The UK’s National Cyber Security Centre (NCSC), the government organisation that oversees cyber related issues, revealed this week that they continue to observe several tactics and techniques used by cyber criminals to exploit the Coronavirus (COVID-19) situation.
Bogus emails designed to mimic official-looking trusted communications with links to ‘important updates’ have been spotted. These can install malware and spread throughout computer networks to steal credentials, sensitive data and can lead to financial loss.
Others have reported the emergence of spoof and fake websites, designed to look like trusted sites (like banks, government agencies, retail companies, etc), but are in fact Phishing sites designed to temp visitors to click on buttons and links that can then install malware onto mobile devices and computers.
One particularly cynical malicious campaign embeds malware into Coronavirus tracking maps. On this topic, if you really want to keep an eye on the global spread of Coronavirus (COVID-19), we would advise that you went to an official body, like the World Health Organisation (or similar).
With so many people working from home this week; and with the reported outage of Microsoft Teams, we are asking people to remain vigilant. Already, there have been reports of suspicious emails purporting to be from Microsoft offering assistance with the Teams outage. Be careful what you open and think twice before sharing any personal or sensitive data.
How to spot bogus emails and websites
It is important to point out that while there are many ways to identify spoof emails and websites, if your business relies on data and digital working, it is your responsibility to invest in tools to protect your data and intellectual property.
Having said that, here some no-cost ways to spot suspicious emails and phishing/bogus websites:
- General rule: don’t click on, or paste links or buttons in emails! Better to navigate to the site directly from your browser.
- Always check the sender of the email. Check for subtle spelling mistakes in the sender field and/or in the body of the message text
- If you are not expecting an email from a particular sender, don’t trust it.
- If someone who is familiar to you sends you and email with an abnormal request or call to action, like ‘authorise this payment’ or ‘click here to confirm your credentials’, stop and verify the request using another medium, like WhatsApp or SMS and just verify the request.
- The first check that you should always make when visiting any website is to verify that there is a padlock icon in the URL address bar. This shows that there is a valid SSL certificate (see below). Avoid sharing any data (including credit card or payment details) on any sites if the padlock icon is broken or if your browser notifies you that the site is not secure.
- You can also mouse-over the padlock icon to see who the SSL Certificate is registered to. If it is not the company or party you expect, then do not automatically trust the site.
- Check also, the URL of the site. Spoof and fake sites can sometimes include subtle spelling mistakes or different domain extensions. Here, for instance, the World Health Organisation’s website is: who.int – not who.com or who.org. Both of which have been used in recent attempted phishing sites.
How to mitigate and defend against malware and ransomware
There have been huge advances in endpoint security in recent years, with some of the best software tools now being made available for free. Here are some (but not all) things that you can do to better protect your users, data and business:
- If you exclusively use Microsoft Windows, enable Windows Defender. This free tool is now consistently ranked amongst the best endpoint security tools in a world.
- If you use Google business suite, make sure that you enable Google’s security features. They are now truly excellent in identifying suspicious emails and websites.
- Make regular back-ups of your data. For critical business data, we would advise that you also back up your data to an offline archive.
- Make sure that you have applied the latest patches and fixes for operating systems and applications
- Invest in multiple layers of security to protect your data.
- Enable 2-Factor Authentication for anything that requires a username and password
- If working remotely, you should access your corporate network via a VPN or SD-WAN
Nice to know that the NCSC has our backs
In the last few weeks, the NCSC has identified and taken down a number of spoof and malicious websites that have been trying to exploit the Coronavirus situation. We thank them for their continued efforts, but you also have your role to play.
To answer the question posed in the title of this article: Will Coronavirus result in more cyber threats to small businesses. The answer is almost certainly yes, so please stay vigilant and remember this mantra: (Zero) Trust, but verify - before clicking, authorising or downloading.
About the author