Whilst the majority of us maintain the social distancing measures put into place by the government, there are scammers around the world who are using the time to go phishing. Scammers are using the fear, the confusion and the cover of the general noise created by the coronavirus pandemic.
Their aim is to trick you into:
Providing personal details, like, Credit card details, Name, address, DoB, Login details (particularly Office 365) or Opening a malicious file attached to the email that will install malicious software for spying, stealing details or delivering a virus/ ransomware to be able to take over your system, and hoax you into opening a link to a malicious website, installing malicious software for spying, stealing details or delivering a virus/ ransomware on to your system.
The more sophisticated spear phishing attacks will most likely also be increasing. Sophisticated scammers have a good understanding of the current zeitgeist, the business landscape and human psychology.
They know we are dealing with unprecedented events and change in both business and our personal lives.
Business leaders have had to rip up pre-pandemic business plans and been forced into (at least initially) survival mode to make sure the business sees out the initial blizzard before the long path back to sunnier times.
There are huge amounts of changes going on. Staff changes, changes to how we pay our staff, re-negotiating of contracts, payment deferrals, payment reductions.
The impact is that we are taking complex decisions quickly in a time when we are already busy and under significant external stresses… this is bonanza time for scammers.
The scammers will know that finance directors and departments are very busy juggling and managing cash flow. Mistakes are more likely to be made.
We must remain vigilant and be aware that we are all targets. All of your team members are a target.
Decision makers, the finance department and generally team members with control of budget and spending are the biggest targets in a business.
What can we do?
- Be vigilant – Look for the tell-tale signs of being phished
- Stop and think
- Use a service like Support Tree’s online cyber security training and on-going phishing and reporting
- Use an advanced email security service like Mimecast
The fight back
Until recently the only thing we could do with phishing cybercrime was to use email security services to try and stop the majority being delivered and use a security training service and on-going staff phishing testing and reporting to identify weak links in our organisations. There was nowhere official to report these emails to, however that has all changed.
The National Cyber Security Centre have created an easily remembered mailbox [email protected] where you can forward all phishing email.
Do not expect a reply but we can expect the NCSC to work to shut down the more common scams, bring down websites, block emails and at times even catch the perpetrators.
The NCSC will also use the information gathered to raise awareness of the most common threats.
It’s a step forward in the fight back against the scammers.