SWGfL Cyber Security Advice during Coronavirus

The Coronavirus (COVID-19) pandemic has already caused enormous problems, and schools are now struggling to provide education to children at home whilst, for many, continuing to support children of Key Workers and vulnerable children in school.

As the world grapples with management of it, people are keen to find information about the disease, and cyber criminals are using the public’s fear and interest to their advantage, creating new scams and targeting individuals, organisations and even whole industries and countries.

The Education Network, which SWGfL is a member of, has worked with the National Cyber Security Centre (NCSC) on cyber security information for schools - simple information cards that help you with key security issues.

We’ve also produced some advice below to help you avoid some of the scams we've seen.

Coronavirus Website Scams

Security firm Check Point have found in their 'As Retailers Close their Doors, Hackers Open for Business' report that over 16,000 new website domains have been registered that are Coronavirus related since the beginning of January 2020.

Check Point also state in their Global Threat Index update that Coronavirus related domains are 50% more likely to be malicious than other domains.

These malicious websites will probably be: 

• Linked to phishing campaigns (see ‘Coronavirus Email Scams’ below);
• Selling goods that don’t exist or will not be shipped to you once you’ve paid (see ‘Coronavirus Online Shopping Scams’ below); or
• Used to distribute malware (such as ransomware).

Advice

1. Ensure you have good anti-malware software on your devices, and that it is up to date.


2. Find out more about malware and ways to protect yourself at our Security page, and about ransomware at our specific ransomware information page.


3. Be suspicious of websites you’ve not heard of before claiming to have information, products or some sort of service that others don’t – if it sounds too good to be true, it probably is.


4. Follow our 12 vital information security steps guide.

Coronavirus Email Scams

The National Cyber Security Centre (NCSC) has warned about a rise in email scams exploiting COVID-19, and there are various examples below.

Examples

1. Sophos spotted a Coronavirus email purporting to be from the World Health Organisation (WHO) containing a link to download ‘safety measures’. This is a phishing email, designed to capture your email address and password.


2. The BBC have tracked five email scam campaigns:
   1. Click for Corona-Virus Cure – an email purporting to be from a doctor who has developed a secret vaccine.
   
   
   2. UK Government Tax Refund – claiming to offer a refund, this email suggests you can access the funds by clicking a link.
   
   
   3. Safety measure can save you – another email impersonating the WHO, but this time with an attachment that claims to contain a ‘little measure that can save you’. The advice within it is not useful, and infects devices with Agent Tesla keylogger malware.
   
   
   4. Covid-19 now airborne – this email impersonates the Centre for Disease Control and Prevention (CDC) using what appears to be a legitimate CDC email address, but it has been spoofed. The link within takes you to a page that attempts to collect your email username and password.
   
   
   5. Donate to the WHO – yet another email purporting to be from the WHO, this time asking for your donation to help the fight against COVID-19 (in Bitcoin).

Advice

1. If you’ve received an email or other communication offering you a cure, vaccine or similar, it is not legitimate. There isn’t a cure for COVID-19. There is no substance on the market anywhere that can prevent you from catching it. ITV reported on 21 March that Public Health England are joining scientists around the world in working on a vaccine, but it will be at least a year before it is ready for use.


2. Be wary of any email you receive asking you to donate money through a link, or with Bitcoin or another cryptocurrency.  To donate to any organisation safety, type their URL (website address) in to your browser and follow the instructions on their site. The WHO has become sufficiently concerned about the criminal activity that they’ve set up a page advising people to beware of criminals pretending to be the WHO.


3. Be cautious with emails containing links or attachments that you weren’t expecting or are from senders or organisations you don’t recognise. You can use our free Guide to Phishing Emails, which includes a flowchart to help you separate legitimate emails from phishing emails.


4. Agent Tesla keylogger exploits a known vulnerability in Microsoft Office, for which there is a patch. Make sure Microsoft Office is up to date with the latest patches.


5. If in doubt, shout! We’re here to help – drop us a line at infosec@swgfl.org.uk and we’ll work with you to establish the legitimacy of emails you've received or any other security concerns you have. You can also find out more about reporting emails to the National Cyber Security Centre using their Suspicious Email Reporting Service.

Coronavirus Online Shopping Scams

The Independent reported on 20 March that scams exploiting COVID-19 in the UK have earned criminals almost £1 million, and that the majority of reporting incidents relate to the sale of products that have never arrived.

These items include protective face masks, hand sanitiser, and other protective items or items in short supply. 

Advice

1. Use reputable online retail sites, and try to buy goods that have been positively reviewed by other purchasers.


2. As above, be suspicious of websites you’ve not heard of before claiming to have products or services that other, more established sites don’t – if it sounds too good to be true, it probably is.

We’ve also produced guidance regarding the online safety aspects of remote and online learning, covering multiple elements and providing resource suggestions that can help.

Access our tools, advice and resources to help during the Coronavirus pandemic