Phishing scams are up 600% – How to recognise and avoid scams?

JUMPSEC phishing

Phishing scams are up 600% – How to recognise and avoid scams?

Cyber criminals have been focusing all their efforts on scams that capitalise on the panic of COVID-19.

The biggest risk is Phishing scams, malicious messages that appear from a trusted source. With attacks up more than 600% since February 2020.

If you want to know what types of messages to look out for, keep reading and see what the typical Phishing messages are!

How do phishing scams work?

Phishing attacks come in many forms, but all have the same purpose: to trick the recipient into handing over their personal details or to infect their systems with malware.

The scammers do this by including a link to a bogus website that imitates a genuine site, contact detail (such as an email address or phone number) or by attaching an infected file to the message.

Phishing attacks are usually delivered by email, but they also occur on instant messaging platforms, by text (smishing) and over the phone (vishing).

Compensation for Coronavirus outbreak scam

Here is an email a member of our team recently received:

This is about as basic as a phishing scam can get, and we hope you’d recognise it was one. For one, the message is addressed generically to “Facebook/Instagram user” – and the social media giant has apparently forgotten how to spell “Instagram”.

Then there’s the pretext of the message: Facebook has decided to award one of its users $1 million as compensation for coronavirus. You’d have thought that if this was a real giveaway, you’d have heard about it before now – probably along with angry comments about why the money wasn’t donated to healthcare facilities.

Although this message is basic it provides a useful typical example of phishing, along with the tricks that criminals use.

So, you can see the big giveaways: it contains grammatical errors, a generic greeting, implausible content and a request to hand over personal information.

There’s also the bait-and-switch for where to send that information. That is to say, the message claims to be from Facebook, so you’d imagine the return email address would be something ending in “@facebook.com”, rather than a Gmail account.

All this seems simple enough to spot, but things get trickier when the scams are more sophisticated. In the next section, we review some of the more believable scams you should be looking out for

UK government payment scam

At first glance, this text message – which many people across the UK received last month – looks authentic:

The message claims that the UK government is paying all residents £258 to help them during the disruption caused by COVID-19. That sounds plausible and it is in a similar format to the nationwide text that the government sent when the UK went into lockdown.

Look carefully and notice that the email address should read “COVID-19-relief” – and would be a “.gov” address – but for many, the promise of free money will tempt them into clicking.

If they do, they’ll be directed to a website imitating the UK government’s, which asks them to submit their name, address and bank account details.

You’ve been fined for leaving the house

Both scams we’ve seen so far have tried to lure victims with the promise of a reward, but criminals are just as likely to use the threat of punishment.

Take this scam, which plays up the government’s warning that those who don’t follow lockdown protocol may receive a fine:

Ignoring the fact that the fine is £30, not £250, this is otherwise an effective phishing attempt.

It’s grammatically correct, it states that it’s from “.GOV.UK” – just like the legitimate text message you would have received regarding lockdown – and there’s nothing about the contact details (in this case, a phone number) that immediately points to the fact that it’s not legitimate.

It is an 0800 number, which are normally used for marketing purposes, but you can disregard that discrepancy for the same reason you’d disregard the incorrect fine amount. Many people will be upset by the accusation they won’t rationalise these errors, instead immediately responding to the message.

Once the victim is on the line, the scammers have done the hard part. From there, they simply need to find a plausible reason why the fine is as large as it is or threaten the victim with a larger penalty if they don’t pay up immediately.

Although these intimidation tactics might seem obvious now, you’d be surprised how effective they are when victims are caught up in the moment.

There’s a reason phishing is one of the biggest cyber security threats; don’t blindly assume that you’ll recognise a scam where so many others won’t.

One virus is enough

Phishing is just one of many security problems that the coronavirus pandemic is causing organisations. With employees working from home and not protected by the office’s security systems, the threat of cyber attacks is greater than ever.

When you factor in the uncertainty of the pandemic, the prospect of depleted workforces in the coming weeks through illness or furlough, and the fact that cyber criminals can continue to operate from the safety of their homes, cyber security should be a top priority.

We’ll continue to give regular updates and advice on our blog, but you can also find solutions to help you through this crisis by visiting our website www.jumpsec.com

 We are here to support and advise on any cyber challenge you have during this crisis.

Scroll to Top