Coronavirus has been a boon for cybercriminals

Fake online shops, malware, phishing emails and ransomware attacks on hospitals have been among the scams perpetrated by bad actors during the pandemic

Credit: Alberto Pezzali/NurPhoto/PA Images

The UK was just a few days into lockdown when a senior officer at the National Crime Agency warned the public that “criminals are exploiting the Covid-19 pandemic to scam people in a variety of ways – and this is only likely to increase”.

That warning, from Graeme Biggar of the NCA’s National Economic Crime Centre – was the first of many that have been issued in the weeks since.

In any walk of life, crises are a fertile breeding ground for opportunism. And cybercriminals are an unusually opportunistic group to begin with.

The NCA’s initial warning, issued on 26 March, highlighted a number of potential threats it urged the public to look out for. 

“Criminals are targeting people looking to buy medical supplies online, sending emails offering fake medical support and scamming people who may be vulnerable or increasingly isolated at home,” the agency said. “Reports from the public have already included online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which have never arrived and a number of cases have been identified where fake testing kits have been offered for sale.”

Related content

Fraudsters were also appropriating government branding, included some who purported to represent HMRC in phishing-scam phone calls, texts, and emails sent to citizens, according to the NCA.

In addition to exploiting people’s health and financial concerns, criminals also saw an opportunity in the sudden prevalence of homeworking. 

“Huge increases in the number of people working remotely mean that significantly more people will be vulnerable to computer service fraud where criminals will try and convince you to provide access to your computer or divulge your logon details and passwords,” the NCA said. 

It is often noted that cybercrime knows no boundaries and, not long after the warning from UK authorities, European agency Interpol issued its own guidance: “Cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organisations at a time when cyber defences might be lowered due to the shift of focus to the health crisis.”

Interpol picked out several types of attack that bad actors might look to perpetrate in the midst of the pandemic.

The first was the use of “malicious domains”, with many criminals attempting to exploit those looking for information or assistance online by registering domain names including terms such as ‘coronavirus’ or ‘covid-19’.

The use of malware, through spam emails or embedding in online tools such as “interactive coronavirus maps and websites” was another attack method picked out by Interpol. 

Perhaps most worryingly of all, the agency noted an uptick in healthcare facilities being targeted with ransomware – the same form of malicious program used in the WannaCry attack that brought huge disruption to the NHS in 2017.

“Hospitals, medical centres and public institutions are being targeted by cybercriminals for ransomware attacks – since they are overwhelmed with the health crisis and cannot afford to be locked out of their systems, the criminals believe they are likely to pay the ransom,” Interpol said. “The ransomware can enter their systems through emails containing infected links or attachments, compromised employee credentials, or by exploiting a vulnerability in the system.”

Raising awareness
To help combat the increased threat, in April the UK National Cyber Security Centre launched its Cyber Aware campaign to provide advice to the public on how to stay safe online during the coronavirus pandemic. 

The initiative sought to promote simple best practice, including six top tips: create a separate password for your email; create a strong password using three random words; save your passwords in your browser; turn on two-factor authentication; update your devices; and turn on backup.

The campaign came on the back of the NCSC having taken down more than 2,000 online scam operations during the opening weeks of the crisis. 

This included 471 fake online stores purporting to sell coronavirus-related goods, 200 phishing sites, 555 sites distributing malware, and 832 frauds in which an initial payment is sought in return for a large sum of money. 

“Criminals are seeking to exploit our greater use of emails, video conferencing and other technologies for their advantage. It’s despicable that they are using the coronavirus outbreak as cover to try to scam and steal from people in their homes.”
Security minister James Brokenshire

To help it detect and disable even more threats, the NCSC also launched a service through which the public can report suspected phishing attempts and other suspicious emails, by forwarding the messages in question to

Security minister James Brokenshire said: “Criminals are seeking to exploit our greater use of emails, video conferencing and other technologies for their advantage. It’s despicable that they are using the coronavirus outbreak as cover to try to scam and steal from people in their homes. We all have a part to play in seeing they don’t succeed.”

Brokenshire urged the public to read the NCSC’s guidance and make use of the email-reporting service. 

“They provide important new ways in which we can protect ourselves as well as our families and businesses,” he said.

Coronavirus has provided further proof, as if it were needed, that cybercriminals are also pretty good at finding new ways of doing things. 




This article is part of PublicTechnology’s Cyber Week, a dedicated programme of content focused on the threats facing the public sector and the country at large, and how government can best respond. Throughout the week, which is brought to you in association with CyberArk, we will publish interviews, features, analysis and exclusive research looking at – in chronological order – the cyber landscape for defence and national security, businesses, citizens, the NHS, and, finally, central and local government. Click here to access all the content in one place.


Sam Trendall

Learn More →

Leave a Reply

Your email address will not be published. Required fields are marked *

Thank you! Your subscription has been confirmed. You'll hear from us soon.
Subscribe to our newsletter