for cybersecurity in Microsoft 365. Learn what to include and what to avoid. Read the blog today. [...]

    Read article

  • A guide to sensitivity labels and how to apply them
    March 4th, 2024

    A guide to sensitivity labels and how to apply them

    Cybersecurity

    Sensitivity labels allow you to manage, organise, and protect sensitive emails, files, and documents as part of the Microsoft 365 suite. Read on. [...]

    Read article

  • MFA vs 2FA: What’s the Difference?
    March 1st, 2024

    MFA vs 2FA: What’s the Difference?

    Cybersecurity

    Features like user facial recognition that are difficult to replicate means multi-factor authentication offers more cybersecurity layers than two-factor authentication. Find out more. [...]

    Read article

  • Happy Birthday secure+: How our cybersecurity solution has detected over 8000 cybersecurity alerts in one year
    February 23rd, 2024

    Happy Birthday secure+: How our cybersecurity solution has detected over 8000 cybersecurity alerts in one year

    Cybersecurity

    secure+ has detected and responded to over 8000 security alerts in its first year [...]

    Read article

  • MFA Fatigue: Multi-Factor Authentication (MFA) is best practice, but it’s not risk free.
    February 6th, 2024

    MFA Fatigue: Multi-Factor Authentication (MFA) is best practice, but it’s not risk free.

    Cybersecurity

    MFA Fatigue is a problem organisations need to be aware of, in this blog we break down why and what organisations can do to combat it. [...]

    Read article

  • Data Protection Day – Protecting your information on social media.
    January 28th, 2024

    Data Protection Day – Protecting your information on social media.

    Cybersecurity

    The 28th of January is Data Protection day, to mark this day we have created a blog with tips on how people can keep their personal data safe on [...]

    Read article