The public are being urged to follow online safety advice as evidence emerges that criminals are exploiting the Coronavirus online. 

Experts from the National Cyber Security Centre have revealed a range of attacks being perpetrated online as cyber criminals seek to exploit COVID-19. Techniques seen since the start of the year include bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected. These ‘phishing’ attempts have been seen in several countries and can lead to loss of money and sensitive data.

Paul Chichester, Director of Operations at the NCSC, said:

“We know that cyber criminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the Coronavirus outbreak.

“Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails.

“In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”

The NCSC has seen an increase in the registration of webpages relating to the Coronavirus suggesting that cyber criminals are likely to be taking advantage of the outbreak. These attacks are versatile and can be conducted through various media, adapted to different sectors and monetised via multiple means, including ransomware, credential theft, bitcoin or fraud. Continued global susceptibility to phishing will probably make this approach a persistent and attractive technique for cyber criminals. Moreover, if the outbreak intensifies, it is highly likely that the volume of such attacks will rise.

There are numerous examples of cyber attacks worldwide since the Coronavirus outbreak.

Cyber experts have launched measures to protect the UK from online harm as the country continues to rely more on technology while staying at home to protect the NHS and save lives.

In addition, in recent days the NCSC has taken measures to automatically discover and remove malicious sites which serve phishing and malware. These sites use COVID-19 and Coronavirus as a lure to make victims ‘click the link’.

There are concerns that criminals could look to capitalise on increased use of Internet devices, the National Cyber Security Centre, a part of GCHQ, has this launched ‘Cyber Aware’ campaign promoting behaviours to mitigate threats. The ‘Cyber Aware’ campaign offers actionable advice for people to protect passwords, accounts and devices.

In addition to the broader campaign, the organisation has this morning published specific advice for personal and professional use of video conferencing services, with top tips on setting up your accounts, arranging a chat and protecting your device.

The NCSC has also today launched the pioneering ‘Suspicious Email Reporting Service’, which will make it easy for people to forward suspicious emails to the NCSC – including those claiming to offer services related to coronavirus.

This will build on the organisation’s existing takedown services, which have already removed more than 2,000 online scams related to coronavirus in the last month, including;

• 471 fake online shops selling fraudulent coronavirus related items
• 555 malware distribution sites set up to cause significant damage to any visitors
• 200 phishing sites seeking personal information such as passwords or credit card details
• 832 advance-fee frauds where a large sum of money is promised in return for a set-up payment

NCSC Chief Executive Officer Ciaran Martin said:

They are urging everyone to remain vigilant online, follow the National Cyber Security Centre's guidance on passwords and account security, and report suspected coronavirus related scams if you see them."

With many people in the UK trying video conferencing for the first time, the advice includes top tips on securely installing the app, creating a strong password and tracking who is joining the chat.

The NCSC also recommends that you do not make meetings public, connect only to people through your contacts or address book – and to never post the link or password publicly.

The campaign encourages people to ‘Stay home. Stay Connected. Stay Cyber Aware’, and its top tips for staying secure online are;

• Turn on two-factor authentication for important accounts
• Protect important accounts using a password of three random words
• Create a separate password that you only use for your main email account
• Update the software and apps on your devices regularly (ideally set to ‘automatically update’)
• Save your passwords in your browser
• To protect yourself from being held to ransom, back up important data

This Suspicious Email Reporting Service has been co-developed with the City of London Police. By forwarding any dubious emails – including those claiming to offer support related to COVID-19 – to report@phishing.gov.uk, the NCSC’s automated programme will immediately test the validity of the site. Any sites found to be phishing scams will be removed immediately.

As well as taking down malicious sites it will support the police by providing live time analysis of reports and identifying new patterns in online offending - helping them stop even more offenders in their tracks.

If people have lost money, they should tell their bank and report it as a crime to Action Fraud, but the new Suspicious Email Reporting Service will offer an automated service to people who flag what they think to be a suspicious email.

Further cyber protection information

Cyber aware – top tips click here.

How to spot and deal with suspicious e mails click here.

How to defend organisations against malware or ransomware attacks click here.

Video conferencing: new guidance for individuals and for organisations click here.

Small Business Guide: Cyber Security click here.