Cybersecurity experts have warned that the new NHS contact-tracing app, which is being launched as part of the fight against Covid-19, will cause a spike in phishing scams in the UK.
According to an article published in Forbes this month, phishing attacks have already risen dramatically since the beginning of the coronavirus pandemic with security firm KnowBe4 reporting that phishing emails rose by over 600% worldwide in the first quarter of the year, while Google said it was blocking around 18 million phishing emails related to COVID-19 a day.
Phishing scams are becoming increasingly sophisticated and therefore easier to “fall for”, and unfortunately situations such as a global pandemic create opportunities for the fraudsters and cyber criminals that seek to profit from people’s vulnerabilities.
Phishing scams can be carried out by email or via SMS text and will often appear to come from an app that you’re using. At first glance, the message you receive will very probably look legitimate. Logos, domains and email addresses can be copied or spoofed, so you really need to keep your wits about you and only ever click on a link received once you are certain that it’s safe to do so.
At present, the UK government hasn’t advised the public where to download the new app from, which will likely prompt scammers to start sending out bogus emails prompting you to download the app. These emails would most likely take you to a website and ask you to enter some personal information. Maybe even bank details. Your data would then be either sold on, or used against you in a social engineering hack attempt. Or both. If you receive any such emails before the government has instructed us how to download the app - ignore them. Wait for official government advice before downloading anything - no matter how realistic the emails and text messages look.
And be on your guard for phishing scams taking on other guises as well. A recent one doing the rounds was a fake tax rebate email, which upon closer inspection had been sent from a Hotmail address. Check the email address that the messages are coming from - and pay more attention if you’re opening emails on your phone. People often fall victim to a scam via their phones because the small screen size makes it difficult to see clearly where the email has been sent from. Other recent and popular scams include messages stating that your broadband bill hasn’t been paid and you will be cut off. Scammers know that we’re all working from home and depend more than ever on our internet connectivity at the moment. Pay close attention, and don’t fall for it. A similar phishing scam is doing the rounds regarding Netflix accounts being placed on hold. It’s no coincidence that we’re all locked down at home and relying on Netflix for entertainment more than usual at the moment.
If you look closely at the scams, you will find something untoward. An incorrect or low quality, pixelated logo, a generic Hotmail or Gmail email address, a URL to click on - remember, hover over a URL before clicking on it to see the domain. If it’s a genuine Netflix email, it won’t come from Netflix@gmail.com and it won’t direct you to a hidden PayPal domain.
If you think you’ve fallen for one of these scams, first of all, don’t be too hard on yourself. Cybercriminals are clever and their attacks are sophisticated. We’re living in completely unprecedented times at the moment and people are anxious, frightened, and often completely isolated. Fraudsters know this. That’s why they’re doing it. If you think you’ve responded to a scam, go to IdentityTheft.gov and follow the steps and advice on what to do. If you’ve submitted your bank or credit card details, contact your bank or lender for advice. And if you’ve clicked on a hyperlink on your computer, run a full virus scan and make sure your security software is updated.
Keep your wits about you as best you can and if you are in any doubt at all, ignore the email and telephone the provider alleging to have sent the email. Any reputable company will be more than happy to check it out for you, rather than have you fall victim to a phishing scam.