The impact of the COVID-19 virus is unfolding at rapid pace around us and we’ve all had to make huge changes to the way we live, work and play.
At the same time, cyber criminals have been jumping in to take advantage of the fear and uncertainty around the crisis. Using SMS scams on a global scale, their aim is to lure members of the public into clicking on spoof links and gain access to personal and financial information.
Although The National Cyber Security Centre (NCSC) have said that the current crime levels are stable and haven’t increased (nor have they decreased), it reports seeing the focus of the attacks change to feature COVID-19 centre stage. So criminal activity is manifesting itself differently and fraudsters are adapting their existing campaigns to exploit the current situation.
The kind of fraudulent activity we’re seeing includes text messages promising goodwill cash payments, or offering access to virus testing kits and persuading recipients to reply or click on the suspicious link.
It’s important not to implicitly trust texts and e-mails which come in the form of advice or giveaways. In the same way that we’ve become used to checking for a padlock icon on a website to know it’s trusted, there are ways to tell that the text message is likely to be dodgy. These include spelling mistakes, poor English and grammar. Often a letter ’O’ is replaced by a zero ‘0’. Also check for unlikely or clearly false names of government agencies or organizations, either in the message text or in the web link.
If you notice a spoof SMS message, don’t click on the web link. For information and guidance on what is happening, always go direct to trusted information sources such as the UK or Scottish Government, NCSC or Scottish Business Resilience Centre (SBRC).
You can also help by reporting the abuse: forward text messages that appear suspicious to your mobile network operator, using this free short code: 7726
On Twitter, you can share spam messages using #covid19scamsms
Forward phishing emails to this SBRC e-mail address: email@example.com
While cybercriminals are repurposing their efforts to take advantage of the current situation, mobile network security companies like ourselves are working alongside government and industry bodies to share indicators of compromise and build effective threat intelligence. It’s only though this collaboration of end-user, technical and industry expertise that we can attempt to thwart the efforts of fraudsters in these testing times.