COVID-19 is a big opportunity for scammers
May 11, 2020
The current COVID-19 crisis has changed the way we work, with more people than ever working from home – many for the first time ever. But cyber criminals are taking advantage, particularly of people unused to working remotely. Here are some of the scams that are currently causing problems.
One of the most common scams the in UK during this pandemic is emails and SMS messages asking for donations to help the NHS to buy Personal Protective Equipment (PPE) and to fund the fight COVID-19 as a whole. The main targets seem to be the elderly, many of whom are self-isolating. Current estimates suggest that scammers have already stolen around £1.6m using this technique.
Another similar scam is text messages apparently from the UK government issuing fines of £250 to people for leaving their house more than once daily during lockdown. Because these messages are fake, the “fines” are paid directly to the scammers. And there are email versions of this scam circulating too. By following the links in a scam email, bank details, accounts and passwords can be stolen, allowing hackers to empty bank accounts completely. So far there have been 2192 reported COVID-19 phishing attempts, but this number is increasing rapidly with over 50 new reports daily.
As industry shuts down, people are losing their jobs at a dramatic rate, causing them to become desperate to find a new job or source of income. Some scammers are calling the unemployed, offering positions as key workers but demanding an advance fee for vetting or background checks. However, these jobs do not exist – scammers are just keeping any money they receive.
The majority of reported crimes are related to online shopping, particularly as more people are relying these services while they practice social distancing. Because these products are in very high demand, people are paying for face masks, gloves and hand sanitiser which never arrives.
Many scams are related to email, and the fact that more people are working from home using computers, provides more opportunities for scammers. By exploiting tragedies and well-publicised global issues, it is easier to trick people because they are anxious and uncertain about the events taking place.
No mercy from cyber criminals
The uncertainty created by COVID-19 and the global shutdown is providing scammers with plenty of new opportunities to rob and steal. Many people will be unfamiliar with working from home, leaving them vulnerable to the clever techniques used by hackers. And because official advice about the pandemic appears to be unclear and confused, it is no surprise that people are being tricked by messages that look they come from official sources.
To better protect yourself and to avoid falling victim to a COVID-19 scam, take a look at our guide to Protecting your email against phishing attacks. We also have a handy guide to protecting yourself against “smishing” and SMS scams.
Finally, make sure that malware can’t take over your computer or steal your data by contacting us to find out how we can secure your systems.
Follow Us
Be the first to know
You might also like
DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. DevOps is a popular practice, especially among large organizations. However, while it comes with numerous benefits, it presents numerous risks as well. One notable challenge is the increased velocity of deployment, which often complicates how developers implement and ensure application security throughout the development and deployment process. According to a recent survey, almost 80% of CIOs expressed concerns about the difficulty of discerning trusted elements from untrusted ones within DevOps environments. In particular, the pressure to deliver services at a faster pace sometimes prompts DevOps teams to take security shortcuts, resulting in potentially costly repercussions. These include data breaches, application downtime, and compliance violations. So, how can you strike a balance between the demand for agile DevOps practices and the need to maintain robust security measures?
Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. Applications fuel the engine of the world’s economy, but enterprises can encounter substantial hurdles when striving to retain a competitive advantage in a rapidly changing digital landscape. Businesses must continuously pursue inventive solutions, even as they contend with sophisticated adversaries looking to exploit opportunities to disrupt operations, compromise vital information, and inflict harm. According to recent research, approximately 17% of cyberattacks aim to exploit vulnerable web applications. Yet, 98% of web applications are susceptible to attacks that can lead to malware infection or redirect users to malicious websites. All the while, 72% of these vulnerabilities result from coding errors. Testing applications for security flaws during production is a vital process of the development lifecycle, and this is where Dynamic Application Security Testing (DAST) comes in. DAST is a security testing approach in application security (AppSec), in which testers assess an application in real-time, while it’s actively running. This process can be conducted even without testers knowing the application’s internal interactions or system-level designs. This is because DAST tools operate without access to the application’s source code. Instead, they emulate genuine attacks, akin to those carried out by real hackers, to identify security weaknesses. This “black box” testing method examines the application from an external perspective, scrutinises its runtime behaviour, and observes how it reacts to simulated attacks. These simulations help evaluate whether the application exhibits vulnerabilities and if it is potentially susceptible to malicious attacks.
In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today. Hacking is attacking and breaking into computer systems illegally… isn’t it? The meaning of the term “hacking” has in fact changed substantially over time, morphing from describing essentially benign (or at worst mildly disruptive) activities into its modern attribution to largely criminal and illegal activities. What’s more, in its original usage, “hacking” doesn’t necessarily even need to involve computer systems at all. In this blog post we look back at the origin of the term “hacking”, as well as how activities that might be described as hacking have existed throughout history, even prior to the advent of computer systems – and what if anything these can teach us today.