Beware the cyberattacks seeking to exploit coronavirus fears
Whenever there's any kind of major news story that sparks public interest it's usually good for cyber criminals as they seek to exploit people's fears for their own gains.
The latest coronavirus (COVID-19) pandemic is no exception. The UK's National Cyber Security Centre has identified a number of attacks on a COVID-19 theme, these include bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected.
Paul Chichester, director of operations at the NCSC, says, "We know that cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the Coronavirus outbreak."
As far back as February the World Health Organisation (WHO) warned of fraudulent emails sent by criminals posing as the WHO. This followed a warning from the US Federal Trade Commission about scammers spreading phishing 'clickbait' via email and social media, as well as creating fraudulent websites to sell fake antiviral equipment.
These warnings are echoed by cybersecurity professionals, Jens Monrad, head of mandiant threat intelligence, EMEA, at FireEye says, "Coronavirus-themed spear-phishing emails have been increasingly used to deliver malware to a range of industries and regions. By taking advantage of current events, threat actors are better able to increase their chances of gaining access to targets of interest. We anticipate that malicious actors will continue to exploit populations' senses of urgency, fear, goodwill, and mistrust to enhance their operations, particularly regarding events within the medical field, government announcements, economic implications, deaths of high-profile individuals, and civil disturbances."
If you want to keep up to date with what to look out for the Digital Shadows Photon Research team has published a blog with details of the latest coronavirus themed scams, as has cybersecurity company F-Secure.
The NCSC has also seen a rise in the number of coronavirus webpages being registered, suggesting a gearing up for more attacks.
"Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails," says NCSC's Chichester. "In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible."
These scams, along with the virus, are likely to be around for a while yet so in the meantime let's be careful out there.