Email Security & Covid 19
During this time of the Government response to Covid 19 with the imposed restrictions on movement, the resulting impact on workforces and more specifically the remote distribution of staff that are now working from home, it is vital that all staff are extra vigilant with their cyber security and with their email security in particular. Hacking and phishing attempts are on the rise due to the reduction in security systems brought on by the nature of distributed workforces.
Although you email systems may have very good security in place, users cannot rely on these alone. Hackers will always come up with new ways of thwarting these protection measures. Your email security systems will catch up and mitigate threats once they are known, but it is important to note that this will not happen immediately. That security gap is where users vigilance is vital. There is a lot of anecdotal evidence that there has been a rise in the number of phishing emails pertaining to the Covid 19 disruption.
These types of emails range from but are not exclusive to:
Missives from HMRC
VPN setup instructions from IT departments
Change of bank details
Covid 19 updates
Please take the time to read the below guidance from the National Cyber Security Centre Guidance on Suspicious Emails and always exercise common sense. If you have any reservations about the validity of an email always check with your IT Department or the person that it supposedly came from before responding and never ever click a link in that email. Until you're certain that the sender is genuine, you should not follow any links, or reply. The next thing to do is try and identify whether the email is a scam, or genuine.
Here's some tips on spotting phishing emails:
Many phishing emails have poor grammar, punctuation and spelling.
Is the design and overall quality what you'd expect from the organisation the email is supposed to come from?
Is it addressed to you by name, or does it refer to 'valued customer', or 'friend', or 'colleague'? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like 'send these details within 24 hours' or 'you have been a victim of crime, click here immediately'.
Look at the sender's name. Does it sound legitimate, or is it trying to mimic someone you know?
If it sounds too good to be true, it probably is. It's most unlikely that someone will want to give you money, or give you access to a secret part of the Internet.
Your bank, or any other official source, should never ask you to supply personal information from an email.
Try to check any claims made in the email through some other channel. For example, by calling your bank to see if they actually sent you an email or doing a quick Google search on some of the wording used in the email.