As businesses around the world accommodate new working conditions as a result of the COVID-19 (Coronavirus) pandemic, cyber criminals are capitalising on the opportunity to exploit businesses during a time when they are distracted and most vulnerable.

With reports of mass phishing emails purporting to be updates or providing resources regarding Coronavirus in circulation, we wanted to remind you of the steps you can take to help keep your business safe. 

What is a phishing email?

A phishing email is a type of cyber-attack carried out through email, with the intent of duping the recipient into giving away sensitive information or access to their company’s network.

Emails appear to be from trusted organisations or authorities such as health services, government or IT system providers where the attackers use malware in the form of attachments or website links. Phishing can also be carried out via telephone.

In today’s circumstances, the content of phishing emails can include Coronavirus outbreak maps, emails from suppliers regarding orders or updates, or even pretending to be your own company’s IT department or outsourced provider.

What is malware?

Malware (or malicious software) is a type of software intentionally designed to cause damage to a computer, server, client, or computer network.

Tips on identifying a phishing email:

  • From email - Review the from email and subject line, do they look unusual?
  • Check the greeting – If the email is from a known source it is likely that they will have your name, therefore a generic greeting can be a warning sign.
  • Content - Be aware of the language, grammar and typos – how well is it written? 
  • Format - Cyber criminals often mirror the branding and fonts of companies as a disguise, however there will be noticeable differences.
  • Links – Hover over the links to see where it links through to, does the website URL match what the email claims?
  • Email footer - Review the email footer as the information it contains can help identify a phishing email. 
  • Past communications - If the phishing email is posing as a trusted organisation, consider how they have communicated with you in the past (if ever). Is it unusual for them to contact you via email? Banks for example will not ask clients for information by email or telephone.

What to do if you believe you have encountered a phishing email:

  • Do not open any links or attachments included in the suspect email.
  • Speak to your IT department or outsourced IT provider immediately.
  • If possible, communicate with colleagues and/or marketing department to notify all colleagues of the phishing email once confirmed as harmful.

What to do if your systems have been breached:

Speak to your IT department or outsourced IT provider immediately.

If you have a cyber policy in place:

  • Contact your breach response hotline with your IT department (or outsourced IT provider) immediately using the contact information included in your policy.
  • Provide them with full details of what has happened.
  • Contact your insurance broker who will be able to liaise with your insurer.

As working from home becomes the new norm, many businesses and their employees will now be working on less-secure networks. To avoid being scammed, it is essential for all employees to be aware of the cyber security standards and to approach all emails and calls with a sense of caution.

To help mitigate the threat posed by cyber criminals it is strongly advised that all internet users display heightened vigilance in the content they access and share. Ensure that your company has the most up-to-date versions of you antivirus software.

Additional resources:

National Cyber Security Centre - Cyber experts step in as criminals seek to exploit Coronavirus fears
Information Commissioner’s Office - Data protection and Coronavirus information hub

Contact our experts

A cyber insurance policy provides businesses with essential support in the event of a cyber-attack or breach and can include emergency response, business interruption and PR costs.

You can contact our cyber experts directly, or if you are an existing Miller client, speak to your main Miller contact.