Catches of the month: Phishing scams for June 2020

Good examples from the IT Governance blog…:

One of the more damaging side-effects of the coronavirus pandemic has been the increase in targeted phishing scams.

Action Fraud estimates that Britons were conned out of £3.5 million in the first two months of lockdown, with cyber criminals cashing in on the uncertainty that the pandemic has caused.

As of 15 May, the UK’s cyber crime agency had uncovered 7,796 phishing emails linked to COVID-19.

Although lockdown restrictions have eased since then, the virus and scams related to it are still prevalent, so you must remain vigilant.

Let’s take a look the scams you should look out for and how you can stay safe online.

Face mask scams

The UK is one of the few countries where face masks aren’t mandatory in public, but many people are still wearing them as a matter of good practice.

But if you’re looking to purchase some online, you should be careful that the seller is genuine, because scams like this have been widespread during the lockdown:

Look out for scam emails supposedly selling PPE

PPE scams were among the first coronavirus-related scams

Scam emails such as the above do a good job of replicating the informal language that you’d get in a marketing email, using phrases such as “we’re fighting back with awesome face masks” and creating a friendly, collective attitude designed to build trust.

You can see why someone might fall for a message like this, particularly with how hard it is to find PPE in stock.

However, as always, there are signs that point to this being a scam. For example:

  • The email doesn’t state the name of the organisation;
  • The sender is a random Gmail account rather than an organisation’s email address;
  • Although generally well written, the call to action uses the clumsy phrase “sale off 20%”; and
  • It references the CDC (Centers For Disease Control) and uses the word “shop” as a transitive verb, which suggests it was written for a US audience.

Finally, perhaps the biggest giveaway (at least logically) is that a face mask vendor wouldn’t be offering a 20% sale at a time when its product is in higher demand than ever. This is an example of a truism applicable to all scams: if it seems too good to be true, it probably is.


See also:


Healthcare workers are being targeted

It’s no surprise that phishing emails have been on the rise since the lockdown began, but a new report has found that the problem is just as bad – if not worse – for organisations directly involved in the coronavirus response.

Palo Alto Networks discovered that healthcare agencies, governments, universities with medical centres, medical publishing firms and insurance companies have been targeted by sophisticated scams.

Commenting on the report, Principal Researcher Peter Renals said: “As 2020 progresses, the most prominent threat facing customers is commodity malware deployed in support of sophisticated BEC schemes.

“Given the global impacts of COVID-19, [threat] actors have begun adapting their phishing campaigns and will likely continue to use COVID-19-themed emails to deliver commodity malware broadly in support of their objectives.

“In light of this trend, we encourage government agencies, healthcare and insurance organizations, public utilities, and universities with medical programs to apply extra scrutiny to COVID-19-related emails containing attachments.”


DocuSign scam

DocuSign, a service that allows people to send and sign electronic copies of contracts, has become crucial for organisations during the lockdown – so, naturally, cyber criminals have attempted to exploit it.

The scam is relatively simple; it’s nothing more than a mock-up of a DocuSign email asking the recipient to follow a link to review the document, and when users click, they are sent to a bogus site where they hand over their login details.

However, despite – or perhaps because of – the simplicity of the scam, it’s very hard to detect.

DocuSign has been imitated in a phishing scam

The message does a good job reproducing the layout of DocuSign’s emails and contains almost no grammatical errors (except the capitalised ‘You’ in ‘Thank You’, which many recipients may not even read).

However, there are two ways you can tell that this is a scam. The first is that you presumably wouldn’t be expecting to receive a document from the sender that the scammer was imitating – in this case Newman Law Solicitors.

In general, any unexpected email containing an attachment should raise your suspicions. Take this opportunity to ask your colleagues if they knew anything about the subject referenced in the message.

You might also decide to email the person or organisation that sent the message – using an email address you know is genuine (either because you’ve corresponded through it before or you’ve found it on their website).

The second way you can tell that this is a scam is that the destination URL in the link doesn’t go to a DocuSign-related email address. Instead, it goes to an address that contains a string of letters and numbers followed by ‘sendgrid.net’.

SendGrid is a legitimate firm that enables organisations to send automated marketing messages, but is being exploited in this scam to direct victims to a malicious site.


One virus is enough

Phishing is just one of many security problems that the coronavirus pandemic is causing organisations. With employees working from home and not protected by the office’s security systems, the threat of cyber attacks is greater than ever.

When you factor in the uncertainty of the pandemic, the prospect of depleted workforces in the coming weeks through illness or furlough, and the fact that cyber criminals can continue to operate from the safety of their homes, cyber security should be a top priority.

We’ll continue to give regular updates and advice on our blog, but you can also find solutions to help you through this crisis by visiting our website.

Nobody knows what the full effect of the virus will be, but one thing’s for sure: you have enough to worry about without the threat of a cyber attack or data breach.

Original article here