Scams to watch out for:
Staying Safe Online
Covid-19 could be the biggest phishing topic ever, with scammets sending 18 million hoax emails to Gmail users every day.
According to a BBC report, Google is blocking more than 100 million phishing emails a day, a fifth of which are related to coronavirus. During this time of uncertainty, with millions of us now working from home, cyber criminals are preying on all our fears about the virus by inundating us with false information and scams.
Fake emails and texts have ranged from messages about how to order yourself supplies of PPE and hand sanitiser, to how to claim for compensation from the UK Government, fines about breaking social distancing measures, and the latest health advice issued by the World Health Organisation (WHO).
Verifying sources and only using official updates is essential in helping ourselves and our businesses to stay safe. Organisations face considerable financial costs from breaches, not only in terms of recovery or repair costs, but also in the long-term damage to their reputation.
Some of the Covid-19 scams out there now
The number of reported phishing attacks has risen by more than 600% since February. Phishing attacks can come in many forms, but they all have the same purpose: to trick the recipient into handing over their personal details or to infect their systems with malware.
Phishing attacks are usually delivered by email, but they also occur on instant messaging platforms and by text, (referred to as smishing) or over the phone (vishing). Fraudsters ‘fish’ for potential victims with urgent messages, in the hope of persuading someone to visit a bogus website or call a fake helpline.
Some of the Covid-19 scams to watch out for include British Telecomm (BT) ‘cold calls’ in which a fake representative from BT telephones you and offers enhanced security, for which there is normally a change, for free. If you agree, you are passed on to a 'technician' who asks you to install a programme onto your laptop which allows the criminal to take control of your computer and the information on it.
The Covid-19 SMS scam is a text message which claims that the UK government is paying all residents £258 to help them during the disruption caused by COVID-19. This is written in a similar format to the nationwide text sent by the UK Government when the country went into lockdown. If you click on the link to apply, you are directed to a fake government website which asks you to supply your name, address, and bank account details.
Fraudsters are also playing on our fears about social distancing by issuing fake GOV.UK fines, which claim, by text message, that the recipient has seen been out of the house more than once and has received an automatic fine. The text comes with an enquiries and appeals number which when called, puts them straight through to the scammers.
Many scams might seem obvious - but when you are under pressure or anxious, it can be easy to fall for them. If you think you’ve already clicked on a suspicious link, or entered your details into a bogus website, you need to act as quickly as possible.
If you think your account has been hacked (you may have received messages sent from your account that you don't recognise, or you may have been locked out of your account) follow the NCSC guidance: https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account.
Open your antivirus (AV) software if you have it and run a full scan. Allow your antivirus software to clean up any problems it finds. If you have provided your password, change the passwords on all your accounts that use the same one.
If you're using a work laptop or phone, contact your IT department and let them know, or contact your bank if you’ve provided your banking details. If you've lost money, tell your bank and then report it as a crime to Action Fraud - https://www.actionfraud.police.uk/ - the UK's reporting centre for cyber-crime. By doing this, you'll be helping the NCSC to reduce criminal activity, and in the process prevent others from becoming victims.
How Amethyst Can Help
We can help your company on a one-to-one basis, with for example, training, security management standards and cyber security policies and procedures.
Amethyst Risk Management is an established cyber security training provider - offering specialist courses on technical risk assessment as well as more basic introductory level courses. All training is provided by our highly experienced team, many of whom are CISSP certified and or NCSC Cyber Certified Professionals.
Amethyst can help to develop tailored cyber security policies, processes and procedures, including but not limited to remote and home, access control, incident management, business continuity and protective monitoring. Our team of subject matter experts can analyse your business information security management system against industry standards such as ISO/IEC 27001, Cyber Essentials, SANS Top 20, 10 Steps to Cyber Security and COBIT.
Amethyst is certified to ISO 9001 and ISO/IEC 27001 (the International Standards for Quality and Information Security Management respectively). Our customers include public and private sector organisations. We have worked for central Government, the wider public sector, utility, logistics, data centre, engineering, telecomm companies and legal firms.
Our expertise and comprehensive range of cyber security and risk management services will help you identify and understand risk, manage it cost effectively, ensure compliance with legal and regulatory requirements, and most importantly protect your business.
Contact Amethyst today: firstname.lastname@example.org