Skip to main content

What is Phishing?

Phishing is a disguised email, that aims to hook the recipient into clicking a link or attachment that enables a cyber-attack to take place.

Why have Phishing attacks increased since Covid-19?

In late March 2020, the Telegraph reported that phishing ‘attacks have increased 667pc since the end of February’.

There are two main reasons for this increase:

  1. Attackers like to masquerade as a trusted entity and a pandemic provides the perfect opportunity for impersonation.
  2. The move to remote working makes employees more vulnerable to cyber attack, from both a technical and behavioural perspective.

What are the known Covid-19 phishing scams?

On the 4 April 2020, The Guardian reported that ‘the number of coronavirus-themed phishing attempts stands at 2,192’, and although it would be impossible to cover even a proportion of these, it is worth highlighting some of the more ‘convincing’ phishing scams.

  • HMRC

Cyber criminals are masquerading as HMRC via email and SMS. For further information, visit the dedicated HMRC page.

  • World Health Organisation (WHO)

WHO, the primary provider of Covid-19 information, has issued a stark warning: ‘beware of criminals pretending to be WHO’.  An example phishing email is detailed below, with detailed advice and guidance from WHO on its dedicated page.

  • Health advice

Emails purportedly from medical experts in China, claiming to help protect against Covid-19 have also been circulating.

  • Workplace policy

Cyber criminals are known to have been impersonating HR and IT departments.

How can I protect myself and my organisation from phishing attacks?

Here are six checks to make to help avoid a Phishing attack.

With a 667% increase in phishing emails reported between February and March, we all need to be extra vigilant.

  1. Don’t click on links in emails from people that you don’t know.
  2. Avoid emails that insist that you ‘act now’.
  3. Watch for emails that include generic greetings.
  4. Don’t open emails purporting to contain important updates from your organisation, especially those that ask you to validate your credentials or install additional software to permit remote connectivity.
  5. Check the grammar, punctuation and spelling of the email – in many cases, these are clear signs of a phishing email.
  6. If you are at all in doubt, then the advice is to call the sender to verify the details.
Al Sweet

Al Sweet

COO, Warner McCall Resilience

Al is the Chief Operating Officer at Bristol-based cyber security and resilience consultancy, Warner McCall Resilience. Al worked for the British Army for 23 years and played a critical role in developing cutting-edge operational capabilities to defend against a range of threats to national security with teams at MoD DE&S, UK Special Forces and GCHQ.  At WMR he utilises his experience to help organisations across a range of commercial and government sectors, to build resilience to cyber threats.