The UK’s National Cyber Security Centre (NCSC) has stepped in to remove malicious and phishing websites linked to Covid-19 scams, but warned that attacks could increase if the outbreak does.
The GCHQ body said that phishing efforts using the Coronavirus as a lure have led to victims losing money and sensitive data across Europe.
It urged businesses and consumers to consult its advice on email scams and dealing with malware to better insulate them from the threat of ransomware, credential theft and fraud.
“The NCSC has seen an increase in the registration of web pages relating to the Coronavirus suggesting that cyber-criminals are likely to be taking advantage of the outbreak,” it said.
“Continued global susceptibility to phishing will probably make this approach a persistent and attractive technique for cyber-criminals. Moreover, if the outbreak intensifies, it is highly likely that the volume of such attacks will rise.”
Security vendors have been sounding the alarm over phishing attacks for more than a month. Emails are often spoofed to appear as if sent from the World Health Organisation (WHO), the US Center for Disease Control (CDC) or other official bodies, and claim to contain new information on the outbreak in an attachment or via a link.
Some are laden with malware while others request the user enter their email and password, Outlook log-ins or other credentials to proceed. There are also reports, cited by the NCSC, of fraudsters requesting Bitcoin donations to fund a fake vaccine, and even scam sites selling fake antiviral equipment.
“We know that cyber-criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the Coronavirus outbreak,” said NCSC director of operations, Paul Chichester.
“Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails. In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”