NCSC launches coronavirus cyber security campaign

The UK’s National Cyber Security Centre (NCSC) will launch a cross-governmental security awareness campaign on 21 April alongside a world-leading scam reporting service to help people protect themselves from malicious cyber criminals exploiting the Covid-19 coronavirus pandemic.

The programme has been developed with support from the Cabinet Office, the Department for Digital, Culture, Media and Sport (DCMS), and the Home Office.

“Technology is helping us cope with the coronavirus crisis and will play a role helping us out of it – but that means cyber security is more important than ever,” said NCSC CEO Ciaran Martin.

“With greater use of technology, there are different ways attackers can harm all of us. But everyone can help to stop them by following the guidance campaign we have launched today. But even with the best security in place, some attacks will still get through.

“That’s why we have created a new national reporting service for suspicious emails – and if they link to malicious content, it will be taken down or blocked. By forwarding messages to us, you will be protecting the UK from email scams and cyber crime,” he said.

The Cyber Aware campaign will offer actionable advice and guidance to help people protect their devices, accounts and passwords from cyber criminals, while the new Suspicious Email Reporting Service is supposed to make it easier for people to forward suspicious emails to the NCSC – these do not have to be coronavirus-related, although it is likely most will be for the time being.

Developed alongside the City of London Police, the service allows people to forward suspicious emails to [email protected], where an automated programme will test the validity of the contents, helping the NCSC and its partners remove scams and phishing websites quicker.

It will also act as a data-gathering exercise to help law enforcement analyse real-time reports and identify new patterns in online offending.

“As we all stay indoors and spend more time online, there is more opportunity for criminals to try to trick people into parting with their money,” said commander Karen Baxter of the City of London Police, the national lead force for fraud in the UK.

“Law enforcement are working closely with government to ensure the public, and businesses, are as well-equipped as possible to fight online harms. This process will be greatly assisted by the new suspicious email reporting service which empowers the public and enhances police capabilities to step up their response to fraud.

“Officers have already executed a number of warrants across the country to target and disrupt criminals sending emails and texts designed to steal your money,” she added.

The NCSC said it has already removed 472 fake online shops selling fraudulent coronavirus-related items, 555 malware distribution sites and 200 phishing sites trying to harvest personally identifiable information (PII), and tackled 823 advanced-fee frauds.

So far, more than £2m has been lost to coronavirus-related fraud in the UK, according to Action Fraud, and the true figure is likely to be much higher as not every victim comes forward.

Increasingly, a number of coronavirus-related email fraud attempts relate to tax refunds from HMRC, and council tax reductions for people on low incomes or benefits, said Action Fraud, which has received well over 100 reports of such scams in the past fortnight.

“Sadly, despicable criminals will look to take advantage of the financial benefits provided by the government to help us through this national crisis, and use these schemes as a way to commit fraud,” said Baxter.

“It is not right that criminals are targeting those on lower incomes, who may be struggling financially at this time, and pretending to offer help and assistance.

“It is extremely important that if you receive an email or text out of the blue that you are not expecting, you don’t click on any links or attachments. Instead, visit the official Gov.uk website by typing it directly into your web browser so you can ensure the information you are seeing is genuine.”

Besides information on basic cyber security hygiene – such as keeping devices updated; using two-factor authentication if possible; creating strong, unique passwords; and backing up personal data – the Cyber Aware campaign also includes help and advice for people who are trying out video-conferencing services for the first time during lockdown.