A Perth cyber security firm has exposed more than 100,000 online scams by criminals looking to exploit the Covid-19 pandemic.
M3 Networks said there had been a huge increase in coronavirus-themed phishing attacks – in which fraudulent emails are sent to induce individuals to reveal personal information, such as passwords and credit card numbers.
Over the past five weeks the tech firm has identified 100,000 suspect website addresses linked to Covid-19 phishing emails.
M3 has made the list of domain addresses available for free so they can be blocked by companies.
Managing director Mark Riddell said: “Cyber criminals are very quick to change tactics and target the current hot topic, whether that be the Olympic Games or World Cup, the death of a famous celebrity or a global health crisis.
“Overall we don’t see that cyber attacks in general have increased but there has been a massive shift towards Covid-19 themed attacks.
“We are publishing weekly email blacklists containing lists of domains that have been identified in phishing attacks and other online scams.”
Mr Riddell said email was the most successful method, accounting for more than 90% of cyber attacks.
Sometimes the links can lead to websites that ask people to purchase goods that don’t exist. Other times the websites install malicious code onto people’s machines that can encrypt data or steal passwords.
The volume of Covid-19 email scams have increased each month, accounting for 6% of email traffic in May.
He said the dangers had been heightened by more people working from home throughout the pandemic.
“In an office environment, staff can easily ask a colleague for a second opinion if they’re not sure if an email is genuine,.
“But with people working from home, they don’t have that and so are much more likely to take the risk and click on a link or download a dodgy attachment.
“Worse still, they may even forward the email to a colleague, so now the business is further exposed as there is another possibility for someone else to fall for the phishing attack.
“Trying to clean up an infection at the moment, with staff all spread out, if a nightmare for IT departments. It’s bad enough when everyone is in the same office.
“When you go to a website you are basically giving it permission to run code on your machine through your web browser.”
He said attackers were also pretending to be from a company’s IT department or Microsoft and asking people to change their email passwords as part of their heightened security procedures.
Mr Riddell explained: “What’s the first thing you do when you change password? Enter your old password and you’ve just given them access to your email account.
“They can look for payment information and do things like send fake invoices. It might be they see a genuine invoice come in and then send an email purporting to be from that firm saying the bank details have changed and can you send the money to another account.”
M3 specialises in monitoring the ‘dark web’ where passwords and credit card details are traded. Many firms are oblivious that their information had been compromised.
The Perth company has identified the criminal behaviour using its email security and filter service it provides to clients and also from information shared by the threat intelligence communities.
The effects of a cyber attack can be devastating – with 60% of small companies going out of business within six months of an attack.
The volume of cyber attacks on UK businesses increased by almost a third in the first three months of 2020, according to new analysis from Beaming.
Companies with internet connections experienced 157,000 attacks each, on average, in the first quarter, the equivalent of more than one a minute.
This rate of attack was 30% higher than the same period in 2019 when UK businesses received 120,000 internet-borne attempts to breach their systems each.
Beaming’s analysts identified 394,000 unique IP addresses used to attack UK businesses in the first quarter of 2020 and traced 48,000 of them to locations in China.
M3 Network’s five steps you can take to spot a phishing email:
– Check the sender’s address – watch out for misspelled names or domains e.g. ebaay.com,
– Ambiguous introduction – be careful with ‘Dear Sir/Madam’ or just ‘Hi’. If they know you they will use your name.
– Bad spelling – a dead give-away of a phishing email is littered with poor spelling and grammar.
– Urgent calls to action – any email telling you to click a link or open an attachment immediately should be treated as suspicious.
– Embedded images posing as attachments – Genuine attachments will be attached to the email. Phishing attacks often try and get around email filters and anti-virus scanners by embedding an image in the email body, which links to the malware.
