IT users are becoming more savvy and alert to scams about the covid-19 pandemic, says a security awareness training company. Social media messages are another area of concern when it comes to phishing, says KnowBe4, and LinkedIn phishing messages dominate as the top social media email subject to watch out for.
Stu Sjouwerman, CEO, KnowBe4 said: “With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks. While users are becoming more savvy regarding COVID-19 phishing attacks, there is a steady increase of those falling for security-related email scams. The bad guys go with what works and in Q1, nearly a third of the users who fell for a phishing email clicked on one related to a password check. Always check with your IT department through a known good phone number, email address or internal system before clicking on an email related to checking or changing a password because it only takes one wrong click to cause monumental damage.”
The firm suggests that these are typical email subject lines used in phishing:
-Password Check Required Immediately
-Revised Vacation & Sick Time Policy
-COVID-19 Remote Work Policy Update
-COVID-19 Vaccine Interest Survey
-Important: Dress Code Changes
-Scheduled Server Maintenance — No Internet Access
-De-activation of [[email]] in Process
-Test of the [[company name]] Emergency Notification System
-Scanned image from MX2310U[[domain]]
-Recent Activity Report.
Meanwhile, the Chartered Trading Standards Institute (CTSI) has received a video recording of an automated telephone message claiming that the National Insurance number of the recipient “will be terminated due to some unethical financial transactions.”
This National Insurance scam is one of a spate of scams sent to the public during the COVID-19 lockdown. The automated message states: “This call is in regards to your National Insurance number. Ignoring this final warning may lead you to legal troubles. The reason behind this phone call is to inform you that your National Insurance number will be terminated due to some unethical financial transactions.”
The recording then asks the recipient to “please press ‘1’ to get more details.”
The call is a data harvesting or phishing attempt, which could lead to identity theft. Pressing the button puts the recipient in touch with a scammer who will supposedly verify their National Insurance number. Unfortunately, anyone who responds is revealing key personal details putting their finances in danger.
Katherine Hart, a Lead Officer at CTSI, said: “This scam is despicable in its attempt to scare the public with the threat of losing their National Insurance number at this challenging time for everyone. It’s astounding that these unscrupulous scammers refer to unethical transactions as the reason. If you receive this call, do not ever press ‘1’ and please warn others about it. Also, report it to the authorities, such as Action Fraud, or in Scotland, Police Scotland. Reporting all instances of fraud helps consumer protectors establish a clearer picture of the landscape and the true scale of this problem.”
