BSI warns business community of increase in COVID-19 phishing campaigns

Several false web domains relating to COVID-19 have been registered and are being used to link to phishing and credential attacks. In the UK specifically, phishing campaigns include BEC (Business E-Mail Compromise) attacks whereby the attacker pertains to be a colleague or someone the individual knows requesting a payment to be made. These types of e-mails can also include ransomware and malware disguised as links to click for further information on meeting notices or company updates.

Additional emerging threats cover attackers that are mimicking charities, health organisations or business and financial supports.

Stephen Bowes, global practice director for security and IT at BSI Consulting Services, explained: “We are living through an exceptional time at present, with many employers focused on staff welfare and business continuity. World events like COVID-19 provide vast opportunities for cyber attackers to infiltrate companies and gain user data such as login credentials or financial information. We are seeing attackers increase their presence due to the crisis, with many of the global workforce now working remotely. Most recently, Interpol has alerted healthcare institutions of targeted ransomware attacks that have the potential to lock them out of their critical systems. Phishing is one of the highest causes of cyber crime and all online users need to be alert as cases of fraud are rising during this time.”

Bowes added: “We want to urge employers and employees to remain vigilant and be aware of the increased risks and make sure their information is derived from reputable sources. They shouldn't be caught off guard by clicking on links in e-mails and must report any suspicious e-mails to IT specialists. If in doubt about the legitimacy of an e-mail that's requesting a payment or specific action, we would advise that individuals contact the sender by phone to seek verification.”