Covid19 prompts cyber security warning
Staying vigilant during the current pandemic doesn’t stop at washing your hands. Criminals are using Covid19 as a way to disguise their attempts to steal data and money, stealing £1.6m so far according to the National Fraud Intelligence Bureau, so staying vigilant needs to extend to the way you look after yourself and your information online too.
The National Cyber Security Centre says that it has detected more UK government-branded scams relating to COVID-19 than any other subject. Levels of cyber crime haven’t necessarily increased, but it looks like the would-be criminals are using government and HMRC branding as a new route to try to obtain information.
What types of attacks are being attempted?
The types of attacks you could be vulnerable to include both phishing scams – where you receive an email purporting to be from an official body – and text messages (also referred to as smishing) made to look like they are from government, or particularly HMRC.
Emails can contain links which, if clicked, can download malicious software to your computer. This could leave you open to future ransom demands or could be recording the passwords you use to log in to services such as online banking.
Another option is the link might direct you to a website which looks like it’s official and ask you to enter details such as bank account information and/or personal data such as your name, address, date of birth and National Insurance Number.
Text messages can contain links to similar websites, or could encourage someone to call a phone number with astronomical charges.
Why attempt cyber crime now?
There’s a double-whammy at the moment which gives the fraudsters even more opportunities to pose as official bodies – the government support for business during the pandemic has led a lot of people to apply for various schemes online, so contact looking like it is from government or HMRC are more likely to be actioned. It’s also the time of year that people start to submit self-assessment tax returns, with reminders landing on doormats all over the UK. This gives another potentially legitimate cover for attempted cyber attacks.
What can you do to protect yourself?
Having appropriate cyber security in place is a good start, but the biggest risk in cyber crime is the actions of people. Some simple training can help you and your team to spot the risks and take steps to secure your business and systems from cyber attacks.
Take 5 is a campaign to raise awareness of the need to think before acting in order to stop online fraud. Their website contains lots of resources you can use in your company to raise awareness about the impact of personal actions on whether or not fraudsters are successful.
For a more comprehensive training package, CybSafe is the GCHQ-accredited online training package which takes your team through a series of modules and tests their knowledge, giving you a dashboard with insight about how they perform. It will even send fake phishing emails and report on who falls for them.
Cyber Essentials is a package of technical support and training which gives you a certification (needed for some tenders and contracts). It will give you insight into your cyber security risks and runs scans and vulnerability checks to catch weaknesses in your website before criminals do.
What can you do if you’re a victim of cyber crime?
You are likely to need the support of a cyber security expert to help recover what you can and protect against a similar attack in the future. Chat to us about how we can support you with this.
If you need a crime number, perhaps for insurance purposes if you’re insured against cyber crime, you’ll need to report the incident to Action Fraud, the UK’s National Fraud and Cyber Crime Reporting Centre.
If you need support to defend against Covid19-related or any other type of cyber attacks, get in touch to find out how we can support you and your business.