Coronavirus and cyber security
May 7, 2020
We’re all doing the best we can to look after ourselves, our families and our businesses during the coronavirus pandemic and the social distancing rules put in place to stop the spread of the virus and keep us all safe.
The daily Government briefings are telling us that plans are being made to ease the lockdown and a slow, measured return to a new “normal” is on the horizon.
However, it’s not just the Covid-19 virus that is a threat to us all right now.
As Foreign Secretary, Domnic Raab talked about during Tuesday’s update, Cyber criminals are using this situation to launch attacks by deploying COVID-19 and Coronavirus related scams and phishing emails.
Action Fraud reported that as at Friday 24 April, 1072 victims have lost a combed total of £2,360,727 to coronavirus-related scams.
The majority of the scams arise from Phishing emails, where emails are sent with an attempt to get a person to provide personal and/or sensitive information. Spear-phishing is a targeted form of phishing where the email looks to have come from someone the recipient knows or trusts.
Cyber criminals are using the coronavirus and sending phishing emails that are purported to be sent from HMRC, GOV.UK, Tesco, the NHS and World Health Organization (WHO). These look similar to the branding and email addresses used by the organisations but ask for personal information that would never be requested by email.
For example, the HMRC emails stated that the recipient was eligible to receive a tax refund of up to £775.80. In order to complete the refund process, recipients were asked to send proof of identity and address. Documents that were suggested included passports and utility bills.
With so many of us working from home at the present time, the cyber security threat is ever present and an attack can now infiltrate your home network as well as your company system.
What can you do to say safe?
- Look at the email address it has come from. For example, if it is supposed to be from Amazon, does the email address look correct?
- Check the grammar and spelling. It should be mistake free. A lot of phishing attempts originate outside of the UK and the grammar, spelling and words/language used can be a giveaway.
- Is it addressed to you personally – with your name spelt correctly? If it’s a Dear Customer email, that’s a sign that the sender doesn’t know you or has dealt with you in the past.
- Payment requests – particularly with a threat or time limit is not a usual business practice.
- Too good to be true? A phishing attempt offering a tax refund or telling you you’ve won a competition need checking. Did you even enter the competition and if you have, do the details and closing date match up? Check the sender email address or Google the details.
For more information on how to spot scam emails – and what to do if you’ve already clicked, take a look at this phishing attack guide from the National Cyber Security Centre.
You’ve probably heard this time and again, but having a strong password is the first step to keeping your data, personal information, photos - and reputation secure.
We all do it – make up passwords we can remember easily, often including family or pet’s names, dates of birth or favourite football teams. This information is easily guessed and readily accessible to criminals via social media accounts and posts.
The National Cyber Security Centre recommends using three random words and joining them together with numbers or special characters and including capital letters. For example, bluemonkeyflag could be made even more complex and secure as 27blueMonkeyflaG&.
Working from home
The current change in working practices for many businesses may well continue for some time and it seems likely that the coronavirus pandemic changes the way we work forever.
Aviva have produced a Loss Prevention Standards guide to Cyber Security, Homeworking and Coronavirus which provides further information for both business owners and employees alike.
Most insurance providers have updated their home insurance policy conditions to provide cover for those of us working from home (in accordance with the FCA expectations and guidelines) during the pandemic.
Business insurance arrangements are also likely to provide cover in this respect, but it would be wise to check the cyber insurance element and make sure the cover you have suits your needs.
If you have any questions or concerns regarding your insurance cover and working from home, do not hesitate to contact us.
The National Cyber Security Centre has help and advice for everyone and specific information relating to Coronavirus and COVID-19 cyber threats.
Action Fraud has up to date information on scams and guides you through the reporting process if you receive a suspicious email or telephone call.
Aviva have put together an array of useful information that can help you protect yourself from fraud which can be found here.