What is Phishing?
Phishing is a disguised email, that aims to hook the recipient into clicking a link or attachment that enables a cyber-attack to take place.
Why have Phishing attacks increased since Covid-19?
In late March 2020, the Telegraph reported that phishing ‘attacks have increased 667pc since the end of February’.
There are two main reasons for this increase:
- Attackers like to masquerade as a trusted entity and a pandemic provides the perfect opportunity for impersonation.
- The move to remote working makes employees more vulnerable to cyber attack, from both a technical and behavioural perspective.
What are the known Covid-19 phishing scams?
On the 4 April 2020, The Guardian reported that ‘the number of coronavirus-themed phishing attempts stands at 2,192’, and although it would be impossible to cover even a proportion of these, it is worth highlighting some of the more ‘convincing’ phishing scams.
- HMRC
Cyber criminals are masquerading as HMRC via email and SMS. For further information, visit the dedicated HMRC page.
- World Health Organisation (WHO)
WHO, the primary provider of Covid-19 information, has issued a stark warning: ‘beware of criminals pretending to be WHO’. An example phishing email is detailed below, with detailed advice and guidance from WHO on its dedicated page.
- Health advice
Emails purportedly from medical experts in China, claiming to help protect against Covid-19 have also been circulating.
- Workplace policy
Cyber criminals are known to have been impersonating HR and IT departments.
How can I protect myself and my organisation from phishing attacks?
Here are six checks to make to help avoid a Phishing attack.
With a 667% increase in phishing emails reported between February and March, we all need to be extra vigilant.
- Don’t click on links in emails from people that you don’t know.
- Avoid emails that insist that you ‘act now’.
- Watch for emails that include generic greetings.
- Don’t open emails purporting to contain important updates from your organisation, especially those that ask you to validate your credentials or install additional software to permit remote connectivity.
- Check the grammar, punctuation and spelling of the email – in many cases, these are clear signs of a phishing email.
- If you are at all in doubt, then the advice is to call the sender to verify the details.