It has been reported that the UK’s cybersecurity agency has taken down more scams in the last year than in the previous three years combined, with coronavirus and NHS-themed cybercrime fuelling the increase. Experts oversaw a 15-fold rise in the removal of online campaigns compared with 2019, according to the National Cyber Security Centre (NCSC).
There was a jump in the number of phishing attacks using NHS branding to dupe victims, with the Covid-19 vaccine rollout used as a lure via email and text message to harvest people’s personal information for fraud. Forty-three fake NHS Covid-19 apps hosted outside of official app stores were also pulled.
<p>Data from Lookout supports the NCSC’s findings that attackers are not letting up as the pandemic continues on. According to data from Lookout, more than 1 in 3 mobile users across both enterprise and personal devices was exposed to a mobile phishing link in the first quarter of 2021. This represents a 49% increase in exposures from Q4 of 2020. This is significantly higher than what we saw a year ago when the exposure rate jumped 37% from Q4 of 2019 to Q1 of 2020. </p> <p> </p> <p>What’s happening right now is almost equal and opposite of what we saw when the pandemic was starting to rapidly spread at the start of 2020. At that time, attackers built social engineering campaigns that used hooks such as information about the virus’ spread, government aid, and ways to self-monitor to see if you were infected as ways to get people to fall for phishing attacks. Now, these same attackers are using fake apps and web pages centered around the vaccine rollout and re-openings to trick people in the exact same way. </p> <p> </p> <p>This exemplifies how effective social engineering can be – especially when there’s a widespread global event that people are uncertain about. Thirst for information about something as frightening as a pandemic causes people to exercise less caution. Attackers know this and play those emotions to their advantage in order to steal valuable information from anyone. Since we all use our mobile devices for both work and personal reasons, a successful attack could lead to corporate data leakage in addition to personal data being stolen.</p>