Our need and desire for Covid-19 news and advice has proven to be the perfect opportunity for cyber-criminals to trick people into falling victim to their malicious scams – gaining profit by any means necessary. These criminals have become experts at impersonating people and organisations.
Due to the increase in fraudulent activity, we wanted to prepare you for a safer online experience during this trying time. We have outlined some tips for staying safe online and in a digital world.Do you want to learn more about phishing emails and how to detect them?
A lot of people don’t feel safe going outside during the Covid-19 pandemic and would prefer to shop as much as possible from the comfort and safety of their own homes. Cyber-criminals have foreseen the rush to shop online and are already taking advantage of our need to buy supplies online, especially for items like hand soap, hand sanitizer, groceries, and cleaning products. If you see an offer that seems too good to be true – then it probably is.
To help protect you while online shopping, follow these tips:
- Beware of pop-up messages or push notifications (and other cries for attention)
- Use online retailers that have a good reputation and are well known
- Always look for the company’s full contact details – a reputable company will always have this publicly available on its website
- Cross-check the company information on your browser
- Make sure that you are using up-to-date software for your operating system and browser
- Avoid making online payments when using public Wi-Fi as it is unprotected
Computer viruses / malware
Computer viruses, also known as malware, will infect your computer programs and files, change the way that your computer operates or will completely stop it working altogether. These viruses can spread from one computer to another – similar to a biological virus.
It didn’t take long for the cyber-criminals to catch onto the Coronavirus pandemic as there is a rising number in fake websites sending scam emails including links that install malicious software onto your computer.
You may be sent an email containing an attachment or a link for you to click on to gain something – unbeknownst to you, it has released a virus or malware onto your computer immediately.
Now that the cyber-criminals have access and control of your computer, they can obtain personal information, slow your computer down, delete files and send out spam emails in their favour.
These are a few simple steps you can take to protect your computer from viruses:
- Install security software – e.g. anti-virus, anti-spyware and firewall
- Keep your operating system and browser updated
- Protect your wireless network with a strong password. Use VPN software when connecting to public WiFi
- Only download software from trusted sites
- Avoid clicking on or opening attachments from unknown senders
- Avoid giving out personal data - if you receive an email, text or phone call asking for personal information, don't give it out. This information can be used as part of phishing campaigns
- Never use unfamiliar USB / removable media devices
- Back up your data - if all fails, you have the ability to recover your key / critical data
Fake websites are sites that are set up to replicate genuine businesses that are offering cheaper deals – so that they can collect personal and financial information from you, with no intention of providing you with the offer. An example would be a fake Coronavirus map website – cyber-criminals are creating fake dashboards that show maps tracking the spread of Covid-19. They offer downloadable data that infects computers with malware, rather than providing them with the offer. Unfortunately, these scammers are quite good at making these look very similar to the genuine websites.
Here are a few signs that you should look for:
- No reviews
- No padlock symbol in URL
- Unusually low prices
- No contact information
- Poor spelling and grammar
- URL reading “http://” instead of “https://” – ‘s’ stands for secure
What should you do if you think a website is fake?
- Close the window and leave site
- Avoid entering any personal or financial information
- Avoid clicking any links or attachments
SMS Phishing (Smishing)
As a result of the Covid-19 pandemic, there has been an increase in the number of scams being performed over text message. These scams are the SMS version of phishing, also known as Smishing.
Smishing scams usually follow a pattern:
Firstly, the criminals will send a message that has been designed to play on your emotions – this is called the “bait”. An example would be that the message makes an offer of free cash and provides a link to follow to apply – this is called the “hook”.
Then, when you click on the link, you might be taken to a very official looking website and be asked to enter personal information – this is called the “catch”.
Here are a few tips on how to avoid falling for a smishing attack:
- Don’t reply to the text message
- Don’t click on any links or attachments in the text message
- Call the business to verify any changes – contact them directly with a number from their official website
- Check the phone number
- Do your research – is the number legit? Any other reported experiences?
- Look at the time that the text was sent – if it was the middle of the night, the chances of it being a smishing attempt are high
Phishing is an attempt made by cyber-criminals to ‘fish’ for your personal information. These cyber-criminals send out convincing emails, claiming to come from a legitimate company such as your bank, retail or the government.
Whilst we’re all facing the prospect of working away from the office to help slow down the impacts of Covid-19, criminals are trying to trick us into falling victim to their scams. They recognise that new work patterns may result in changes to employee behaviour and actions they take to respond to emails.
If you receive an email that you suspect is not genuine remember not to click any links or reply, just let your IT and Security Teams know.
Here are some pointers to what you should look out for, should you receive an unexpected email:
- Check the grammar and spelling – if there are mistakes, it probably isn’t legitimate
- Check the email sender’s address – does it contain random characters? / does it link to the company that they claim to be from?
- Do they address you by your name? – if not, they probably don’t know you
- Does it ask you to act quickly?
- Legitimate companies, like your bank, will never ask you to provide or update your sensitive information