CFC Underwriting puts forward COVID-19 cyber scam warning

Specialist insurance provider CFC has warned that its in-house cyber claims team is seeing new COVID-19 cyber scams targeting businesses.

“Since countries around the world went into lockdown, the types of incidents that our cyber claims team are dealing with shows that while there hasn’t yet been a change in frequency of attacks, the likelihood of companies falling victim to these scams in a vulnerable and remote working scenario are escalated in comparison to what we were experiencing pre-COVID-19,” said Lindsey Nelson, cyber development leader for CFC. “This new era of home working couldn’t be a better situation for cyber criminals. Employees are working on potentially insecure devices and businesses may not have implemented any additional training to help them spot things like phishing links that play on, for example, human curiosity about coronavirus.”

CFC’s in-house cyber incident response team has seen the following cyber scams over the last several weeks:

• Setting up fake websites offering safety information about COVID-19 or purporting to sell medical masks and supplies. The sites trick people into clicking on links that give cyber criminals access to personal information or result in victims transferring money to fraudulent third-party bank accounts.
   
• Posing as government agencies in emails and social-media posts to trick people into clicking on a link that enables cyber criminals to encrypt their computers with ransomware. These fake agencies are also issuing “fines” for not following government social-distancing measures, prompting victims to reveal bank account details and pay fraudulent fines.
   
• Creating phony COVID-19 maps encouraging people to click to get more information about the spread of the outbreak in their areas. While the maps look legitimate, they contain malware designed to steal credentials

“With initial efforts being focused on the employees of the company working remotely, but not necessarily securely, it’s very possible that hackers have already penetrated mailboxes through business-email compromise scams and are simply lingering, waiting for the right opportunity to strike,” Nelson said. “This means we won’t see the true implications of these attacks until a few weeks or even months down the line.”