Scammers, hackers and cyber security attackers use phishing emails, in which they pose as someone they are not, for financial gain. This allows them to steal sensitive information or deliver dangerous malware. This is usually done by including a link that will appear to take the victim to the fake company’s website to fill-in valuable details, which can then be used by the attacker for their benefit, or by including an attachment that is designed to infect your device with malware. This article will go in-depth into how to spot suspicious messages and what to do if you've already responded to the malicious email.
Blue Frontier is committed to protecting our clients from cyber-crime. We will share relevant information on any potential threats that are emerging in the current climate.
COVID cyber security threats
Microsoft recently warned customers about an ongoing COVID-19 themed phishing campaign, that installs the NetSupport Manager remote administration tool[1], which allows remote access to the compromised machines. There are many more of these scams happening throughout the world where fraudsters, often posing as health-related organisations, can manipulate the victim into downloading malicious macros. This allows them to steal any cryptocurrency wallets the victim may have, access sites without the user’s password and more.
How to recognise a phishing email
Despite fraudulent phishing emails often being updated or changed, their tactics are very similar. Knowing what information is valuable to the fraudster is an important step in protecting yourself. Therefore, be wary of any emails or messages that ask you to give your login details and other sensitive information that could grant access to your email, bank, or other accounts.
Another aspect to watch out for is the story that the email is trying to sell. This could be anything from reasons why you must confirm some personal information, links to make an alleged payment to registering for a refund (usually from the government). Calling to verify the information claimed by the email is the best option to avoid giving your details into the wrong hands. You can also look for signs such as:
- How personal is the email? If it doesn’t contain your name, even though it’s allegedly sent by a company you are registered with, makes it suspicious.
- Did you receive previous emails from this company? How do they compare?
- Is it using urgency or emotion in a manipulative way?
- To further reduce the risk of receiving phishing emails, make sure you update software automatically or as soon as possible and use high-quality security programs.
How to respond to a phishing email
If you suspect you have received a phishing email, it’s very important not to open any links or attachments that were sent with it. If you aren’t sure if the email is legit, then contact the company the email was allegedly sent from using a phone number or website you know is real. Avoid using the contact information within the suspected phishing email.
If you have received an email, which you’re not quite sure about, forward it to the Suspicious Email Reporting Service (SERS) at
If you opened a link from a suspected phishing email, you should take these steps:
- Disconnect from the internet
- Change your passwords
- Contact your bank or company that you have lost your security from
- If you received the message on a work laptop or phone, contact your IT department
- Update your security programs and run a test
- Set up a Fraud alert
- Backup your files
Brits are losing millions of pounds every year to phishing attacks[2]. During this crisis, it is paramount to be especially careful of any Coronavirus-related emails that you may receive and to not open any attachments. If you would like to find out more on cyber security contact Blue Frontier.
References
- Lawrence, A. (2020). Microsoft warns of 'massive' phishing attack pushing legit RAT [online]. BleepingComputer. Available at: https://www.bleepingcomputer.com/news/security/microsoft-warns-of-massive-phishing-attack-pushing-legit-rat/ [Accessed 15 Sep 2020]
- Microsoft (2019). Brits are losing millions of pounds a year to phishing attacks – Microsoft is helping to stop that [online]. Microsoft News Centre UK. Available at: https://news.microsoft.com/en-gb/2019/06/07/brits-are-losing-millions-of-pounds-a-year-to-phishing-attacks-microsoft-is-helping-to-stop-that/ [Accessed 15 Sep 2020]
