Expert Advice: Protecting against online fraud and scams during COVID-19
5 May 2020
Dr Jason Nurse from Kent's School of Computing provides advice on how to stay safe online as cybercriminals and fraudsters attempt to exploit uncertainty, fear and stress during the COVID-19 pandemic.
- Be suspicious of unsolicited emails, texts or calls asking for personal information (e.g., name, home address, bank details, email address or phone number) always, but especially during the pandemic. Criminals often pose as someone you may know (e.g., the NHS, your GP, bank, employer or friend) to trick you into giving them your information; this is called a phishing attack. Do not share personal or work information before verifying a sender's credentials. Verification can be achieved by using phone numbers or emails from official websites or checking previously received official correspondence.
- Be extremely cautious of emails, texts or calls that seek to panic, force or entice you into take some action (e.g., clicking a link or transferring some money). Fraudsters are aware that we are all concerned about the pandemic and its impact on our lives, and are attempting to trick us using this. This could involve threatening your health if you don't pay a fraudster, or asking for money under the guise of a legitimate organisation (e.g., the World Health Organisation (WHO), or the NHS). Stay calm, listen to your instincts and ignore such emails.
- Be careful with what personal information you share online and use unique, strong passwords across online accounts. Cybercriminals search for information about you online to better target their COVID-19-themed attacks. They use your social media and work profiles, and even passwords (from previous data breaches), to gather information in order to trick you into believing that their messages are legitimate. Check privacy settings for your accounts to ensure that you're not sharing too much personal information. Also, it is crucial to have unique and strong passwords across your accounts; a password manager is great for this.
- Protect your devices using up-to-date software and keep online accounts secure using multi-factor authentication. Even after your best efforts in this stressful pandemic time, cybercriminals may be able to trick you into clicking a malicious link, downloading a harmful attachment, or could guess your passwords using online information. This is why it is important to keep up-to-date software and anti-virus systems that can catch and block malware before it infects your device (be it a computer, tablet, phone or smart technology). Also, by turning on multi-factor authentication on your online accounts, you add another layer of protection as it means that criminals will need to know more than your password to login to your account.
- If you think you have been the victim of a scam, phishing attack or fraud, contact the related organisation(s), e.g., your bank, employer or online service provider immediately. They may be able to block the attack, or put measures in place to mitigate and recover from it without too much harm to yourself or to their systems. To support detection and reporting of suspicious emails, the UK's National Cyber Security Centre (NCSC) has launched a new 'Suspicious Email Reporting Service' to make it easier for us all to report suspicious emails, including those related to coronavirus. Official services like these and those from Action Fraud can be used to quickly report concerning messages, therefore protecting yourself and others. There are also services such as Victim Support and You & Co that are tailored to providing support to victims of crime.
This blog was repurposed from Kent’s Expert Tips are a series of advice-led articles delivered by University of Kent academics. Advice is given based on academics' specialist areas of research to inform, support and educate readers. Colleagues who would like to learn more about how to contribute their expertise should contact the Press Office on 3985 or email@example.com.