December 16th 2020
We have received reports from care providers that they have seen an increase in scam emails, particularly in relation to the Covid-19 vaccine. To help care providers spot suspicious emails and to know what to do, we reached out to the National Cyber Security Centre (NCSC). The NCSC has provided the following advice for social care providers:
While coronavirus has led to big changes in the way that we live and work, cyber criminals have seen this as an opportunity to send more scam emails. In emails and on the phone, they may claim to have a ‘cure’ for the virus or offer financial rewards. Like many scams, these criminals are preying on real-world concerns to try and trick you into interacting. They may also mimic real NHS and government messages.
The good news is that there are some key things that both businesses and individuals can do to protect themselves from phishing attacks and scam emails and prevent the criminals from being successful.
This is increasingly important now, as you will be expecting communication around the vaccine rollout to care homes and within social care.
In a typical phishing attack, scammers send fake emails to thousands of people, asking for sensitive information (such as bank details), or containing links to bad websites. They might try to trick you into sending money, steal your details to sell on, or access sensitive information.
For Businesses
Phishing emails are getting harder to spot, and some will still get past even the most observant users. Whatever your business, however big or small it is, you will receive phishing attacks at some point. However, there are actions you can take to help avoid them. The NCSC Small Business Guide (https://www.ncsc.gov.uk/collection/small-business-guide/avoiding-phishing-attacks) contains some practical steps to help you identify the most common phishing attacks.
If you have received an email which you’re not quite sure about, forward it to the NCSC’s Suspicious Email Reporting Service (SERS): [email protected].
Once reported you will receive an acknowledgement email. The NCSC will then analyse the suspect email and any websites it links to. We will use any additional information you’ve provided to look for and monitor suspicious activity. Whilst the NCSC is unable to inform you of the outcome of its review, we can confirm that we do act upon every message received.
If you believe that your organisation has been the victim of online fraud, scam emails or extortion, you should report this through the Action Fraud website or by calling 0300 123 2040. If you live in Scotland, you should report to Police Scotland by calling 101. Next your incident will be passed to the National Fraud Intelligence Bureau (NFIB) who will review your report and conduct a range of enquiries, it may then get passed to the relevant police agency. You will be kept informed of the status of your report.
Spotting scam messages and phone calls is becoming increasingly difficult. Many scams will even fool the experts. However, there are some tricks that criminals will use to try and get you to respond without thinking. Check what things to look out for.
What to do if you are the victim of a phishing attack
If you believe you have been the victim of online fraud, scam emails or extortion, you should report this through the Action Fraud website or by calling 0300 123 2040. If you live in Scotland, you should report to Police Scotland by calling 101. Next your incident will be passed to the National Fraud Intelligence Bureau (NFIB) who will review your report and conduct a range of enquiries, it may then get passed to the relevant police agency. You will be kept informed of the status of your report.
The NCSC is the UK’s lead technical authority on cyber security and offers unrivalled real-time threat analysis, defence against national cyber attacks and tailored advice to victims when incidents do happen.
A range of guidance for small and medium-sized organisations can be found on the NCSC website.
View all News