In recent weeks the IT Security team have noted a significant increase in phishing campaigns utilising Covid 19 as a hook.
In particular, as travel restrictions are eased, we have seen thousands of phishing emails purporting to be from the NHS, advising recipients to click a link in order to apply for, or accept an invitation to receive a “Covid Passport”.
If clicked, this link would direct the recipient to a fake NHS web page which could harvest personal or financial information.
Additionally, phishing emails like this can lead to malware being installed on your device, which is still the most common entry point for major organisational level Cyber-attacks.
The majority of these emails used a technique known as Spoofing to make the emails appear at first glance to have come from the official NHS domain (@nhs.co.uk). This involves amending the display name of the sending email account and is particularly effective on mobile device clients where only the display name tends to be listed (not the full sending address). You can read more about spoofing here:
Beware email spoofing scams | News | StaffNet | The University of Aberdeen (abdn.ac.uk)
What can I do?
- Look out for display name spoofing. If the display name claims to represent a well-known entity (such as the NHS or HMRC), but the email address is unknown this is likely a spoof.
- When you receive an unexpected email from a known organisation requesting you take action, always browse directly to their official website rather than using the link in the email.
- Be wary of wording that tries to convey a sense of urgency, this is a common tactic used to get people to react without thinking.
- Report suspicious emails to the IT department using the report phishing button.
Find out more
You’ll find more information on protecting your personal devices in Toolkit’s Information Security resource.
Author: Information Security Team, DDIS