Cyber Crime during COVID-19 Lockdown

Coronavirus-related fraud reports increased by 400% in March.

Cyber Security

  • Cyber criminals and hacking groups are having a field day with Coronavirus:

  • Impersonating the World Health Organisation and US Centers for Disease Control;

  • Advertising fake equipment;

  • Seeking bitcoin funding for fake vaccine research;

  • Registering thousands of web-pages which “relate” to the virus;

  • In many cases, the cyber criminals are preying on people’s fragile emotions;

  • Many large companies are buying large numbers of laptops to enable their employees to work from home.

  • Due to shortages of supply, many of these laptops are lesser-known brands (because they are all that is available), and the companies are not testing them as rigorously as normal, which opens up new attack vectors for cyber criminals.

What Scams are Being Attempted?

  1. Phishing

  • If you think that you may be eligible for any financial aid or refund, go to the official government website yourself

  • It is not advisable to click through links in an email that someone has sent to you, even if it looks official

  • They could be harvesting your data, trying to gain payments from you, or trying to initiate a ransomware/malware attack

  • The example shown here is phishing

Government Financial Aid.

Fake Testing Kits

Fake Products

2. Fake Equipment

  • Medical equipment is in critically short supply, and supplies are being prioritised to hospitals and for key workers. Therefore it is very unlikely that anyone would actually offer them to your business, and if they are genuine items, consider who are you denying who may be higher priority?

  • At the very least, a scam like this involves you paying money for items that do not arrive, or do not work, or in some cases are dangerous (fake hand sanitisers can contain banned substances)

Covid-19 False Information

3. Impersonating the World Health Organisation

  • The WHO is not currently sending individual emails to individual businesses

  • Do not download documents unless you are sure that you know and trust the sender

  • Do not “enable content” from Word, Powerpoint etc

  • These instructions to download or enable content can disguise a wide range of cyber scams

4. Fake Charities Soliciting Donations

Fake Charities

  • Be careful of people approaching you either on-line or in person.

  • It is advised to donate to charities that you already know and trust, through a tried and tested system.

Lockdown Fine

5. Text scams

  • Be aware there is a growing trend of texts threatening you with fines.

  • The UK government has only sent one text to everyone, has no plans to send more, and will inform the nation if they do intend to send another.

  • So the example shown on the left is completely fake.

  • The Government does not have your mobile number – they asked mobile providers to send the single text.

6. Getting to the top of the rankings

  • There are many fake apps going around now, usually offering some help with COVID-19.

  • The recommendation is to only use official app stores, rather than accessing the apps through emails which have been sent to you.

  • Facebook and Twitter are now working with the NHS to elevate official government sites to the top of search results relating to the virus.

Fake Apps to the top of the rankings


Keep Your Eyes Wide Open


binoculars.png

  • There is a higher likelihood of scammers targeting you or your organisation during lockdown, because there are more opportunities to do so.

  • If something appears suspicious or too good to be true, report it and treat it with appropriate caution.

  • Do not divulge information, and do not commit money until you are sure that the correspondent is trustworthy.

Here are some useful contacts in case you notice something suspicious:

  1. Police Scotland 2. National Cyber Security Centre


We hope you have a few more sips of coffee left to enjoy whilst we provide you with some valuable tips on arranging Zoom meetings and improving businesses’ Cyber Security in the second part of our Blog.

Conducting online meetings? 

Zoom is a great platform for online meetings and has become very popular in the last month; however:

Zoom Video Call

• There has been a big spike in domain name applications containing the word “Zoom” – this is scammers preparing their ground;

• Make sure you know the person sending you emails about Zoom or other platforms;

• Be very careful of any emails asking you to re-set your Zoom password, or any other password;

• Watch out for spelling errors; they can indicate ‘lookalike’ domains;

• Humans are often the weakest link in cyber-security so ensure your staff are informed and trained about the risks;

  • It’s not just Zoom though; new Phishing websites have been found for all the leading communication sites (incl MS Teams).

Your router could be the route to you being hacked

Router

  • Users often do not change the default password for routers.

  • Hackers can try common default passwords, and if they succeed, can control your router, and conduct a wide range of cyber attacks against you at home, and against your organisation.

  • When WFH, change the default password on your home router.

For all staff to be aware of

Fraud:

There is a lot of “Chief Executive Officer email” compromise fraud going on now, all to do with COVID-19, and often to do with emergency payments.

