Cyber criminals are taking advantage of the uncertainty around coronavirus - watch out for phishing emails, malicious links and potential scams. The police have issued a warning to the public and announced an estimated £800,000 lost so far. The National Fraud Intelligence Bureau have also issued an urgent scam warning.
A perfect opportunity for social engineering
Unfortunately, cyber criminals are always waiting for opportunities like these and use social engineering to exploit human weakness, just like any other vulnerability. Social engineering is essentially psychological manipulation and an easy way for criminals to generate returns – and it’s highly effective.
High profile phishing campaigns around coronavirus include emails seemingly from the Centers for Disease Control and Prevention and the World Health Organisation – who issued guidance on the subject. Hackers have also targeted Italian email addresses, sending fake informational documents which carry the Trickbot malware.
As the outbreak progresses and the UK gears up for the delay stage of the governments action plans, more sophisticated and targeted approaches may emerge, such as phishing or spear phishing in relation to business continuity arrangements. Firms and employees should also beware of business email compromises – where a legitimate email account is accessed and used fraudulently. This can be particularly convincing and the FBI recently announced that it cost US business and individuals around $1.7 billion in 2019.
Looking beyond phishing, cyber criminals can also profit from the situation through malicious links and fake webpages using popular search terms around coronavirus to generate traffic. A recent threat report from Webroot shows 24% of all malicious URLs are found on legitimate sites, so it’s important to remain vigilante even when clicking links on trusted websites.