As most businesses continue to be locked in the grip of the COVID-19 emergency, efficient business security is crucial to protect premises, people and assets. We have seen a significant increase in incidents, alarms and requests to protect unmanned premises 24/7 from ‘physical threats to business security. Physical security threats are one thing, but many businesses and their staff are being blind-sided by online cyber attacks during the lockdown too.
During the COVID-19 emergency there has been a surge in cyber attacks on businesses, remote workers and individuals. A recent report by the BBC, entitled ‘Coronavirus: How hackers are preying on fears of Covid-19’ states that security experts say the spike in email scams linked to coronavirus is the worst they have seen in years.
Hackers are jumping at the chance to take advantage of the current situation and are launching attacks against unsuspecting victims. Since January, more than 4,000 coronavirus-themed web domains have popped up. It’s suggested that around 5 per cent of these are suspicious and 3 per cent malicious.
The websites would likely be used as part of email campaigns to lure victims to click on dangerous links. Cybersecurity firms are reporting a notable increase in attacks against a range of targets, all using the ongoing COVID-19 pandemic as a hook to trick their victims into running malware or harvesting personal details.
The above email from HMRC GOV.UK looks real at first glance doesn’t it? It’s not though, this is just one in the stream of over 200 COVID-19 related phishing emails and scams that have been reported by Action Fraud (National Fraud & Cyber Crime Reporting Centre) costing £970k in losses.
The National Cyber Security Centre (NCSC) gives this explanation: “Phishing is when criminals try to convince you to click on links within a scam email or text message, or to give sensitive information away (such as bank details). Once clicked, you may be sent to a dodgy website which could download viruses onto your computer or steal your passwords.
Given the current coronavirus (COVID-19) situation, cyber criminals are sending emails that claim to have a ‘cure’ for the virus, offer a financial reward, or encourage you to donate. Like many phishing scams, these emails are preying on real-world concerns to try and trick you into clicking.
These scam messages (or ‘phishes’) can be very hard to spot and are designed to get you to react without thinking.
How to spot fake emails
Action Fraud, the National Fraud & Cyber Crime Reporting Centre suggest that fake emails often (but not always) display some of the following characteristics:
• The sender’s email address doesn’t tally with the trusted organisation’s website address.
• The email is sent from a completely different address or a free web mail address.
• The email does not use your proper name but uses a non-specific greeting like “dear customer”.
• A sense of urgency; for example, the threat that unless you act immediately your account may be closed.
• A prominent website link – these can be forged or seem very similar to the proper address, but even a single character’s difference means a different website.
• A request for personal information such as user name, password or bank details.
• The email contains spelling and grammatical errors.
• You weren’t expecting to get an email from the company that appears to have sent it.
• The entire text of the email is contained within an image rather than the usual text format.
• The image contains an embedded hyperlink to a bogus site.
What to do if you’ve already clicked
If you’ve already clicked a link (or entered your details into a website), take the following steps:
• If you’re using a work laptop or phone, contact your IT department and let them know.
• If you’ve been tricked into providing your banking details, contact your bank and let them know.
• If you think your account has already been hacked (you may have received messages sent from your account that you don’t recognise, or you may have been locked out of your account), refer to NCSC’s guidance on recovering a hacked account.
• Open your antivirus (AV) software if you have it and run a full scan. Allow your antivirus software to clean up any problems it finds.
• If you’ve provided your password, change the passwords on all your accounts that use the same one.
• If you’ve lost money, tell your bank and report it as a crime to Action Fraud (details below) the UK’s reporting centre for cyber crime. By doing this, you’ll be helping the NCSC to reduce criminal activity, and in the process prevent others becoming victims of cyber crime.
Things you should do to help protect your business from hackers and cyber criminals
Farsight has collated some suggested resources to help you protect your business security against hackers and cyber criminals.
1. Report fraud and cyber crime to Action Fraud
We hope this article helps you to secure your business security from criminals. If you would like to speak to our remote monitoring security experts please drop us an email here: CONTACT US