Criminals are exploiting the pandemic to scam or threat and steal from businesses and individuals, with Action Fraud estimating £2m already lost by mid-April. Simple scams are targeting people’s fears by offering fake cures, tests and protections online, with the National Cyber Security Centre recording more than 70,000 malicious websites created since the pandemic was declared.
More worrying are the thousands of different fake emails, web adverts and websites. These pretend to offer official government support on things like tax refunds, medical advice and business grants. Some criminals are sending out over a million emails at a time with the hope that they can tempt people into clicking on links, downloading apps or opening attachments; the links contain viruses or trick people to provide personal data or bank details. These ‘phishing’ emails then allow the criminal to steal and extort, sometimes without the victim being aware for weeks.
Related:- Top Open-source Data Visualization Tools
Tips on spotting a phishing email:
- The criminals will try to make their email look convincing so don’t trust it just because it looks official or from a name you recognise
- Poor spelling or grammar and bad quality images or logos are often a giveaway
- An email asking you to provide information, especially if it is stressing urgency, is threatening, or is offering a reward, should be treated with suspicion. Do not give away personal or commercial data without caution
- Does the sender’s email address look like it should and is it spelt correctly? You can sometimes check the validity of the sender’s address or any links by hovering your cursor over them, sometimes this can reveal the true address.
- Be wary if the email does not address you by name or is from an unknown or unexpected sender
- If the message is too good to be true…
Simple steps to boost your cyber security:
- Use different passwords for different websites so if one password is compromised the criminal will not have instant access to all of your sites. Passwords should be at least 10 characters long with mixed characters; current advice is to use 7hree $eperate Wordz
- Ensure up to date antivirus, malware and firewalls are installed
- Restrict account controls so staff can only access data or the parts of the system that they need to for their role. If an individual is breached this will restrict the access criminals have to the business.
- Ensure portable devices are password protected and encrypted
- Discourage the use of removable media, such as USB sticks, and personal devices, these are both common causes of valuable data being lost or unwanted problems getting in.
- Train and educate staff in cyber hygiene and cyber security awareness, in most breaches people are the weak link
- Consider completing Cyber Essentials certification for your business, which is proven to significantly reduce cyber risks
- We strongly recommend that your business purchases cyber insurance, which can provide specialist technical and legal support in the event of a cyber incident as well as covering your financial losses.
Lastly, if you do fall foul of cyber-crime you should immediately report it to Action Fraud