Following the announcement from the NCSC around the launch of its ‘Suspicious email reporting service’, Industry expert commented below.
A new awareness campaign has been launched by @NCSC urging you to report #coronavirus related scams.
A Suspicious Email Reporting Service has been developed so you can forward suspicious emails for checking.
Find out more: https://t.co/E5OYMiaLGE
— Breakwater IT (@BreakwaterIT) April 21, 2020
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
It is good to see the NCSC take proactive action to protect consumers from phishing emails during a global pandemic. It’s disappointing – however, not surprising – that cybercriminals are taking advantage of people’s anxieties and only strengthens the call for effective cyber prevention. The reporting service put in place by the NCSC should be welcomed and could help reduce the impact of these online scams.
It is always important to follow a trust-but-verify mantra when it comes to emails. Many appear to be authentic, but it is always better to go to websites through a browser or published apps, as opposed to following email URLs. For example, if you were to receive an email from someone claiming your PayPal has been blocked because of suspicious activity, the attacker aims to scare the user into following the link. The best approach in that instance would be to login through official channels. It is important that consumers follow this best practice; importantly, the ease of the NCSC’s reporting system should help further protect consumers and provide transparency in the security of online links.
It is incredibly important that companies are able to improve the cyber security of their workers who are based at home now. Even in the past few weeks, we’ve already seen a sharp rise in fraud scams. Unfortunately, with increased online traffic, email volumes, and working from home, fraudsters are ever more opportunistic in targeting vulnerabilities for both businesses and consumers – our interconnected devices and data exposes these weaknesses, and fraudsters exploit this.
Looking at more general trends, a surprisingly large amount of businesses (75%) fell victim last year to fraud. In a time of such heightened concern, there’s more need now than ever before for businesses to be proactive in their solutions – to protect themselves and their customers. Technology like data orchestration and identity verification are good examples of tools that can be quickly and easily implemented into a business’ arsenal. By embracing connected datasets, organisations can benefit from smarter, more up to date and relevant insights to verify who is a legitimate customer and who’s a fraudster. As consumers and businesses continue to adapt to a ‘new normal’ during the COVID-19 pandemic, companies should use this time to make sure they can cope with customer needs during and after the crisis.
Cybercriminals are constantly looking to make their attacks timely, and Covid-themed attacks are no exception. The use of Covid-19 as a lure does not appear to show any sign of slowing down, with the NCSC today revealing that it took down more than 2,000 online coronavirus scams last month. More campaigns are coming to light using the global health crisis as a hook to trick people and make money.
With a larger proportion of the workforce now working from home, previously inaccessible information assets will need to be more available for remote access and use. If employees access corporate networks from pre-infected unmanaged machines without adequate security measures, it creates a much larger attack surface for cybercriminals and increases the risk of an organisation falling victim to a potential breach or ransomware lockdown. Subsequently, enhanced security measures will be necessary to ensure that information is only made available to those with a clear need to know. For example, strong authentication, data encryption and VPN access will all be vital, as well as collaboration and shared responsibility across the cybersecurity industry to detect and tackle threats.
There are numerous ways that organisations and individuals can protect themselves online. Just like we are all fighting to flatten the Covid-19 curve through social isolation and washing our hands more often, we should aim to reduce the cyber-attack surface of our organisations by having proper cybersecurity hygiene in place, such as using multi-factor authentication, VPNs, and robust end-point security software.
Herd immunity — to borrow a term from the medical community — emphasizes vaccines, giving no safe harbor to infectious agents. Herd immunity in cybersecurity works in much the same way: as vulnerable targets decrease, the more secure we all are. As a society, we depend on one another to do our part to flatten the curve.
Now the public is being called on to report criminal activity to decrease the effectiveness of these terrible scams. While not foolproof, it’s an approach that makes sense while offering reminders to individuals to stay alert. An educated herd – a savvy public – does not fall victim to scams, con artists and threats as easily as a naïve public would.