Claims data show reality of COVID-19 cyber scams

Cyber insurance claims shows that the likelihood of companies falling victim to scams post-COVID-19 has escalated. Insurer, CFC Underwriting says the new era of home-working "couldn’t be a better situation for cybercriminals", as employees are working on potentially insecure devices and businesses may not have implemented any additional training to help them spot things like phishing links that play on, for example, human curiosity about coronavirus.

“Since countries around the world went into lockdown, the types of incidents that our cyber claims team are dealing with shows that while there hasn’t yet been a change in frequency of attacks, the likelihood of companies falling victim to these scams in a vulnerable and remote working scenario are escalated in comparison to what we were experiencing pre-COVID-19,” says CFC’s cyber development leader, Lindsey Nelson.

“With initial efforts being focused on the employees of the company working remotely, but not necessarily securely, it’s very possible that hackers have already penetrated mailboxes through business email compromise scams and are simply lingering, waiting for the right opportunity to strike. This means we won’t see the true implications of these attacks until a few weeks or even months down the line."

Cyber crime: New methods (Source: CFC Underwriting)

CFC's in-house cyber incident response team has seen the following methods used by cybercriminals over the last several weeks:

1. Playing on human vulnerabilities by setting up fake websites offering safety information on COVID-19 or purporting to sell valuable medical masks and supplies. These sites trick people into clicking on links which give cybercriminals access to valuable personal information or result in individuals transferring money to fraudulent third party bank accounts.

2. Posing as government agencies in emails and social media posts – for example, the Gov.UK Coronavirus Alert – to trick people into clicking on a link that ultimately enables cybercriminal to encrypt their computer networks via malicious ransomware. Also, against the back-drop of social distancing measures, these fake agencies are issuing ‘fines’ for not respecting government advice, prompting citizens to reveal bank account details and pay bogus fines.

3. Creating malicious COVID-19 maps encouraging people to click to get more information about the spread of the virus in their area. While these maps may look legitimate on the surface, in reality they contain malware and are designed to steal credentials.

    Share Story:

Recent Stories

Your people and the pandemic: Are you doing enough?
Employee health, well-being and security have always been a vital part of risk management, and as organisations seek ways to ensure a smooth, successful and sustainable return to operations amid the evolving environment, careful consideration has to be given to all these areas, and quickly. Published August 2020

Responding to COVID-19: A safe and secure return to work
Learn more from the experts that worked on the recovery of the Diamond Princess. Published July 2020