Computer fraud specialists from the National Cyber Security Centre (NCSC), a part of GCHQ, have made a public announcement to warn about criminals using fears over the coronavirus pandemic as means to launch online attacks and scams, reports Sky News.
The NCSC says they have seen a rise in bogus emails and communications posing as health authorities, containing links claiming to provide important updates, but instead lead to devices being infected with malware.
The NCSC stated: “Individuals in the UK have been targeted by these coronavirus-themed phishing emails, with infected attachments containing fictitious ‘safety measures’.”
Outside of the UK, global organisations such as the World Health Organisation (WHO) and the US Centre for Disease Control (CDC) have been impersonated by cyber criminal gangs.
The criminals use fake domain names very similar to the legitimate organisations’ web and email addresses to fool email recipients into handing over passwords and even ‘bitcoin donations to fund a fake vaccine’.
There have been reports of shipping, transport, and retail sectors being targeted, with criminals stealing documents, and encrypting computers to hold their victims to ransom.
It’s also been noted that organised cyber criminal gangs have been using the outbreak to their advantage on dark web marketplaces, where offers for surgical face masks have joined the listings for drugs and hacking tools. Even away from the dark web, there have been hundreds of new websites set up in the past few weeks offering heavily discounted face masks.
Sky News was told by risk analysis firm Digital Shadows that there is a significant risk that these products are counterfeit if they exist at all. Once the criminals have your money, then they and their websites simply vanish.
The UK’s national fraud intelligence bureau say that Brits have been conned out of over £80,000 while trying to purchase face masks from fraudulent sellers.
Cyber criminal gangs are also targeting healthcare professionals with phishing emails about “coronavirus awareness” – part of a wave of scams capitalising on the pandemic. A copy of an email scam was seen by Sky News, that was sent to several healthcare organisations, appearing to originate from their own internal IT department.
The email – which has the subject ‘ALL STAFF: CORONA VIRUS AWARENESS’ – tells employees that “the institution is currently organising a seminar for all staff to talk about this deadly virus”, asking them to click on a link to register.
The link directs them to a website that appears to be an Outlook web app, and anyone who fills in the form will be giving their details to cyber criminals.
Paul Chichester, the NCSC’s director of operations, said: “We know that cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the coronavirus outbreak.
“Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails.
“In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”
The NCSC urges the public and businesses to be vigilant and to consult its online guidance, which includes how to identify suspicious emails, and how to remove and defend against malware and ransomware.
If you need more robust IT support and services, then get in touch with our team.