Coronavirus has been a boon for cybercriminals

Written by Sam Trendall on 9 July 2020 in Features

Fake online shops, malware, phishing emails and ransomware attacks on hospitals have been among the scams perpetrated by bad actors during the pandemic

Credit: Alberto Pezzali/NurPhoto/PA Images

The UK was just a few days into lockdown when a senior officer at the National Crime Agency warned the public that “criminals are exploiting the Covid-19 pandemic to scam people in a variety of ways – and this is only likely to increase”.

That warning, from Graeme Biggar of the NCA’s National Economic Crime Centre – was the first of many that have been issued in the weeks since.

In any walk of life, crises are a fertile breeding ground for opportunism. And cybercriminals are an unusually opportunistic group to begin with.

The NCA’s initial warning, issued on 26 March, highlighted a number of potential threats it urged the public to look out for. 

“Criminals are targeting people looking to buy medical supplies online, sending emails offering fake medical support and scamming people who may be vulnerable or increasingly isolated at home,” the agency said. “Reports from the public have already included online shopping scams where people have ordered protective face masks, hand sanitiser, and other products, which have never arrived and a number of cases have been identified where fake testing kits have been offered for sale.”

Related content

Fraudsters were also appropriating government branding, included some who purported to represent HMRC in phishing-scam phone calls, texts, and emails sent to citizens, according to the NCA.

In addition to exploiting people’s health and financial concerns, criminals also saw an opportunity in the sudden prevalence of homeworking. 

“Huge increases in the number of people working remotely mean that significantly more people will be vulnerable to computer service fraud where criminals will try and convince you to provide access to your computer or divulge your logon details and passwords,” the NCA said. 

It is often noted that cybercrime knows no boundaries and, not long after the warning from UK authorities, European agency Interpol issued its own guidance: “Cybercriminals are attacking the computer networks and systems of individuals, businesses and even global organisations at a time when cyber defences might be lowered due to the shift of focus to the health crisis.”

Interpol picked out several types of attack that bad actors might look to perpetrate in the midst of the pandemic.

The first was the use of “malicious domains”, with many criminals attempting to exploit those looking for information or assistance online by registering domain names including terms such as ‘coronavirus’ or ‘covid-19’.

The use of malware, through spam emails or embedding in online tools such as “interactive coronavirus maps and websites” was another attack method picked out by Interpol. 

Perhaps most worryingly of all, the agency noted an uptick in healthcare facilities being targeted with ransomware – the same form of malicious program used in the WannaCry attack that brought huge disruption to the NHS in 2017.

“Hospitals, medical centres and public institutions are being targeted by cybercriminals for ransomware attacks – since they are overwhelmed with the health crisis and cannot afford to be locked out of their systems, the criminals believe they are likely to pay the ransom,” Interpol said. “The ransomware can enter their systems through emails containing infected links or attachments, compromised employee credentials, or by exploiting a vulnerability in the system.”

Raising awareness
To help combat the increased threat, in April the UK National Cyber Security Centre launched its Cyber Aware campaign to provide advice to the public on how to stay safe online during the coronavirus pandemic. 

The initiative sought to promote simple best practice, including six top tips: create a separate password for your email; create a strong password using three random words; save your passwords in your browser; turn on two-factor authentication; update your devices; and turn on backup.

The campaign came on the back of the NCSC having taken down more than 2,000 online scam operations during the opening weeks of the crisis. 

This included 471 fake online stores purporting to sell coronavirus-related goods, 200 phishing sites, 555 sites distributing malware, and 832 frauds in which an initial payment is sought in return for a large sum of money. 

"Criminals are seeking to exploit our greater use of emails, video conferencing and other technologies for their advantage. It’s despicable that they are using the coronavirus outbreak as cover to try to scam and steal from people in their homes."
Security minister James Brokenshire

To help it detect and disable even more threats, the NCSC also launched a service through which the public can report suspected phishing attempts and other suspicious emails, by forwarding the messages in question to

Security minister James Brokenshire said: “Criminals are seeking to exploit our greater use of emails, video conferencing and other technologies for their advantage. It’s despicable that they are using the coronavirus outbreak as cover to try to scam and steal from people in their homes. We all have a part to play in seeing they don’t succeed.”

Brokenshire urged the public to read the NCSC’s guidance and make use of the email-reporting service. 

“They provide important new ways in which we can protect ourselves as well as our families and businesses,” he said.

Coronavirus has provided further proof, as if it were needed, that cybercriminals are also pretty good at finding new ways of doing things. 




This article is part of PublicTechnology's Cyber Week, a dedicated programme of content focused on the threats facing the public sector and the country at large, and how government can best respond. Throughout the week, which is brought to you in association with CyberArk, we will publish interviews, features, analysis and exclusive research looking at - in chronological order - the cyber landscape for defence and national security, businesses, citizens, the NHS, and, finally, central and local government. Click here to access all the content in one place.


About the author

Sam Trendall is editor of PublicTechnology

Share this page




Please login to post a comment or register for a free account.

Related Articles

UK pins 'cynical and reckless' Olympic cyberattacks on Russia
20 October 2020

Government attributes 2018 campaign to Moscow and claims more assaults were planned for cancelled 2020 summer games

Parliamentary officials warned of cyberthreat from Extinction Rebellion
1 September 2020

Civil servants working on select committees were given security advice in expectation of possible attack

British Airways data-breach fine cut from £183m to £20m after ICO considers coronavirus impact
16 October 2020

Airline slapped with record penalty by ICO – albeit one that is grossly reduced on the regulator’s original intention

Related Sponsored Articles

Remote Working Strategy: Making the Right Decisions for the Future
29 October 2020

Many of us have adapted to new ways of working in 2020. Now we’ve mobilised our remote workforces, Six Degrees argues it’s time to review our remote working strategies to ensure we make the right...

Why it is time to change our approach to cybersecurity
29 September 2020

Organisations need to understand that a single cybersecurity solution alone is not infallible and instead should move towards a multi-layered approach to security, according to experts from...

Digital inclusion is vital during the COVID-19 accelerated channel shift
22 September 2020

Accessibility requirements aren’t restrictions that need to be overcome - they’re guidelines to improve online experiences for everyone, says Jadu VP Richard Friend