NAJ News

SecurityWise update: Cyber Security during COVID-19

04 May 2020

SecurityWise Header Master

The jewellery community is facing further business challenges in response to the impact of the Coronavirus COVID-19 outbreak.

We understand the difficulty in closing physical stores and temporarily closing your business, if you have staff working from home you need to have remote protection and protocols in place as cyber scammers and cyber-criminals have increased activity. Phishing attacks, in particular, have dramatically increased so it's recommended to remind staff on how to be extra vigilant in terms of business and personal scenarios and what to spot.

 

Phishing Scams

Cyber-criminals have a variety of tools and techniques at their disposal, including malware, ransomware and disrupted denial-of-service attacks. One of the most common and difficult-to-spot strategies hackers use is phishing scams, which require minimal technical know-how and can be deployed from anywhere in the world via a simple email.

In these scams, phishers send an email or direct users to fraudulent websites, asking victims to provide sensitive information. These emails and websites are designed to look legitimate and trick individuals into providing credit card numbers, account numbers, passwords, usernames or other sensitive information.

With every opened email, users risk becoming the victim of monetary loss, credit card fraud and identity theft. What’s more, successful phishing attacks oftentimes go unnoticed, which increases the risk of large and continued losses, particularly for businesses.

To fool the victims, attackers customise phishing emails to make them appear legitimate, sometimes using logos or dummy email accounts to improve the effectiveness of the attack. Usually, phishers will pretend to be a trusted source, like a hospital, bank or employer. The phishing message will likely include alarming or suggestive language to fool victims into:

  • Clicking a link
  • Opening a document
  • Installing software e.g. malware
  • Entering their username and password into a website that’s made to look legitimate

If a victim does any of the above, the hacker can infect their computer and steal sensitive information, often without having to use a single line of code. With phishing attacks, even the most top-of-the-line firewall can’t stop an individual from clicking on a malware-loaded email.

Of all the various types of cyber-crime, phishing attacks are some of the most dangerous, especially whilst praying on Coronavirus COVID-19 fears, curiosity and urgency during this period. Phishing messages can easily bypass standard antivirus software and pass through spam filters. As scammers don’t need to infect your computer with a virus to obtain your information the criminals rely on psychology and misdirection.

 amazon-phishing-emails-SecurityWise-NAJ

Email Subject Lines used in Phishing Attacks

Globally, the following were the subject lines of the most clicked phishing emails in recent years:

  • Security Alert
  • Revised Holiday & Sick Time Policy
  • UPS Label Delivery 1ZBE312TNY00015011
  • A Delivery Attempt was made
  • All Employees: Update your Healthcare Info
  • Change of Password Required Immediately
  • Password Check Required Immediately
  • Unusual sign-in activity
  • Urgent Action Required

 

Examples of recent scams

Amazon Phone Scam

The phone scams aimed at Amazon customers play automated messages about your Prime membership and that it is about to be renewed. It then instructs you to press 1 to cancel or query the payment, where you get re-directed to the scammer.

You can add your number to the Telephone Preference Service. This stops legitimate UK marketing companies from calling you, a worthwhile use of 5 minutes, however, those based abroad won’t be blocked. It may seem like common sense, but they make millions out of scams like this, so the best course of action is the put the phone down and if necessary, call the company back on a known/legitimate number.

Remember, Amazon won’t ask you to make payments over the phone, nor will it ask you for your password or bank details.

Action Fraud has run an article about the Amazon phone scam.

 

New Coronavirus Scams

Scammers are also making lots of money from the Coronavirus COVID-19 outbreak including:

467 markus-spiske-AaEQmoufHLk-unsplash

  • Text messages offering “free passes” to Netflix for the period of Isolation
  • Text messages claiming you’ve been caught leaving your house and must pay a fine
  • Emails/texts pretending to be from the World Health Organization attaching a PDF containing advice on how to stay safe
  • Fraudsters posing as healthcare workers and going door to door selling home testing kits
  • Text messages asking you to enter your postcode to apply for a COVID-19 relief payment from the Government
  • Email pretending to be from the Center for Disease Control with links to a legitimate-looking but fake website requiring your Microsoft Login details

 

Summary

As always, ask yourself some basic questions to avoid becoming the victim of a phishing scheme:

  • Have I requested or am I expecting this?
  • Do these emails look genuine?
  • Are there obvious spelling/grammatical errors?
  • Where do the links point if I hover over them?
  • Hover over and triple-check the address of any links before you click them.
  • Verify a website’s security. Legitimate websites will have a URL that begins with https, and you should see a closed lock icon somewhere near the address bar
  • Avoid replying to the sender if you suspect an email is malicious. If you recognise the individual or company sending the suspicious email, follow up with them offline to ensure they meant to contact you
  • Never enter personal information or click links in a pop-up screen.
  • Never email personal or financial information, even if you think you know the sender

 

SecurityWise is a joint TH March and NAJ campaign aiming to raise awareness, increase knowledge and improve security throughout the jewellery trade, here you can find all articles from the scheme which aim to help businesses be aware, be knowledgeable and be protected.

TH March offer a wide range of cyber insurance cover options. Be prepared and ensure you implement suitable protection to help deter cyber-criminals from targeting your business.

Contact TH March on 01822 855555 to obtain a free quote.

Find out more about TH March Partnership benefits

Source: TH March