Cyber criminals are preying on fears of the coronavirus (COVID-19), and sending scam emails that try and trick people into clicking on a bad link.
This guidance from NCSC.GOV.UK explains what to do if you’ve already clicked, and provides some of the telltale signs of scam emails to look out for.
What is phishing?
Phishing is when criminals try to convince you to click on links within a scam email or text message, or to give sensitive information away (such as bank details).
Once clicked, you may be sent to a dodgy website which could download viruses onto your computer, or steal your passwords.
Given the current coronavirus (COVID-19) situation, cyber criminals are sending emails that claim to have a ‘cure’ for the virus, offer a financial reward, or encourage you to donate. Like many phishing scams, these emails are preying onn real-world concerns to try and trick you into clicking.
These scam messages (or ‘phishes’) can be very hard to spot, and are designed to get you to react without thinking. If you think you’ve clicked on a bad link, don’t panic – there’s lots you can do to limit any harm.
What to do if you’ve already clicked
If you’ve already clicked a link (or entered your details into a website), take the following steps:
- If you’re using a work laptop or phone, contact your IT department and let them know.
- If you’ve been tricked into providing your banking details, contact your bank and let them know.
- If you think your account has already been hacked (you may have received messages sent from your account that you don’t recognise, or you may have been locked out of your account), refer to our guidance on recovering a
- Open your antivirus (AV) software if you have it, and run a full scan. Allow your antivirus software to clean up any problems it finds.
- If you’ve provided your password, change the passwords on all your accounts that use the same one.
- If you’ve lost money, tell your bank and report it as a crime to Action Fraud, the UK’s reporting centre for cyber crime. By doing this, you’ll be helping the NCSC to reduce criminal activity, and in the process prevent others becoming victims of cyber crime.
Tips for spotting telltale signs of phishing
Spotting a phishing email is becoming increasingly difficult, and many scams will even trick computer experts. However, there are some common signs to look out for:
- Authority – Is the sender claiming to be from someone official (like your bank, doctor, a solicitor, government department)? Criminals often pretend to be important people or organisations to trick you into doing what they want.
- Urgency – Are you told you have a limited time to respond (like in 24 hours or immediately)? Criminals often threaten you with fines or other negative consequences.
- Emotion – Does the message make you panic, fearful, hopeful or curious? Criminals often use threatening language, make false claims of support, or tease you into wanting to find out more.
- Scarcity – Is the message offering something in short supply (like concert tickets, money or a cure for medical conditions)? Fear of missing out on a good deal or opportunity can make you respond quickly.
- Current events – Are you expecting to see a message like this? Criminals often exploit current news stories, big events or specific times of year (like tax reporting)to make their scam seem more relevant to you
Your bank (or any other official source) should never ask you to supply personal information from an email. If you have any doubts about a message , call them directly. Don’t use the numbers/emails in the email, but visit the official website instead.
Make yourself a harder target
Criminals use publicly available information about you to make their phishing messages more convincing. This is often gleaned from your website and social media accounts (information known as a ‘digital footprint’). You can make yourself less likely to receive phishing emails by doing the following:
- For your social media applications and other online accounts, review your privacy settings.
- Think about what you post (and who can see it).
- Be aware what your friends, family and colleagues say about you online, as this can also reveal information that can be used to target you.
- If you do spot a suspicious email, flag it as Spam/Junk in your email inbox. Tell your email provider you’ve identified it as potentially unsafe.
If you would like to speak to a member of our team please give us a call on 01392 426046 or email firstname.lastname@example.org