Covid-19: Guarding yourself against fraud

Date: 21/05/2020
Author: Michael Carroll and David Thompson
Source: Signum Services
Covid-19: Guarding yourself against fraud

In the age of remote working, online fraud is as prevalent as it's ever been. With numerous Covid-19 related scams circulating online and through email channels, Signum take a look at what Members can do to keep their guard up and protect themselves from fraud. 

Last year’s crime survey revealed that almost four million cases of fraud had been recorded in England and Wales. These types of fraud are often orchestrated by organised crime groups who operate much like successful businesses.  Their activities are planned, coordinated and collaborative, they have special functions and their structures are multi-layered, internationally extended and highly adaptive. As such, their very existence depends on successful avoidance by law-enforcement and they employ a range of techniques to do this such as untraceable proxy servers, false identities and spoofed email addresses. 

Fraudsters want to obtain credential information and they try to obtain this through phishing. This is often initiated through random spamming - millions of emails sent to millions of recipients around the world. These messages do not usually contain any malware or threat, the aim is to see if yours is a live email account and if you are likely to respond with a click. Once you have been identified, your email is shared amongst hackers and fraudsters on the net.

The next step involves the cyber fraudster sending a message to your email address which will contain malicious code hidden in a link or word document, designed to spider their way onto your machine to steal information.

Some fraudsters will do some research around your email address, using work websites and social media to see what they can discover. You may then receive a spear-phishing email is an email designed especially for you. 

Research for the first part of 2020 reveals that the threat level from online fraudulent remains broadly the same as it was in the pre COVID19 era. However, the striking statistic is that since the start of lockdown, around 80% of every threat is COVID19/ Coronavirus related. This means that almost every cyber threat actor has switched to using COVID19 lures.

These are along the lines of:

  • Fake bills re COVID
  • WHO directives
  • Charter flights for PPE
  • Fake bank statements
  • Hospital visit information
  • Facemask / thermometer offers
  • Covid19 spread maps

The reason behind the change of direction is that these frauds are proving very successful with a reported 200% rise in success, meaning that twice as many people click on fake COVID emails.  Most (90-95%) of these threats are via a phishing email. 

The other area of concern is the growing issue of email account compromise – fraudsters pretending to be or authenticating as an individual in an organisation to gain access to their office 356 account etc.  This is partly driven by credential phishing emails and partly by ‘brute force’ password attacks and reports indicate that the increase may be the result of so many people working from home and not sitting behind the usual layers of security found in the normal workplace. 

During the lockdown, there has been a rise in attackers profiling people in organisations to target. People working from home are often more distracted – working from the kitchen table with kids running around and someone hoovering etc. 

Attackers are using multi-stage threats firstly in the form of an email to start a conversation followed by further messages with attachments, and perhaps a direction to a log in page. Embedded within each message are malware codes, which are then incrementally downloaded to form a complete virus payload.

Business email compromise, also known as ‘mandate or payment fraud’, is a favourite method of the online thief. This is a specific type of cyber-enabled fraud that targets businesses intending to get them to transfer money to a bank account operated by the criminal. Remember that amendments to a name, for example changing the word ‘Maritime’ to ‘Maritine’ is all that’s needed. If in doubt, hover your cursor over the email address and see if the email resolves to a completely different email address.

As the lockdown continues in some countries and slowly begins to ease in others, we are expecting to see new phishing email lures used along the lines of:

  • Company policy on lockdown easing
  • Coming back to the office/workplace regulations
  • Travelling for work notifications
  • PPE / facemask related
  • Furlough Payments ending
  • Bankruptcy relief
  • Travel repayment claims
  • Delayed payment notifications

A culture of security awareness is required. Do not click on anything until you are sure whom the email is from.  Look at the email address of the sender, does it say what you think it says? Always seek advice and do not be rushed.

  • STOP WHATEVER IT IS YOU ARE DOING.
  • TAKE FIVE MINUTES TO REVIEW THE REQUEST.
  • CHECK WITH A COLLEAGUE OR A SUPERVISOR. 
     

Emergency Contacts


If you need to call our offices out of hours and at weekends, click After Office hours for a up to date list of the names of the Duty Executives and their mobile phone numbers. 

Ship Finder


This Ship Finder is updated on a daily basis. Members who need to advise the Club of updates to their recorded ships' details should advise their usual underwriting contact.

You are currently offline. Some pages or content may fail to load.