How to avoid the fraudsters as lockdown becomes the new normal
Are you using new technology for the first time as you work from home and stay in touch with loved ones during lockdown? Dorset Police Cyber Protect officer Chris Conroy gives advice in his latest guest blog.
In my last blog, I spoke about the increased risk posed by cybercriminals as they seek to exploit our concerns around the coronavirus outbreak. We expected scammers to make the most of the situation and so far, they have not disappointed.
According to figures from the National Fraud Intelligence Bureau – part of the City of London Police – at the start of this month, scammers had already defrauded a whopping £1.6 million from victims. In one case, someone lost as much as £15,000 ordering protective equipment that never arrived, showing how coronavirus can enhance conventional fraud.
Crimes like phishing are getting a boost as fraudsters pretend to be legitimate businesses offering financial respite while crimes like ransomware are seeing a surge as more people work away from the office.
At a time where people might be desperate for protective equipment or information about the outbreak, these scams are taking a real toll.
The virus itself isn’t the only leg-up the fraudsters have. The fact more of us are sitting at home, busying ourselves with mobile phones, tablets or laptops, means there are many more potential victims online – many dabbling in technology they’ve never previously used.
Here are some simple tips and resources:
Phishing – We’ve seen a lot of attempts at phishing in recent weeks. Some of the more common themes involve fines for breaching lockdown rules, or problems with payment details for streaming services. Know what to look for. Bad spelling or grammar and informal greetings like ‘Dear Customer’ are common clues.
Hover your mouse over links and buttons to check the real destination of those links.The National Cyber Security Centre have recently reviewed their phishing guidance here.
Malware – During the outbreak we’ve seen cybercriminals try to pass ransomware off as things like health advice and coronavirus tracking apps. The advice is simple – if you receive an unexpected or unsolicited attachment, do not trust it. Even if it purports to come from a friend, take the time to verify whether it’s genuine, by text or phone call, before clicking.
A lot of us will be using new software. Maybe you’re installing Skype or Zoom to stay in touch with friends and family. Make sure you’re downloading from the official website. The ads on a search engine can be manipulated to prioritise malicious links, so don’t necessarily trust the top results on a web search! You can find the NCSCs guidance on malware mitigation here.
Sextortion – This has been a problem for the last few years, but we have recently seen a huge spike. The scammer claims to have captured footage of you in a compromising position before demanding a significant sum in cryptocurrency to destroy the evidence.
The kicker is the sender knows your password and includes it as proof.This scam relies on data stolen in a breach elsewhere online, often quite a long time ago. If you receive this email, don’t panic. Odds are you haven’t been compromised. However, you will need to change your password ASAP if the one you receive is one you still use!
Action Fraud have some recent guidance here.
Zoombombing – This is a new one. Video conferencing apps like Zoom, Skype and House Party have exploded in popularity as families, friends and community groups use them to keep in touch. With apps like Zoom, it’s possible to host an open call that people can drop in and out of, and this is where most of the trouble lies. In these calls, it’s possible to share your screen. This has led to people entering public calls and displaying offensive imagery.
It has also happened in some password-protected, private calls. Community groups who hold meetings over Zoom may wish to protect these calls with a password so clearly, people will need the password to be able to join. If that password is publicised then more or less anyone can jump into the call.
Make sure you know how to set your privacy settings. Zoom have a helpful section here. There are a few similar apps, so we can’t cover them all. Make sure you read up on securing whatever platform you use.
This has been a whistle-stop tour, so I want to remind everyone we are still here. The Force is still working hard to deliver the service you expect and if you have questions about anything cyber security related, we’re on hand.
You can find information about staying safe online here. If you want to stay one step ahead, we’re updating our Facebook and Twitter with emerging trends and scams. If none of those resources answers your question, I am on email. Get in touch here and I’ll do my best to help or point you in the right direction.
Until next time, stay safe out there – and by that I mean indoors.