It launched its ‘Suspicious Email Reporting Service’ to make it easy for people to forward suspicious emails to the NCSC – including those claiming to offer services related to coronavirus. This has been co-developed with the City of London Police. By forwarding any dubious emails – including those claiming to offer support related to COVID-19 – to firstname.lastname@example.org, the NCSC’s automated programme will immediately test the validity of the site. Any sites found to be phishing scams will be removed immediately.
As well as taking down malicious sites it will support the police by providing live time analysis of reports and identifying new patterns in online offending - helping them stop even more offenders in their tracks.
It was disclosed that over the past month the NCSC has already taken down 2,000 scams – including 471 fake online shops – trying to trick people looking for coronavirus-related services. It has closed 555 malware distribution sites set up to cause significant damage to any visitors, and stopped 200 phishing sites seeking personal information such as passwords or credit card details, and closed 832 advance-fee frauds where a large sum of money is promised in return for a set-up payment.
In addition the NCSC has launched a ‘Cyber Aware’ campaign to be delivered working alongside the Home Office, the Cabinet Office and the Department for Digital, Culture, Media and Sport (DCMS); it aims to help individuals and organisations to protect themselves online with actionable advice on how protect passwords, accounts and devices.
New advice on the secure use of video conferencing services builds on advice published on www.ncsc.gov.uk since the coronavirus outbreak started and includes includes tips on setting up accounts and securely installing the app, creating a strong password, arranging a chat, tracking who is joining the chat.and protecting devices. The NCSC also recommends that users do not make meetings public, connect only to people through their contacts or address book – and never post the link or password publicly.
NCSC CEO Ciaran Martin issued a statement saying: “Technology is helping us cope with the coronavirus crisis and will play a role helping us out of it - but that means cyber-security is more important than ever.
“With greater use of technology, there are different ways attackers can harm all of us. But everyone can help to stop them by following the guidance campaign we have launched today. But even with the best security in place, some attacks will still get through.
“That’s why we have created a new national reporting service for suspicious emails – and if they link to malicious content, it will be taken down or blocked. By forward messages to us, you will be protecting the UK from email scams and cyber crime.”
Minister for security James Brokenshire adds: “Criminals are seeking to exploit our greater use of emails, video conferencing and other technologies for their advantage. It’s despicable that they are using the coronavirus outbreak as cover to try to scam and steal from people in their homes. We all have a part to play in seeing they don’t succeed.
“I encourage everyone to follow the Cyber Aware advice and to use the Suspicious Email Reporting Service. They provide important new ways in which we can protect ourselves as well as our families and businesses.”
Digital infrastructure minister Matt Warman commented: "Technology is helping us work remotely, connect with family and friends and access medical advice online, so we can stay home, protect the NHS and save lives. But cyber criminals are also exploiting this crisis to target people and organisations.
“I urge everyone to remain vigilant online, follow the National Cyber Security Centre's guidance on passwords and account security, and report suspected coronavirus related scams if you see them."
Tips issued for staying secure online are;
Turn on two-factor authentication for important accounts
Protect important accounts using a password of three random words
Create a separate password that you only use for your main email account
Update the software and apps on your devices regularly (ideally set to ‘automatically update’)
Save your passwords in your browser
To protect yourself from being held to ransom, back up important data
Karen Baxter, City of London Police, national lead for fraud, said: “As we all stay indoors and spend more time online there is more opportunity for criminals to try and trick people into parting with their money.
“Law enforcement are working closely with government to ensure the public, and businesses, are as well-equipped as possible to fight online harms.
“This process will be greatly assisted by the new suspicious email reporting service which empowers the public and enhances police capabilities to step up their response to fraud.
“Officers have already executed a number of warrants across the country to target and disrupt criminals sending emails and texts designed to steal your money.”
Rich Turner, SVP EMEA at CyberArk emailed SC Media UK to add: “These developments highlight the lengths hackers will go to when trying to circumvent cyber-defences, but phishing attacks in themselves are nothing new. According to our research, 60 percent of organisations cite external attacks, such as phishing, as one of the greatest security risks currently facing their organisation, ahead of other popular techniques such as ransomware.
"That’s because cyber-attackers continue to seek the path of least resistance, and for many organisations, this remains their employees. Well-crafted phishing emails – especially those that play on the fears of individuals – can often do the trick. Attackers typically use these tactics to gain a foothold within organisations that then allow them access to privileged credentials - those that give control over sensitive data or critical systems."
Jake Moore, Cybersecurity Specialist at ESET commented: “This is a great way to help support the government reduce the amount of rogue websites and phishing emails. Whilst it takes time for professionals to check such illicit sites, it can help when the public assist the authorities in spotting fraud. Phishing emails have increased recently and criminals are clearly abusing the pandemic for their own gain. Therefore, we need to work together in supporting each other and helping take down such sites and emails collectively.