Therefore:

  • Use extra SMS checks;

  • Screen all emails;

  • Understand your service providers, so that you can spot a fraudulent email which purports to come from them;

Ransomware:

Seems like a distant memory, but this is a prime time for someone to try to ransom your data:

  • Basics are therefore incredibly important; back-ups, tests, secondary/encrypted/secured back-up of key-records

  • Be very clear about the priority areas of your business and give them all the IT protection that you can

Summary

Make it easy for your people to work safely and securely and ensure they are informed of the risks and the important part they play.


How can you improve your own Cyber Security during the Lockdown?

What can your IT Ops Team do/consider?


VPN connectivity

  • Fallback for VPN gateways.

    • The VPN gateway is the device that connects devices or networks together allowing the use of private data (such as company emails etc) across public networks.

      See diagram 1.

  • Make sure servers are still being security patched, and the patches are making it through to the end user.

  • Limit printing at home.

  • Disable USB ports on company laptops that are being used from home – they are a physical attack vector.

  • Increase monitoring and detection of suspicious behaviour.

  • IT staff should carry a company authorisation letter that they can show to the Police if they are stopped on the way to work – if they are fixing IT problems, they are critical to your business.

How to run a VTC safely and securely

zoom call

  • Only send invites directly to those you wish to send, not to a group address.

  • Ask participants to use their real names so that you know they are who they say they are.

  • Use a virtual waiting room so that you can check people’s identity before allowing access.

  • Participants should identify themselves, if necessary, showing their ID on screen.

  • Use a passphrase to protect your meeting – not guessable.  Make the passphrase unique to the meeting.

  • Zoom has a password facility.

  • Don’t make business calls in public, don’t be overheard and don’t be overlooked.

  • Shut your Alexa down during meetings and ensure that participants do the same.

  • Share minimum necessary information, as attendees may be recording.

  • Do not share personal or sensitive data through the meeting software.

  • Disable file transfer features.

  • Clean your desktop before sharing.

  • Do not allow any other attendee to control your computer – switch off this feature.

  • Only allow recording if you are happy with it.

  • Close down meeting and screen sharing completely at the end of the meeting.

  • Ensure that apps cannot access data other than the meeting.

LEARN HOW TO UNDERSTAND A URL – THEY ARE OFTEN THE INDICATOR OF A SCAM

This is John Podesta, whose gmail account was hacked during the US Presidential election campaign in 2016. Image source: Wikipedia

This is John Podesta, whose gmail account was hacked during the US Presidential election campaign in 2016. Image source: Wikipedia

  • The hacking of John Podesta’s gmail account led to the exposure of  thousands of his personal emails, some of which contained controversial material regarding Hilary Clinton’s positions or campaign strategy.

  • The URL below is the one behind the phishing email which caught him out:

    myaccount.google.com-securitysettingpage.tk

  • “tk” at the end is suspicious because it is unusual, it would normally be “.com” or “.co.uk” or .gov.uk” etc.

  • “.com-securitysettingpage” also does not look right.

  • A US Presidential campaign should have both the staff and the technical capability to defeat such scams, but the ordinary UK user now working from home probably does not.

  • Therefore, if you see an email that you are not sure about, look at the URL.

    • Read it backwards, because the front end will not look suspicious, ie “myaccount” and “google”;

    • If you see something unfamiliar or suspicious, don’t download anything from it, don’t click through, and report it as possible phishing;

FURTHER TIPS AND TRICKS

  • Back up data constantly, on the 3/2/1 principle.

• 3 copies of your data, on at least 2 different mediums (ie external hard drive and USB stick), in at least I different location (ie one copy in your shared area, one in the cloud).

  • Use the National Cyber Security Centre (NCSC) as much as possible.

  • Go to official sites only.

  • Keep it simple for your staff.

  • If you keep your staff safe, they will pull your organisation through.

  • Keep all devices up to date.

  • Use longer, better passwords, or pass-phrases.

  • Consider using a password manager programme.

  • Consider different passwords for different sites.

  • Use 2 factor or multi-factor authentication as much as possible.


Toby

AUTHOR:

Toby Ingram, OBE

Senior Consultant,

Sector Lead: Academia & Heritage

Subscribe To Our Newsletter
Sign up with your email address to receive news and updates