Alexa metrics
Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

Phishing and Covid-19: Why the world is getting hooked

3 September 2020 by Yasmin Duggal

Covid And PhishingIn March, it was reported that phishing attacks had increased by 667% since the end of February, as Covid tightened its grip across the globe. The first Covid-related phishing scam actually surfaced as early as the end of January.

Fast-forward to August, and HMRC reported it was investigating more than 10,000 coronavirus-related phishing attacks with cybercriminals exploiting the pandemic via SMS, social media and phone scams. So, what happened in-between and how has Covid –19 increased the scope of the phishing landscape? 

The virus created a phishing hotbed 

The health and economic crisis has cultivated the ideal breeding ground for major scamming opportunity. With the latest figures showing 7.5 million of us on furlough in June, and a further 500,000 individuals out of work or going unpaid by employers, cybercriminals have maximised on a wealth of vulnerable targets. The 2020 Phishing Attack Landscape Report reveals the frequency of phishing threats has risen considerably throughout the last few months, with companies experiencing an average of 1,185 attacks every month. The same survey exposes a major increase in time allocated towards attack mitigation, removal and incident response – time that many businesses can’t afford to lose in the current climate. 

Not only is the danger increasing in frequency, the scale of damage caused by this type of scam is also growing. Among the 46% of businesses that have experienced breaches or attacks in the past 12 monthsmore than two thirds considered a phishing attack the single most disruptive type of attack.  

Ramping up the scale and target audience 

What is it about lockdown that has made cybercriminals up the ante, and rendered individuals and businesses more susceptible to being hooked? (UK citizens have lost around two million pounds to Covid-19 phishing attacks!) 

The answer may lie in our modern tendency to turn to the internet as our first port of call to acquire the latest information on the virus – along with the vulnerability of the healthcare and government sector to exploitation. When we encounter emails seemingly originating from a legitimate healthcare company offering comfort to combat the fear and uncertainty of finding a cure, it’s easy to forget to check the authenticity. And, with so many out of work or on a reduced income, cybercriminals impersonating government bodies offering loans and economic support are all too easiloverlooked 

It was reported that phishing emails replaced web-based phishing as the delivery method of choice for malicious files by a factor of four to one between July and August, as cybercriminals seized on people’s hopes that a Covid-19 vaccine was on the horizon. Security firm Check Point revealed that the number of phishing emails incorporating deceptive vaccine-related subject lines was up – and the number of vaccine-related domains had doubled in June and July, with one in every 25 malicious Covid websites’ landing pages now being vaccine-related. Such websites also falsely claim to sell PPE like face masks, sanitizers, gloves and drugs, asking unsuspecting victims to enter their details and pay up front for the goods 

The events sector (specifically festivals forced online during the pandemic) has also come under attack. Facebook scammers are charging individuals to view free festival live streams and creating fake pages before an event takes place, aiming to redirect consumers to websites illegally charging for what should be a free service. Banking, eCommerce sites and the private sector also make the list for the worst-hit industries while accounting for the proportion of attacks.  

Increased responsibility for businesses 

So, when it comes to phishing, how much employee training is enough? According to this year’s Cyber Security Breaches Survey, in the last 12 months just 18% of businesses have performed additional staff training following their most disruptive breach or attack. Cybercriminals are now less concerned with targeting specific age categories and care less about where employees sit in the business hierarchy. No one is exempt, and the attacks are unforgiving, so it’s vital every employee is equipped with the knowledge and tools to fend off attacks. 

With many UK businesses heading into September operating on a balance of remote and office working, ensuring every employee is up to date on the risks of phishing scams is paramount. Make time for remote training, create a comfortable environment with a solid action plan should staff fall victim, and invest in robust cybersecurity solutions to minimise the risk of a data breach.  

Remember those red flags 

Here are five clues to help spot a phishing email:  

  1. Has the email been sent from a public email domain?  Normally, emails will come from domains associated with an organisation. So, take extra care if you receive an email from a @gmail, @hotmail or @yahoo domain claiming to be a trusted organisation. Make sure you look at the email address, not just the sender.  
  2. Are there any spelling mistakes in the domain name? Hackers will often buy a spoof domain name to impersonate a well-known organisation.   
  3. Read carefully  scam emails are often poorly written. Look for grammatical mistakes, not just spelling mistakes. Scammers use spellchecker and translation apps to correct typos but they don’t always get the grammatical context right.   
  4. Keep an eye out for suspicious attachments, embedded links or calls to action. Most phishing emails will contain a payload such as an infected attachment that you’re asked to download, or a simple message asking you to respond to the attacker’s email and complete a task for them.   
  5. URGENT! Phishing emails often fake a sense of urgency, like an overdue payment, fine or security breach. Criminals will sometimes pose as your employer, as they know that you’re likely to drop everything if your boss emails you with a vital request, especially when other senior colleagues are supposedly waiting on your response. 

If you’re concerned about the increase in phishing scams, a robust security solution like Threat Vision from UKFast can make sure your network is protected against a landscape of threats. 

Find out more about Threat Vision, UKFast’s suite of security products, designed for seamless integration and robust protection.