Cyber Scams

Not everyone is playing by the same rules.

As you and I try to go about our daily business under the Coronavirus restrictions and try to help our family, friends and neighbours, where we can, cyber-criminals are busy exploiting the new environment for personal gain.

You may have noticed that you are receiving more emails from unfamiliar sources than you would normally expect. Updates and re-assuring messages from your bank; SMS messages from your GP practice or pharmacy; and other messages such as an invitation to upgrade your social media to a ‘gold’ level, offering your enhanced services and benefits.

Some are genuine offers of help or information in response to the Coronavirus emergency, but others are definitely not.

As the National Cyber Security Centre (NCSC)  has highlighted in their Weekly Threat Report (for 27 March 2020) , there has been a noticeable spike in phishing emails in recent days –

Almost half of UK businesses (46%) and a quarter of charities (26%) in the survey reported that they had seen an attack or breach in the past 12 months. The survey also highlights there has been a rise in phishing attacks (from 72% to 86%)… 

These are messages that appear to come from trusted sources asking you to adjust your settings or click on a link, but in reality are cyber scams designed to extract personal information from you such as passwords and PINs which they then exploit for criminal purposes.

Here are some tips from NCSC on spotting phishing emails –

• Many phishing emails have poor grammar, punctuation and spelling.
• Is the design and overall quality what you’d expect from the organisation the email is supposed to come from?
• Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
• Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like ‘send these details within 24 hours’ or ‘you have been a victim of crime, click here immediately’.
• Look at the sender’s name. Does it sound legitimate, or is it trying to mimic someone you know?
• If it sounds too good to be true, it probably is. It’s most unlikely that someone will want to give you money, or give you access to a secret part of the Internet.
• Your bank, or any other official source, should never ask you to supply personal information from an email. 

Where you do suspect any messages you receive you can flag them as Spam or Junk, taking it out of your inbox and letting your email service provider know it is suspect. You can also report suspect emails to Action Fraud.

For businesses and other organisations, remember also that the accountability principle under the GDPR and Data Protection Act 2018 requires that you take appropriate technical and organisational measures to protect personal data. This makes it not just an operational risks but also a legal compliance risk for your business to manage.

This may be a good time to check that your IT, policies, and processes are up to date and will reduce the risk of compromise through a phishing attack and indeed other attacks on your systems and data.

Tim Heywood is a Partner in Gunnercooke llp specialising in cyber security and data protection.