Beware of coronavirus scams

There is no situation so serious that cyber criminals will not attempt to exploit it. So it is with the coronavirus crisis, and reports of numerous scams have, sadly, already started to appear.

People and organisations should be wary of the heightened threat—not only of COVID-19 itself, but from cybersecurity risks such as phishing, malware, ransomware and scams.

Many of these attempts will be similar to those that are commonly employed by the fraudsters. The only thing different this time is the context, with coronavirus featured as the 'theme'.

The most common threat is the 'phishing' email, which attempts to trick the recipient into clicking a link or opening an attachment that could steal passwords or install malware (a virus of the digital kind). Scammers will prey on fear and urgency about the crisis as a means to get their targets to click these links. Make sure that you, your staff and your volunteers know how to spot a phishing email.

Unfortunately, vulnerable people—including those most at risk from the coronavirus—are being targeted by these scammers and are at particular risk. Reports can be read of fraudsters targeting elderly people with, for example, phony "decontamination services". Possibly as an opportunity to then steal from their home (alongside the consequential exposure to direct transmission).

Many organisations are seeking to keep their contacts updated about their service provision. Be vigilant to the threat of impersonation of legitimate organisations and people. Even the World Health Organisation has seen its members of staff impersonated in fake emails related to COVID-19, as has the Centre for Disease Control.

As staff (and volunteers) may be moving towards working from home, risks are likely to increase as they are outside of normal organisational and technical controls, such as firewalls and email spam protection. Ensure that staff continue their vigilance against these risks, and that your organisation actively takes steps to reduce the risks associated with home working.

Some further resources:

• National Cyber Security Centre (NCSC) Small Charities Guide
• NCSC Home Working Guide
• Beware of phishing emails
• If you are still using Windows 7, you should upgrade as soon as possible
• Do not click on links in suspicious emails
• If an offer seems to good to be true, it probably is
• Information Commissioner's Office: Data protection and coronavirus
• Report attempts to Action Fraud. If money has been stolen, contact PSNI
• Coronavirus tech handbook