Speak to an expert

01684 252 770

01684 252 770 Contact us Book a meeting 0 Items - £0.00
Trustpilot

Beware of COVID-19 Phishing Scams

20th April, 2020

A huge number of malicious cyber criminals have exploited the COVID-19 pandemic with phishing scams.

In the UK, the National Cyber Security Centre (NCSC) has detected more UK government branded phishing scams relating to COVID-19 than any other subject.  A surge in home working has increased the use of potentially vulnerable services, such as video conferencing, which in turn amplifies the threat to organisations across the board.

Throughout the pandemic, the UK’s National Cyber Security Centre (NCSC) and the US Department of Homeland Security (CISA) have both observed a large volume of phishing campaigns. This involves the use social engineering techniques to persuade potential victims to click on a link or open a file in order to harvest valuable credentials or to deploy malware to compromise devices.

Many have imitated trustworthy sources such as the National Health Service, World Health Organisation (WHO) and Government departments such as HMRC.

The NCSC’s phishing guidance for organisations on mitigating against phishing attacks is split into four layers:
 

Layer 1: Make it difficult for attackers to reach your users

This can be achieved through:

  • implementing anti-spoofing controls to stop your email addresses being a resource for hackers
  • considering what information is available to hackers via your website and social media accounts and educate your users to do the same
  • filtering or blocking incoming emails that are potentially fraudulent.

Layer 2. Help users identify and report suspected phishing emails

You are only as strong as your weakest link. The easiest way for a criminal to gain access to your data is through your people, even if you’ve got comprehensive cyber security measures in place.

Effective Cyber Awareness Training will help equip your team with the knowledge they require to prevent future cyber attacks.

Despite your best efforts, assume that your organisation will fall foul of a small percentage of phishing campaigns. Planning for this will minimise the damage caused to your organisation. It is important that you create a no-blame culture and a clear phishing incident reporting process.

Layer 3.  Protect your organisation from the effects of undetected phishing emails

Implement the following IT security controls:

  • two factor authentication (2FA) to protect your accounts
  • user access control, which ensures user privileges are set appropritately
  • use a proxy servier and up to date browser to provide protection from malicious sites
  • malware protection

The NCSC’s Cyber Essentials scheme has been designed to help organisations achieve and maintain these controls.

Layer 4.  Respond quickly to incidents

As is the case in many situations, the speed and effectiveness of the way respond to a phishing attack will also limit your exposure. It is imperative that you define and rehearse your incident response plan, including any legal requirements.

More details are available on NCSC’s website.

You can also find out more about protecting your organisation by visiting our Business Support Hub.

Keeping security
simple

Get in touch with our expert consultants for straight-talking, jargon-free technical security advice.

Get in touch Book a meeting
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.