Information Alert 2 Coronavirus Special Edition - MIAA
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Coronavirus Special Edition
Information Alert 2
Sc
N am
o s
MIAA Anti-Fraud & Cyber Security Teams 8 April 2020
Coronavirus scams update
This is the second issue of MIAA’s dedicated, regular series of frauds, scams and cyber-crime
alerts related to the COVID-19 emergency. Please read this alert carefully and share it as widely as
ACTION REQUIRED
possible. This special alert series is intended to provide up-to-date information on scams and fraud
threats, in whatever form, currently in circulation to help prevent NHS staff and organisations from
MIAA recommends this
falling victim. alert is distributed to:
Government text message scam NHS STAFF
On 30 March 2020, it was reported by Sky News and BBC News that fraudsters are attempting
to use ‘smishing’ scams to exploit the COVID-19 situation. Individuals are understood to be
for
receiving text messages from criminals impersonating the government (and banks or other trusted ACTION &
organisations), offering payments related to the Coronavirus outbreak or claiming to be issuing fines,
with the malicious intention of obtaining personal or financial information or money.
AWARENESS
On 24 March, the government began sending official text messages (SMS) to people urging them to
stay at home as part of the measures to help combat the virus. For further information or to report
NHS Fraud contact:
Within hours, a number of fake versions Paul Bell
of the message began to circulate on Senior Anti-Fraud Manager
social media, including one that told 151 285 4500
0
people that they had been fined for 07552 253068
breaking the rules. This fake SMS aul.bell@miaa.nhs.uk
p
message told the recipient that their paul.bell2@nhs.net
movements had been monitored through
their phone and that they must pay a fine
or face a more severe penalty.
Another fake government SMS message
informed the recipient that ‘it has come
to our attention that you have been out
of the house more than once. Due to this If you are concerned that you are a
irresponsible behaviour, we are issuing a victim of a cyber-crime or want to know
formal warning and a £250 fine’. Similar how to improve your organisation’s
fake messages have been reported from cyber resilience, contact:
‘HMRC’, targeting the self-employed,
Tony Cobain
and from the ‘Local Authority’ offering residents the opportunity to claim £458 of Coronavirus aid by
clicking on a link. Assistant Director (Informatics)
07770 971 006
Action(s) to take: Individuals should be aware that, as of 8 April 2020, the Government has issued Tony.Cobain@miaa.nhs.uk
only one official text message (SMS) - all other messages will be fake. Individuals are advised not to
respond to text messages or click on links contained in text messages from unknown sources. It is
also unlikely that UK Government texts will request recipients to respond.
www.miaa.nhs.uk @MIAANHS MIAA MIAA
‘Helping hand’ door step scam
On 3 April 2020, it was reported by BBC News that a 92 year old woman living in Oldham was tricked by thieves into believing that her neighbour
had died of coronavirus so that they could raid her home. They knocked on her door, lied about the death and offered to clean her house, but instead
they stole a purse, money and jewellery.
Action(s) to take: Be wary of all strangers who knock at the door. Do not open the door or allow them in to your home. The Local Government
Association (LGA) advises anyone who is stuck without food or medical supplies, or lonely due to self-isolation, and who does not have any family or
friends or neighbours that they know in the area, to contact their local council in the first instance. All official charity workers should carry appropriate
ID. If in any doubt, individuals are advised to contact the relevant charity via their central telephone number to verify the identity of the individual or, if
possible, a friend or neighbour to provide assistance.
Ransomware
On 4 April 2020, Interpol issued a global warning that hospitals and medical
services have become targets of ransomware attacks, designed to lock them
out of their critical systems in an attempt to extort payments. Intended victims
are understood to be receiving emails falsely claiming to contain government
agency advice or information regarding coronavirus that encourage the
recipient to click on an infected link or attachment.
Action(s) to take: Health organisations should ensure that their hardware and
software are regularly kept up-to-date and that their essential files are backed
up and stored separately from their main systems. Email systems should be
secured to protect them from spam that could be infected. All systems and
mobile devices should have the most up-to-date anti-virus software installed
and running at all times. Strong and unique passwords should be used for
all systems, and updated on a regular basis. Any concerns regarding health
bodies’ cyber security provisions should be referred to MIAA’s Assistant
Director (Informatics) - see page 1 for contact details.
Individuals should only open emails or download software and/or applications from trusted sources. Do not click on links or open attachments in
emails that are not expected, or that come from an unknown sender. In particular, be suspicious of anything with an urgent tone that invites you to
open an attachment or click on a link.
Look out for poor grammar and spelling errors and emails that begin impersonally with ‘Dear Sir’ or ‘Dear Customer’. If in any doubt, phone the
genuine company or person via an established or known number to verify.
Above all, take your time and think before you click.
Supplies theft
On 30 March 2020, it was reported by BBC News that a man dressed in
doctor’s scrubs and wearing a stethoscope had attempted to gain entry
to Bradford Royal Infirmary before running away after being challenged
by a security guard for ID. It was speculated that the man was possibly
attempting to steal supplies, or possibly drugs, and it was reported that there
had already been thefts of surgical gowns, masks, protective equipment and
sanitisers before the incident occurred.
