I’m sure we are all sick of hearing about it. But the Coronavirus COVID-19 is here, and it doesn’t look like it will be going away any time soon. The 24/7 News cycle is full of information about washing your hands, the latest updates about school closures and self-isolation advice.
To protect themselves, their families and their communities, workers have migrated from their office desks to their kitchen tables, food shops are being ordered online and dropped off at front doors. Within a few short weeks everything has changed.
It’s a scary time, and I don’t want to add an extra edge to your nagging anxiety, but there is something you might not have considered…
The Coronavirus pandemic has created a perfect storm for cyberattacks. Thousands of the UK workforce are now working from home and in doing so have made themselves vulnerable whist trying to settle into their new normal.
Its been 3 days, and already some of our clients are being bombarded with phishing emails, preying on fear, sympathy and confusion. Here is just one example:
Sally (not her real name) works in the account department of a practice that sent all their staff home last week. They had all the equipment they needed; laptops, headsets, additional monitors for those that wanted them. Their IT support company (that’s us) had already ensured that everyone had access to the company servers, updated anti-virus and the necessary security in place. Two days in, Sally received an email from Rob (again, not his real name).
Rob has emailed Sally using his personal email address, he’d forgotten to tell her before they left the office that his bank details have changed. Can Sally update them in time for this month’s wages to go into his account? It’s really urgent as he has a few direct debits coming out of that account and he need his wages to cover them.
Sally changes his bank details, emails Rob back to confirm she has actioned his request and continues to process payroll. She doesn’t think twice about what she’s done.
Later in the week we get a panicked call from Sally, she’s just had a phone call with a very confused Rob who has told her he hasn’t received his pay and he definitely didn’t send an email changing his bank details.
Unfortunately, there is literally nothing we can do in this situation, except to quote Alastor Moody in advising ‘CONSTANT VIGILANCE!’.
There has been an impossibly huge increase in these types of emails, taking advantage of the trusting nature of the public. Education on these types of Phishing and Social Engineering attacks is absolutely key, especially when people’s day to day routine has been interrupted and replaced with such alien alternatives. It is more important than ever to check, double check, then check again. Here are a few tips for if you receive an email like this:
- Check the email address
- Sometimes spoof emails use similar domain names so be extra careful to make sure it matches what you are expecting
- Is the request expressing extreme urgency?
- Trying to pressure you into doing something quickly is a fun favorite of these kinds of attacks, pick up the phone and confirm with the sender before actioning the request
- Is the email requesting action regarding money?
- Change of bank details, direct debit payments, urgent invoices… if money is involved (especially if the message is expressing urgency) pick up the phone and CALL the person requesting the change. Make sure you use the number you have on file and NOT in the email signature
- Is the email asking for personal information?
- If the email is asking you to confirm your login and password, or has a link directing you to a site asking for your details then check the domain. If in doubt, navigate to the page directly instead of using the link provided
- Is the email playing on your emotions?
- If the email is asking you for help in desperate times, playing on fear of repercussions or promising something too good to be true if you ‘just enter you details now’ then beware
- Unsure of what you should be doing?
- Ask a colleague. Follow the official processes. If in doubt contact your IT support team and ask them to take a look at the email before you take any further action.
It’s more than likely that over the coming weeks you or someone in your team will open their Inbox to see an email like the one that Sally received. But be warned, scams like this can even rear their ugly heads in the form of a phone call. I listened to a call just yesterday between our CEO and someone claiming to be from HMRC wanting to discuss COVID-19 contingency business grants. In situations like these you can still follow the above guidance, if in doubt, hang up the phone, find the contact number of the official body directly from their website and call them to check.
Another article that might help you mitigate this issue is “7 Ways to Protect your Veterinary Practice from Cyber Attacks“. If you follow this advice you should be fine, share this information with your team and ensure that they understand the ramifications if they do not follow suit. Until the world rights itself and our working life returns to normal we must practice extreme caution.
Stay safe. If you need any help or have questions about working from home or the content of this blog then please contact us. We are here to help.