Her Majesty’s Revenue and Customs (HMRC) in the UK has announced it is investigating more than 10,000 phishing scams that exploit public fears of the coronavirus in their scamming, identity theft and fraud campaigns.
A total of 10,000 SMS messages, emails, phone scams and social media posts were analysed by the HMRC, who says that cyber criminals are exploiting fears of the coronavirus and surrounding economic uncertainty to lure victims into handing over sensitive information.
According to a Freedom of Information Request, HMRC says that the trend started with a relatively modest 133 COVID-related phishing scams in March, 2020. This grew to 2,105 in April; a 1482% rise, with this more than doubling in the month of May to upwards of 5000 registered campaigns.
Her Majesty’s Revenue and Customs added that cyber criminals were also registering fraudulent domains masquerading as legitimate companies and government sites, with HMRC saying they’ve removed 106 coronavirus-related domains.
Cybercriminals looked to government websites like the Coronavirus Job Retention Scheme and the Self-Employment Income Support Scheme to emulate their appearance, and would attempt to lure a victim into handing their details into a legitimate-looking site.
For more information on an Information Security Management System like ISO 27001, or for your free ISO 27001 Gap Analysis Checklist, please click here.
Chriss Ross, SVP international with Barracuda Networks has told InfoSecurity Magazine that “with HMRC offering a range of financial support packages for businesses and individuals during the pandemic, it’s no surprise that hacks have chosen to exploit the crisis in an effort to cash-in on COVID-19.”
Ross continued to explain that “these scams are often cleverly designed with official branding and are incredibly realistic, coaxing unsuspecting victims to hand over confidential information such as bank account details, usernames and passwords.”
“With many people still working remotely for the foreseeable future, it’s vital that businesses ensure each and every member of staff is properly trained to spot these kinds of scams and the necessary cyber security systems are in place to identify and block suspected malicious communications, before it reaches the inbox,” he concluded.
Infosecurity Magazine’s report also quotes Stav Pischits, CEO of cyber security firm Cynance who says that “tackling this problem requires companies to recognise that these scams are not going to go away anytime soon. It’s also key to recognise that hackers have no limits and will target everyone from the CEO to newly hired graduates in an effort to capture their objectives.”
Pischits added that “that’s why all businesses need dedicated security and data protection policies and procedures, addressing network security, staff training and more, not only to ensure that they are compliant with data protection regulations, such as the GDPR, but also to improve their actual protection against phishing attacks and other online threats.”
According to data from Infosecurity Magazine, “research revealed that over 10% of all phishing attempts in Q1 of 2020 were related to COVID-19.”