Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.

Exclusive: How cyber criminals used Covid to target our anxieties

Post Thumbnail

Online scammers leveraged government coronavirus announcements, sometimes within just a matter of hours, to exploit unprecedented cyber security weaknesses during the pandemic, new research shows.

A study by experts at Abertay, Strathclyde, Kent, Oxford and Warwick universities found home working created “a level of cyber security concerns and challenges never faced before”, and reveals how the situation was seized upon by cyber criminals.

The study, seen in full by us, highlights a pattern between new cyber campaigns and key events, such as announcements of spending or health policies, illustrating how scammers manipulated briefings to exploit the anxieties of the public.

Researchers tracked instances of cyber attacks inspired by Covid-19 from the first example around 30 days after the first confirmed case of the virus in China and found the timeframe between events and linked attacks reduced dramatically as time went on.

“Attackers are clever and like to stay a step ahead.”

Dr Xavier Bellekens

Their timeline, which sometimes includes multiple major new campaigns on a single day, maps instances across the world against the spread of the virus and key public health measures, such as the first UK lockdown in March last year.

They found scammers expanded their attacks as it became clear Covid-19 was set to become a global event and used “traditional trickery” to prey on heightened levels of stress, anxiety and worry that created a greater likelihood of success.

‘Quite exceptional’ problems

The paper states the extent of cyber security-related problems in the UK was “quite exceptional” and researchers found there was a “loose correlation” between policy announcements by the UK Government and subsequent cyber crime campaigns.

By early May, more than 160,000 suspect emails had been reported to the National Cyber Security Centre and by the end of the same month £4.6 million had been lost to Covid-19-related scams.

The research team found events such as the March 11 budgetary announcement increased the likelihood of a positive response to a cyber criminal campaign and that perpetrators were “very likely to hook on to events” when coming up with scams.

Dr Xavier Bellekens, a leading cyber security expert at Strathclyde University and one of the authors of the paper, said criminals had adapted their approach to include themes such as jobs support, protective equipment or support for the NHS.

Dr Xavier Bellekens, from Strathclyde University’s electronic and electrical engineering department.

“Attackers are clever and like to stay a step ahead,” he said. “They will make sure they use emails that are believable and in line with the current threats or messaging.

“They might see a government announcement or event during the pandemic and they will send well-crafted emails tricking you into entering your credit card details, possibly to support NHS workers or purchase PPE that is in short supply.

“There is also always going to be an increased risk when people are working from home. During the pandemic people have their children to deal with, they have their work to deal with. It creates that extra stress.

“It might make you not focus 100% of the time and you might end up clicking a link you wouldn’t click on otherwise.”

Cyber attacks

The study, entitled Cyber Security in the Age of Covid-19: A Timeline and Analysis of Cyber-Crime and Cyber-Attacks during the Pandemic, found scams targeted members of the public generally, as well as millions of people working from home.

Critical national infrastructure, such as healthcare services, have also been attacked, and incidents using ransomware – a type of software that blocks access to files and then demands payment to release them – have been reported in a number of countries.

The paper states home working has revealed a “general unpreparedness” among software vendors for these kinds of attacks.

It states: “The outbreak has caused mass disruption worldwide, with people having to adapt their daily routines to a new reality: working from home, lack of social interactions and physical activity, and fear of not being prepared.

“These situations can overwhelm many, and cause stress and anxiety that can increase the chances to be victim of an attack.”


Criminal gangs have been observed impersonating official bodies, such as the World Health Organisation, the NHS or the legitimate Johns Hopkins University Covid-19 information dashboard, to seize control of sensitive data.

A large number of website domains containing the words ‘covid’ or ‘coronavirus’ have also been registered by apparent scammers, along with attempts to impersonate communications platforms such as Zoom, Microsoft and Google.

In other instances, criminals have been known to offer bogus coronavirus cures, false advice on effective treatments or pose as health officials requesting donations to help develop a vaccine.

The paper suggests government events should be accompanied by a note or a disclaimer outlining how legitimate information relating to the announcement will be relayed.

“The best thing for us to do is to increase education.”

Xavier Bellekens

Dr Bellekens believes governments in the UK have responded well overall to threats of cyber crime since the beginning of the pandemic but stressed the study shows the need to find new ways to keep the public safe.

“Both sides will have learned from the pandemic,” he said. “It would be foolish to believe that only the people thinking about security will have learned from this.

“Scammers and hackers will have learned their lessons. They will find new ways. We’re going to be stuck in a mouse and cat chase game because the public is slower and is the one reacting to the attack.

“The best thing for us to do is to increase education. Companies will have learned their lessons on how to protect their infrastructure for remote working.

“I think the pandemic has demonstrated a number of issues but it has also demonstrated that we can react very fast to any set of events.”

Dr Lynsay Shepherd, of Abertay University’s division of cybersecurity, said: “Cybercrime is a highly sophisticated and organised activity and it will not come as a surprise to anyone in the cybersecurity industry that these individuals and groups used the Covid-19 pandemic as a vehicle to launch attacks.

“It is unlikely there will ever be a time when we can eradicate cybercrime. Therefore we must continue to educate everyone from as early a stage as possible, train our graduates to understand the mindset of cybercriminals, as we do at Abertay, and to continue to invest in research, development, innovation and infrastructure.”