On 8 April 2020, it was reported by Sky News that a man has been jailed
for three months for stealing face masks from King’s College Hospital in
London. Lerun Hussain, 34, was caught by security staff on 5 April stealing
three surgical face masks, and subsequently arrested by the Police after
being detained. He pleaded guilty to theft on 7 April at Croydon Magistrates’
Court.
Action(s) to take: With the influx of additional personnel to the NHS, don’t be afraid to challenge unfamiliar faces for their ID badges, particularly
individuals in sensitive areas or around store rooms containing vital equipment, food or medical supplies. Challenging times can mean individuals
may resort to desperate measures to get what they need. Health organisations are advised to review the robustness of their arrangements for the
storage of supplies, including surgical gowns, masks, protective equipment and sanitisers, to mitigate against the increased risk of theft.
Whilst this period of uncertainty has witnessed an increase in Coronavirus-related fraud scams and threats, it is appropriate to acknowledge that
vigilance against non-Coronavirus-related fraud scams and threats remains equally important as all fraudsters look to exploit the crisis.
HR and payroll bank mandate fraud incidents
A health organisation and a payroll provider in the North West have recently
fallen victim to phishing attacks by criminals targeting changes to bank
accounts that staff members have their salaries paid into. In both incidents,
HR and Payroll received emails from fraudsters pretending to be employees,
requesting that the bank account details that their salary was paid into be
changed. On both occasions, appropriate checks - in line with existing fraud
prevention guidance - were not properly carried out by the organisations in
question and the fraudulent bank account changes were actioned.
Action(s) to take: Health organisations, in conjunction with payroll
providers, should run audit logs of bank account changes to identify any staff
whose bank details have been changed to check this back with staff that the
change was authorised by them and not the fraudster. Relevant staff who
require sight of the appropriate fraud prevention guidance in this area should
contact their Anti-Fraud Specialist.
Agreement of Balances code email scam
A health organisation has recently reported receiving emails from a fraudster inviting the recipient to click on a link to access documents. The email
address of the sender had been ‘socially engineered’ to display the Agreement of
Balances (AoB) code ‘RFQ’ which is not part of the AoB contact list.
Action(s) to take: Individuals are advised to be aware of ‘social engineering’
techniques used by fraudsters to make fake emails look genuine, including the use
of AoB codes in the sender email address, email signature and branding.
Fraud targeting via Social Media
It has been reported that fraudsters may be harvesting information from social
media in order to target people for fraud. A payroll officer recently reported
receiving an email requesting a change to Direct Debit details from a fraudster. The
recipient identified the fraudulent email because of anomalies in both the email
sender’s address and the content of the email. The individual was targeted via
their LinkedIn account; the sender of the e-mail viewed their profile the day before
sending the fraudulent request.
There is currently a chain message circulating on Facebook where recipients
are invited to answer a series of questions about themselves such as ‘What was
your favourite teacher’s name?’ or ‘Who was your childhood best friend?’ and then
forward the post on for their friends to answer. People should be warned that these
types of questions are the same questions that are asked as security questions
when setting up bank accounts and credit card accounts. Hackers are setting these posts up as “get to know each other better” games but their
malicious intention is to harvest personal data and information that can later be used for fraudulent purposes, such as hacking individual’s accounts
or opening new lines of credit in their name.
Action(s) to take: Individuals should be aware that the information that is added to LinkedIn and other social media accounts can be used
by fraudsters to target them and their organisation. Individuals are advised to redact their accounts and/or adjust their privacy settings and
remain vigilant. Individuals are advised to refrain from posting personal information on chain messages that may later be used by fraudsters for unscrupulous purposes. Other actions to take: 1. Report all suspicious and spam emails as an attachment to spamreports@nhs.net (click here for step-by-step instructions). Also, report any coronavirus-related attempted scams to your Anti-Fraud Specialist. All successful phishing attempts should be reported to Action Fraud at https://www.actionfraud.police.uk or on 0300 123 2040. 2. To report any concerns or suspicions of fraud, bribery or corruption, please contact your Anti-Fraud Specialist (see page 1 for contact details). You can also contact the national NHS Fraud and Corruption Reporting Line on 0800 028 40 60 or online at https://cfa.nhs.uk/reportfraud To stay up-to-date on the latest coronavirus scams, please visit: l MIAA - https://www.miaa.nhs.uk/insights/fraud-alerts-news l Action Fraud (National Fraud Intelligence Bureau) - https://www.actionfraud.police.uk/news l Chartered Trading Standards Institute (CTSI) - https://www.tradingstandards.uk/news-policy/news-room Other Useful Documents: l HFMA: Identifying malicious e-mails - Eight red flags to help identify malicious e-mails - https://www.hfma.org.uk/publications/details/identifying-malicious-emails l ACCA: A warning be vigilant - coronavirus scams - Examples of scams and how to reduce your risk - https://i.emlfiles4.com/cmpdoc/2/5/6/6/2/files/660004_coronavirus-scams.pdf l National Cyber Security Centre: Home working: preparing your organisation and staff - Advice on preparing for an increase in home working and
You can also read
