UK coronavirus phishing scam uses phony emails: How to stay safe

1. Home
2. News
3. Security

United kingdom coronavirus phishing scam uses phony emails: How to stay safe

(Image credit: Shutterstock)

Cyber crooks are trying to steal passwords for small-business concern Microsoft accounts in the U.K. by sending phony emails promising government relief funds for businesses close downwardly by the coronavirus.

In a weblog posting yesterday (June 10), researchers from Abnormal Security say the email phishing campaign is posing as correspondence from the UK Government'southward Small Concern Grants Fund (SGF).

• Best antivirus: stay safer online with watertight virus protection
• Best VPN: add a layer of actress protection thanks to a virtual private network
• See Also: Where to purchase face up masks and coverings online

"This assail is attempting to exploit current efforts by the authorities to provide relief funds for minor business owners afflicted past Covid-xix closures and shelter-in-place orders," the Abnormal Security report says.

"Although the requirements vary by country, applicants do have to provide documents proving their eligibility," it says. "Since applicants are expecting email correspondence, this provides attackers with a unique opportunity to impersonate legitimate authorities and extract sensitive data from customers."

• Keep occupied and access iPlayer outside the UK with an iPlayer VPN

 Thousands of scam emails sent

The phishing email, estimated to take been sent between ane,000 and 5,000 times via an official Dropbox domain, asks recipients to click on a file called "COVID-19-Relief-Payment.PDF".

Aberrant Security explains that the set on is a ii-pace procedure.

"The start footstep is the link provided in the email that leads to a standard Dropbox transfer landing page with the enablement [sic] to download the file. After clicking on the download button, the page is redirected to a phishing landing folio."

The 2nd stride directs users to a landing page containing an Office 365 paradigm and a button that asks the user to "Access Document". The researchers warned that this is where the intent is revealed, which is to gain access to the user's Microsoft username and password.

Once the recipient follows these instructions and fills out the provided forms, the researchers say that their Microsoft credentials will be compromised and can outcome in fiscal loss.

This attack is effective for several reasons. Users are asked to complete the form urgently, the e-mail comes from a convincing sender and uses legitimate email headers, and the user may exist expecting correspondence anyway if they've already applied for the fund.

To make certain you don't fall victim to this scam, enable two-gene hallmark on your Microsoft account. That will make it much more than difficult for crooks to access the account, fifty-fifty if they practise manage to steal your username and password.

• Read more: Protect your company with the best business organisation VPN
• Become full access to British TV with a United kingdom VPN

Nicholas Fearn is a freelance engineering journalist and copywriter from the Welsh valleys. His piece of work has appeared in publications such every bit the FT, the Independent, the Daily Telegraph, The Side by side Web, T3, Android Key, Reckoner Weekly, and many others. He also happens to be a diehard Mariah Carey fan!

Source: https://www.tomsguide.com/news/small-biz-grant-scam

Posted by: manningcoultan.blogspot.com

Share this post