Email Scams & Phishing in the Age of Coronavirus
Photo: Phishing red text between blue binary data on screen by Marco Verch under Creative Commons 2.0
Email scams are nothing new. Since the boom of the Internet and the emergence of electronic mail, cybercriminals have sought to exploit people in order to make a profit – by whatever means necessary. These can come in many guises, affecting both individuals and businesses. They often lead to a person handing over precious information (such as bank details), or the infection of a device by malware or ransomware. The latter can lead to your computer or device (or indeed multiple devices) becoming locked, as well as having information stolen.
Suffice it to say, email scams and ‘phishing’ often target those most vulnerable to such scams, but they can affect anyone. They can lead to businesses losing money or even people losing jobs, as well as significant distress for whoever is involved. As such, below you can find a breakdown of some common email scams to look out for. Being aware of these will put you in a stronger position next time it happens, as you will know when to report or simply ignore certain emails.
Common Email & Phishing Scams
False Identification – This one is quite common within businesses, or with businesses clients. Often, fraudsters use social media and company websites to find out information on key people within organisations. Staff members or clients may receive an email from someone within this business making a request, often involving financial details or a transfer of funds. These can catch people out, as on first glance they do appear to be an email from a person they are familiar with – either as a colleague or someone within a company whose services they have acquired. An easy way to spot these is an attention to detail. If you look closely, you will notice key differences. The email address will be extremely similar to the legitimate one, but it will be slightly different. Similarly, be sure to read the email a few times – as these scams are often littered with grammatical errors or spelling mistakes. As a rule of thumb, assume that any email asking for financial details or a transfer is a scam, as it is not standard practice for most businesses to do this. If you are still unsure, however, get in touch with the relevant parties and confirm with them whether or not such an email has legitimately been sent.
A good question to ask yourself if you’re unsure about an email such as this is, ‘would this person or organisation ask me to do this normally?’ The example shown below is a scam email posing as HM Revenue & Customs. One of the many ways you can identify this as a scam is the fact that HMRC does not carry out such requests via email, and they never ask you to enter your details online through an email. The same rule applies to banks, building societies and so on.
Dear Taxpayer,
After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund up to 254.85 GB.
To submit your tax refund please click here. A refund can be delayed for a variety of reasons. For example, for submitting invalid records or applying over the deadline. Please submit a tax refund request and allow us 5-6 days in order to process it.
Best regards,
HM Revenue and Customs.
Bitcoin – This one has become increasingly prevalent in recent years. Following the rapid rise in popularity and usage of cryptocurrency Bitcoin, there has been a dramatic upsurge in scams related to this phenomenon – email and otherwise. These types of scam amount to a get rich quick scheme, promising great reward to those who invest in a Bitcoin programme which, you guessed it, involves handing over sensitive financial information.
The effectiveness of these scams is boosted by the name recognition of Bitcoin in the current climate, as well as several fake celebrity endorsements that often accompany them. Aside from email, this is popular elsewhere online too. It is not uncommon to come across fake webpages posing as respected news publications, telling a tale of a famous person endorsing the Bitcoin scheme – and once again pushing them for an investment further down the page. Once you are aware of these, they are fairly easy to identify.
Coronavirus – If there’s one thing the people running these scams take advantage of, it is fear. Unfortunately, that means that the current situation we find ourselves in is ripe for exploitation. The Coronavirus pandemic has already seen many high profile scams seeking to profit from people’s worries. One incredibly common email scam are those claiming to provide ‘important updates’ on the Coronavirus, including a simple link to discover said updates.
Following this link can once again lead to devices being infected with malware, leaving your information and data at risk. Another such attempt saw a series of emails posing as the World Health Organisation (WHO), the US Centre for Disease Control (CDC) and the setting up of Coronavirus websites looking to sell fake equipment to battle the virus. The CDC attempt even included Bitcoin transfers to help fund a (completely fake) vaccination. It is normal to be anxious in times such as these, and the desire for up-to-date information is shared amongst the majority of the population. However, we would stress the importance of not engaging with any emails such as those detailed above. It is always a safe bet to stick to the official government advice, which is regularly updated here.
Glossary
Here is a brief rundown of some of the key terms you might come across when reading up on email scams.
Phishing
The act of pretending to be someone trustworthy or known to a person to obtain sensitive information or data from them, often in the form of a fraudulent email.
Malware
Malicious software that, if running on a device, can lead to:
The theft or deletion of data
Encryption of data
Taking control of a device and attacking other businesses
Theft of information that gives others access to your systems or services
The utilisation of other services that cost you money
Your device becoming locked and (in some cases) completely unusable
Ransomware
This is a specific type of malware that causes a device (usually a computer) to become locked. As a result of this ransomware, data and information may be stolen, deleted or encrypted, so it cannot be accessed. There is also the potential for ransomware to spread across other devices on the same server/network. One particularly high profile case of Ransomware was the NHS cyber-attack in 2017.
Bitcoin
This is a cryptocurrency. It’s essentially a digital form of currency with no central bank, which can be transferred by user to user.
Now that you’ve read the essentials, you are hopefully somewhat better equipped to identify these scams if and when you come across them. Aside from that, the best piece of advice we can give anyone is to be vigilant, not give out sensitive details via email or on the phone, and stay safe.