Scammers Using Coronavirus To Steal From Businesses

Scammers Using Coronavirus To Steal From Businesses

With the nation working at home, there has never been more of a need for robust cybersecurity.

It is unfortunate that, amongst all the chaos, the current financial climate is the perfect opportunity for scammers to strike your business.

You may have already noticed fake emails from trusted organisations such as HMRC, PayPal, Apple and Amazon; all informing you of your entitlement to a tax rebate, or to notify you of large unauthorised payments or orders made on your account.

All of which is, most likely, from a scammer targeting you through one of the most common types of scams: Phishing.

Phishing is a common scamming method that tricks users into supplying sensitive information that hackers can use to access important accounts or compromise data.

Recent research revealed that 45% of UK organisations had experienced a phishing attack in the past two years.


What types of phishing scams should I keep watch for?

Although most phishing attacks utilise the same general framework, here are some of the most common formats:

Invoice scam – this scamming method involves the attacker impersonating a supplier, partner company or bank provider and sending an email that claims your organisation has an outstanding invoice. The email will request that you click a link or enter payment credentials.

Payment and delivery scam – This form of phishing occurs when the hacker impersonates a legitimate supplier or vendor that your organisation recently placed an order with and sends an email claiming that you need to update your payment information before your order can be delivered.

Download Scam – This phishing format requires the hacker to impersonate a trusted sender and request the recipient click on an attached link to be redirected to a website or download an attachment. However, doing so results in the hacker being able to install malicious software onto the recipient's device and gain access to sensitive data.

Compromised account scam – in this method, the cyber-criminal impersonates a third-party company and sends an email claiming that your account with the company has been compromised. The email requires the recipient to log in and reset the password to their account, which then provides the cyber-criminal with access to your sensitive account information.

However, phishing emails are not just coming in the form of receipts and fake order confirmations. The National Cyber Security Centre have reported an increase of phishing attacks directly exploiting worries over COVID-19.

Techniques include fake emails, for example, claiming to be from the government or the WHO, with links pretending to contain important updates on the outbreak, which once clicked lead to devices being infected.


Paul Chichester, Director of Operations at the NCSC, said:

"We know that cybercriminals are opportunistic and will look to exploit people's fears, and this has undoubtedly been the case with the Coronavirus outbreak.

"Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails.

"In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible."

Remember to stay vigilant when opening emails and make sure your employees are aware of the risk.

According to the NCSC website:

"Individuals in the UK have also been targeted by Coronavirus-themed phishing emails with infected attachments containing fictitious 'safety measures.' According to Proofpoint researchers, such attacks have recently become more targeted, with greater numbers focusing on specific sectors like shipping, transport or retail to increase the likelihood of success."

Similar incidents have happened across the world.

Keep aware and stay vigilant when opening your emails!