Not everyone is playing by the same rules.
As you and I try to go about our daily business
under the Coronavirus restrictions and try to help our family, friends and
neighbours, where we can, cyber-criminals are busy exploiting the new environment
for personal gain.
You may have noticed that you are receiving more
emails from unfamiliar sources than you would normally expect. Updates and
re-assuring messages from your bank; SMS messages from your GP practice or
pharmacy; and other messages such as an invitation to upgrade your social media
to a ‘gold’ level, offering your enhanced services and benefits.
Some are genuine offers of help or information in
response to the Coronavirus emergency, but others are definitely not.
As the National Cyber Security Centre (NCSC) has highlighted in their Weekly Threat Report
(for 27 March 2020) , there has been a noticeable spike in phishing emails in
recent days –
Almost half of UK businesses (46%) and a quarter of charities
(26%) in the survey reported that they had seen an attack or breach in the past
12 months. The survey also highlights there has been a rise in phishing attacks
(from 72% to 86%)…
These are messages that appear to come from
trusted sources asking you to adjust your settings or click on a link, but in
reality are cyber scams designed to extract personal information from you such
as passwords and PINs which they then exploit for criminal purposes.
Here are some tips from NCSC on spotting phishing emails –
- Many phishing emails have poor grammar, punctuation and spelling.
- Is the design and overall quality what you’d expect from the organisation the email is supposed to come from?
- Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
- Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like ‘send these details within 24 hours’ or ‘you have been a victim of crime, click here immediately’.
- Look at the sender’s name. Does it sound legitimate, or is it trying to mimic someone you know?
- If it sounds too good to be true, it probably is. It’s most unlikely that someone will want to give you money, or give you access to a secret part of the Internet.
- Your bank, or any other official source, should never ask you to supply personal information from an email.
Where you do suspect any messages you receive you
can flag them as Spam or Junk, taking it out of your inbox and letting your
email service provider know it is suspect. You can also report suspect emails
to Action Fraud.
For businesses and other organisations, remember
also that the accountability principle
under the GDPR and Data Protection Act 2018 requires that you take appropriate technical and organisational measures to
protect personal data. This makes it not just an operational risks but also a
legal compliance risk for your business to manage.
This may be a good time to check that your IT,
policies, and processes are up to date and will reduce the risk of compromise
through a phishing attack and indeed other attacks on your systems and data.
Tim Heywood is a Partner in Gunnercooke llp specialising in cyber security and data protection.