Phishing – Covid-19

What is Phishing

Phishing is when criminals attempt to trick people into doing ‘the wrong thing’ such as clicking a link to a dodgy website. Phishing can be conducted via a text message, social media, or by phone, but the term ‘phishing’ is mainly used to describe attacks that arrive by email.

Criminals send phishing emails to millions of people, asking for sensitive information (like bank details) or containing links to bad websites. Some phishing emails may contain viruses disguised as harmless attachments, which are activated when opened.

Criminals tend to target current affairs. That’s why during this Covid-19 pandemic, experts like the NCSC are seeing a massive volume of Covid-19 related phishing by all methods including email and text message.

DO NOT TRUST any links or attachments sent to you in any unsolicited electronic communication. This includes from friends.

You should always turn to trusted sources of information during a situation like the Covid-19 pandemic. These include:

Many of these services are on key social media platforms as well.

Please take time to think before you share any messages forwarded to you from friends. You could be spreading false information or even scams, fraud and malicious software. There are lots of ‘clickbait’ headlines that try to scare people into reading articles and sharing them, or even taking action.

For full guidance on phishing from the National Cyber Security Centre:

Genuine UK Government Message

The UK Government has only sent ONE text message to the public regarding new rules about staying at home to prevent the spread of Covid-19. Any others claiming to be from the UK Government are false.

Criminals are able to use spoofing technology to send text messages and emails impersonating organisations that you know and trust.

The Genuine Message

Covid-19 Phishing Examples

By Email

By Text

Unfortunately, because of the way mobile telephones display text messages, if criminals perfectly impersonate the legitimate sender (such as UK_Gov in the example below) the fake message creates a thread after the genuine message. This makes us more likely to fall for it… never trust any links in a digital communication you didn’t request!