“Be wary of unsolicited emails and an urgent tone. If you are not expecting a call from your bank, a telecoms provider, PayPal, or another entity, carefully examine any claims that the person on the phone is making and do not rush into sharing any information.”
The UK’s cybersecurity agency, the National Cyber Security Centre, has recently confirmed that it has taken down more scams in the last year than in the previous three years combined. In addition, experts oversaw a 15-fold rise in the removal of online campaigns when compared with 2019.
COVID-19 Scams Being Used by Cybercriminals
Disturbingly, cybercriminals have also incorporated the COVID-19 pandemic and the vaccine rollout into their scams. The National Cyber Security Centre found a jump in the number of fraudsters using National Health Service (NHS) branding to dupe victims in the UK, with the vaccine rollout being used to acquire people’s personal information.
The above is unsurprising given the potential value of sensitive information like medical and financial data. For example, victims of the 56 Dean Street data breach in 2015, where an email leak exposed the contact details of almost 800 patients using the clinic for HIV services, could be eligible to claim damages of up to £30,000. Victims of the 2018 British Airways data breach, where sensitive financial data was exposed, could potentially receive a pay-out of up to £16,000 in cases where a serious and recognized psychological injury has occurred.
One of the phishing and smishing (emails and SMS respectively) attacks being deployed most regularly involves cybercriminals posing as the World Health Organization (WHO). These messages are often very short and to the point, asking the recipient to click on a link to a PDF that offers advice on how to stay safe during the outbreak. However, once you click on the link, you are taken to a fake version of the WHO’s website which asks you to input your email address and password so you can receive the non-existent PDF. It can be a simple and easy scam to fall for given the need for people to be continuously informed about staying safe in these troubling and turbulent times.
Other popular phishing emails involve cybercriminals posing as well-known and respected organizations with the aim of harvesting your personal information.
The Exponential Increase of Scam Calls
Another tactic employed by cybercriminals is scam calls, which have also increased exponentially during the pandemic.
Last month, the UK’s Health Minister Lord Bethell warned that people up and down the country are facing a “massive sudden increase” in the volume of scam calls and texts to their mobile phones. Such calls can often involve cybercriminals claiming to be authority figures – including the police or your bank – and involve the scammers asking you to transfer money or hand over sensitive account login information, or even asking you to check your pin code.
An alternative method we have seen scammers use is posing as providers of subscription accounts. During the pandemic, many of us have become more reliant on streaming services like Netflix and Amazon Prime and, as a result, cybercriminals have capitalized on this by hacking unsuspecting individuals.
Take the Amazon Prime scam, for example: in this scam, cybercriminals target the public with automated calls to tell them that a fraudster has used their personal details to sign up for an Amazon Prime subscription. The victim is then instructed to press 1 to cancel the transaction.
However, when they do this, they can be directly connected to the real scammer, who poses as an Amazon customer service representative. The victim is then pressured to download a sharing application like Team Viewer and is then asked to log onto their online banking account to fix a security flaw to prevent someone from accessing their Amazon Prime subscription. Sharing software like Team Viewer can grant remote access to the victim’s computer and can allow cybercriminals to see and steal the victim’s personal and financial details.
Tips to Spot a Cybercriminal
There are some signs to watch out for if you think you are being scammed. Firstly, be wary of unsolicited emails and an urgent tone. If you are not expecting a call from your bank, a telecoms provider, PayPal, or another entity, carefully examine any claims that the person on the phone is making and do not rush into sharing any information.
Also, check for typos and grammar mistakes, as phishing emails are often clumsily written and are awash with typos, such as misspelt words and no spaces after commas.
Finally, scammers often set up website addresses that feign legitimacy in order to trick you. Security researchers Digital Shadows claim that more than 1,400 domains linked to COVID-19 have been registered in the past three months with some, inevitably, being used to scam people.
If you fear you are being scammed, you should check the website address and scour through the site to confirm it is genuine. A good idea is to circumvent any link to a site that you have been sent and find the website manually yourself to make sure that you are using the legitimate one. You should also ensure that you use robust passwords – which should be changed frequently – and, just as importantly, keep your computers, mobile phones and tablets up to date with the latest updates and antivirus software to help protect you and block you from visiting websites that have been reported for phishing or malware problems.
The COVID-19 pandemic has disrupted our lives, and cybercriminals are using this chaos to scam unsuspecting people. The dramatic rise in scams related to COVID-19 means that we all must be diligent and interrogate any suspicious call, text or email to confirm its legitimacy. If you fail to do so, you could become yet another victim of these malicious cybercriminals, who are exploiting what is already a tough time for all.
Image Source: Deposit Photos
Image ID: 2539359