JT’s Cybersecurity Tips: 5 of the most common online scams to be aware of during lockdown A PR I L 2 02 0 JT Group Limited
JT_Business
As is common during times of disruption, we have, unfortunately, seen a sharp increase in the number of cybersecurity threats affecting both individuals and businesses. Fraudsters are succeeding in illegal activity, such as scams and phishing, as people unsuspectingly let their guard down, due to events affecting us all. To help you and your businesses stay safe, and to raise awareness, we’ve highlighted some of the most common cyber-attacks taking place right now — outlining our top tips for keeping your accounts secure.
Jon Collinson Head of Product Development
JT Group Limited
JT_Business
1
Criminals posing as the WHO & CDC
WHO, the World Health Organisation, put out a message recently informing the public of these scams, which are growing rapidly. The basic idea behind these attacks is to email individuals using an address and format that appears like a legitimate email from the WHO. The email may even begin with legitimate information and advice, adding to the illusion. By the end of the email, the sender (appearing to be WHO) will ask for donations to help fund research for a Coronavirus vaccine and include fraudulent links to do so. If you receive any emails claiming to be the WHO or the CDC (Centers for Disease Control), it is likely that it is a scam so please exercise caution and think before engaging with unsolicited emails.
One useful tip is to hover over the sender’s email address – this will then
show you their true email address, which is often not as it originally appears. If you don’t recognise the sender, the best course of action is ignore it, do not reply to the email – it will most likely be the hacker that responds, and of course they want you to think it’s genuine.
JT Group Limited
JT_Business
This also goes for any other requests you may have for donations from other entities, please approach all requests with caution. If something seems suspect – it likely is. If you are not expecting anything then you must not click on any links or enter your credentials until you can be absolutely certain it is genuine.
2
“ Coronavirus apps” could be ransomware
As we mentioned earlier, there are, unfortunately, people who try to profit from trending news and current events – no matter how serious. Another popular scam that hackers are employing is the creation of “Coronavirus apps”. These apps supposedly provide you with real-time information on the virus, such as helping you determine if you have the virus or tracking the spread of the virus around the world. But these apps are just a ploy to get you to download malware onto your computer or smartphone. Some are typical malware or computer viruses, while others are more sophisticated ransomware scams. Ransomware apps will pop-up with a message informing you that all of your data will be deleted (photos, messages, contacts, etc.) unless you pay the scammer within a certain amount of time. To avoid this, don’t download any software related to the Coronavirus and only check trusted websites for real-time information.
The official sites for the WHO and CDC containing trusted, up-to-date information can be found here: > The World Health Organisation (WHO): www.who.int > The Centers for Disease Control (CDC): www.cdc.gov
JT Group Limited
JT_Business
3
Exploiting emergency remote or home working systems
Businesses of all kinds are being restricted and shut down, forcing many people to work from home. For most companies, remote work is a completely new component of their business model — so they are rushing to create remote work systems for their employees, quickly writing code and integrating different apps into their employees’ workflow. These systems are being put out with poor security measures (if any), which makes it easy for employees and employers to be attacked by hackers. You can protect yourself from these risks by installing firewalls and virus protection software on any hardware you are using – especially important if you’re working from home.
Find out more on this and ways to remain secure when accessing work files in our FREE Cybersecurity Guide: Enabling Secure Home Working.
Read more here >
Alternatively, to speak to a member of our Business Solutions Team for advice on technology for your Working From Home strategy, click here >
JT Group Limited
JT_Business
4
Scamming consumers out of emergency supplies
We’ve all seen it on social media: supermarkets are sold out of toilet paper, bottled water, hand sanitiser, gloves and other ‘essentials’ of late. That’s why another popular scam focuses on selling (or pretending to sell) emergency supplies. Of course, the scammer does not actually have any of these items in stock. They simply have a website with photos and a checkout system. Consumers purchase these supplies, which never arrive, and the scammer launders the money back to their personal account. Many of these scammers are using social media marketplaces to take advantage of consumers. You can avoid these scams by sticking with well-known, legitimate, and reliable retailers, using their official websites.
How do I check if a website is legitimate? One useful tool is URLVOID - this service helps you detect potentially malicious activity on a website and verifies the online reputation and safety of a website.
Find out more >
JT Group Limited
JT_Business
5
Phishing emails informing you of a refund
Phishing scams always rise during a global crisis, and what we’re all currently living and working through, is no exception. Phishing is when a fraudster sends you an email pretending to be a legitimate organisation/individual (similar to what we described in No.1, with the WHO) and says they need information from you, like your address, passwords, National Insurance number, credit card info, and so on. They then use this info to directly charge money to your accounts or, in more extreme cases, pursue a complete account takeover. A common example of this happening recently is scammers claiming to offer a Coronavirus tax/employer refund. They say they need information from you to provide you with your refund, and then use this information to their advantage. You can avoid this scam by not sending any sensitive info over email or clicking links sent to you over email.
JT Group Limited
JT_Business
How to spot potential scams The way to avoid these (quite believable) topical scams and phishing attempts is much the same as avoiding standard scams. We would urge you not to trust emails sent to you claiming to be official bodies, unless you’ve specifically signed up for information from these sources. Don’t trust emails asking for any of your personal information. If an email includes links or attachments, don’t click on them. You can also spot scams by looking for grammatical errors and suspicious information, like an email that knows what city you live in or that has a suspicious email address (e.g. WHO123@gmail.com). When in doubt:
x DON’T respond x DON’T download x DON’T click Useful tip – don’t ‘unsubscribe’ from a suspicious email. This action can let the scammer know that it is a live email address. Instead, mark the email as ‘Junk’ or ‘Spam’ and block the sender.
JT Group Limited
JT_Business
Use 2FA to protect your online accounts (now and into the future)
Now is a great time to check the security of your most important accounts. If you use the same password for all of your profiles, use this as an opportunity to create unique passwords (iOS and macOS devices have a built-in password manager/generator). You can also set up two-factor authentication (2FA) on any services that offer it. 2FA is when a service asks for a verification code after you try logging in with a password. This makes it much harder for criminals to take advantage of your accounts, so set it up with every account you can.
In this video, Jess Akers, our Business Relationship Manager, explains the benefit of 2FA.
Watch here >
JT Group Limited
JT_Business
At JT, we take a proactive approach to protecting and securing our customers’ data. We offer a range of dedicated Data Hosting services in our secure, accredited JT Data Centres.
In addition, we provide network security services such as DDoS attack mitigation, and Next-generation Firewalls. All of which are available with managed monitoring and round the clock support, enhanced by our partnership with cyber-threat advisory experts, ITC Secure.
For more information on securing your business online contact our Business Solutions Team: E business.solutions@jtglobal.com W www.jtglobal.com/security JT Group Limited
JT_Business