“The NCSC have a difficult challenge on their hands as many people struggle to adopt their advice. Many, for example, are aware of two factor authentication and how it can vastly reduce the chance of being hacked. However, very few act upon this advice and set it up on all of their accounts. Password managers are another lifesaver which will also help thwart the hackers’ methods of entering your accounts.”
Sam Humphries, security strategist at Exabeam emailed to add: “Attackers using newsworthy events to lure users into clicking malicious links is nothing new, however, in this current climate stress and distractions are putting users at an increased risk of accidentally dropping their guard. Using statistical modelling to identify patterns and protect people from this risk clearly demonstrates the benefit of machine learning in promptly detecting and blocking attacker behaviours.
“This is an approach many organisations can learn from. Using machine learning and analytics to draw insight from vast amounts of data is the most effective way of identifying security risks. These tools set baselines of normal behaviour that help to identify threats much easier and faster – detecting and escalating unusual patterns, pinpointing event timelines and providing deeper insight on sources.”
Tim Bandos, VP Cyber Security at Digital Guardian commented: "We are definitely seeing a huge rise with phishing attacks in a COVID-19 theme being the primary aggressor," he said. "I wouldn't necessarily say the total number of cyber-attacks has gone up. I do think the method by which they're carrying out these attacks is that they're leveraging this opportunity.
“Because these highly lucrative attacks are succeeding, they will continue to attract more groups willing to attempt their methods. It’s time that businesses consider applying security to their business practices because IT security tools are not infallible against human behaviour."
Ed Williams, director EMEA, SpiderLabs at Trustwave, notes: "We’ve seen plenty of evidence of attempted Business Email Compromise (BEC) or ‘Whaling’. With parents juggling work with schooling and education for their children (I myself am in this exact situation), we know threat actors are looking to leverage this change in the work environment to cause disruption from which they can benefit.
"We’ve seen examples of rushed infrastructure being created to meet the demands of remote work and fraudsters using in-vogue services to cause disruption. The NCSC have produced six bullets point that can be used to help keep remote workers safe and secure.
"While not a technical control, I would add that remote workers shouldn’t feel rushed into opening emails, clicking on links or sending potentially sensitive data. While working from home may be different, the bad guys’ M.O. remains the same.”
And of course it is phishing that remains a major threat, with Mitchell Scherr, CEO at ACP noting, "Before Covid-19, around half of cyber-attacks in the UK involved phishing and the move to home working has breathed new life into the method, with IT teams improvising and working to get employees quickly set up with new tools and software.
"Hackers have cottoned onto this opportunity, confusing legitimate links to download new tools with malicious scam. The recent launch of this service by the NCSC has raised awareness of the importance to re-train staff on cyber-security protocol. Considering that a recent Make UK survey found that one in three businesses do not provide formal cyber-security training for their employees, this is particularly pertinent now to ensure that businesses can be safeguarded against the heightened threat of cyber-attacks during the pandemic.”
The risk is further emphasised byTony Pepper, CEO, Egress who points out that its recent Insider Data Breach survey found that "41 percent of employees who had accidentally leaked data had done so because of a phishing email. More worryingly due to their level of access to data and systems, senior personnel are typically the most likely group to fall victim to phishing attacks, with 61 percent of directors saying that they’d caused a breach in this way.
"With attackers trying to take advantage of an environment of heightened anxiety and disrupted work settings to trick people into making mistakes, it’s paramount that people remain vigilant to the threat of phishing email and are proactive in reporting anything they receive that could be malicious to colleagues within the security teams. Things to look out for include poor spelling and grammar, unexpected URLs when hovering over hyperlinks, unreasonable urgency, and requests for personal information, financial details and credentials.”
Of course the NCSC is not the only actor here and industry is also doing its bit with Nominet, the registry that runs the .uk domain, suspending more than 1,700 suspicious coronavirus websites "to help protect the public and the vulnerable from scammers."
It says it has also put in place systems to ensure that the those who are isolated and most in need are digitally connected and that those needed to access the NHS website won’t be charged and is enabling newly unemployed people to create websites for new businesses.
Will LaSala, senior director of global solutions at OneSpan also offers advice, particularly to banks and financial institutions who he says need to be especially vigilant. "They should invest in dynamic fraud solutions that leverage machine learning and advanced risk analytics to identify abnormal user behaviour in real time.
"Furthermore, solutions that are capable of automatically operating at a lower level of trust during times of increased risk are best suited to help banks and FIs respond to the fast-paced nature of fraud during events like the Coronavirus outbreak."
And in response to the NCSC's announcements LaSala adds: "We're unfortunately continuing to see attackers relentlessly exploit the ongoing pandemic to try and bait victims into falling for scams that can have devastating consequences, such as money being lost, personal details being stolen, or malware unknowingly installed.
"Consumers should be wary of clicking on links within emails, should always check the senders email address, and should know no trusted organisation would ever ask them to part with money via email. Solutions that are capable of automatically operating at a lower level of trust during times of increased risk are best suited to help banks and FIs respond to the fast-paced nature of fraud during events like the Coronavirus outbreak.