The National Cyber Security Centre today launched a new scam reporting service to allow citizens to report fake, fraudulent and suspicious emails, including those that offer coronavirus-related services.
The NCSC today announced a cross-governmental ‘Cyber Aware’ campaign which includes advice for people to protect passwords, accounts, and devices and also includes specific precautionary guidelines for personal and professional use of video conferencing services such as how to set up accounts, arrange chats, and protect the devices.
Aside from launching the campaign, NCSC also launched its new ‘Suspicious Email Reporting Service’ that allows Internet users to report suspicious emails, including those claiming to offer services related to coronavirus.
In a press release, the cyber security watchdog claimed that it has removed more than 2,000 online scams related to coronavirus in the past thirty days, and these scams include:
- 471 fake online shops selling fraudulent coronavirus related items
- 555 malware distribution sites set up to cause significant damage to any visitors
- 200 phishing sites seeking personal information such as passwords or credit card details
- 832 advance-fee frauds where a large sum of money is promised in return for a set-up payment
Ciaran Martin, chief executive officer of NCSC, said that “technology is helping us cope with the coronavirus crisis and will play a role helping us out of it - but that means cyber security is more important than ever. With greater use of technology, there are different ways attackers can harm all of us. But everyone can help to stop them by following the guidance campaign we have launched today. But even with the best security in place, some attacks will still get through.
“That’s why we have created a new national reporting service for suspicious emails – and if they link to malicious content, it will be taken down or blocked. By forward messages to us, you will be protecting the UK from email scams and cybercrime,” he added.
With the outbreak of the pandemic, many people in the UK are now using video conferencing services to connect with one another. To help protect such users from cyber threats, NCSC has also published new guidance thatincludes advise on:
- securely installing apps
- creating strong passwords
- tracking visitors to chats
- not making meetings public
- connecting only to people through contacts or address book
- never posting links or passwords publicly
NCSC is working along with the Home Office to deliver the Cyber Aware campaign and is aiming to help users and organisations protect themselves online. The campaign encourages people to ‘Stay home. Stay Connected. Stay Cyber Aware’ and includes the following tips for users:
- Turn on two-factor authentication for important accounts
- Protect important accounts using a password of three random words
- Create a separate password that you only use for your main email account
- Update the software and apps on your devices regularly (ideally set to ‘automatically update’)
- Save your passwords in your browser
- To protect yourself from being held to ransom, back up important data
Thanks to the new Suspicious Email Reporting Service, NCSC will, from now on, be able to offer support to Internet users related to COVID-19. Any dubious emails forwarded to email@example.com will automatically test the validity of websites and any sites found to be part of phishing scams will be removed immediately.
Aside from taking down malicious sites, NCSC will support the police by providing live time analysis of reports and identifying new patterns in online offending - helping them stop even more offenders in their tracks.
Rich Turner, SVP EMEA at CyberArk, told TEISS that “these developments highlight the lengths hackers will go to when trying to circumvent cyber defences, but phishing attacks in themselves are nothing new. According to our research, 60% of organisations cite external attacks, such as phishing, as one of the greatest security risks currently facing their organisation, ahead of other popular techniques such as ransomware. That’s because cyber attackers continue seek the path of least resistance, and for many organisations, this remains their employees.
“Well-crafted phishing emails – especially those that play on the fears of individuals – can often do the trick. Attackers typically use these tactics to gain a foothold within organisations that then allow them access to privileged credentials - those that give control over sensitive data or critical systems," Turner added.
Will LaSala, Senior Director of Global Solutions at OneSpan, said that we're unfortunately continuing to see attackers relentlessly exploit the ongoing pandemic to try and bait victims into falling for scams that can have devastating consequences, such as money being lost, personal details being stolen, or malware unknowingly installed.
"Consumers should be wary of clicking on links within emails, should always check the senders email address, and should know no trusted organisation would ever ask them to part with money via email.
"To ensure their customers are protected, banks and FIs need to be especially vigilant, and invest in dynamic fraud solutions that leverage machine learning and advanced risk analytics to identify abnormal user behaviour in real time. Furthermore, solutions that are capable of automatically operating at a lower level of trust during times of increased risk are best suited to help banks and FIs respond to the fast-paced nature of fraud during events like the Coronavirus outbreak," he added.