Information Alert 2 Coronavirus Special Edition - MIAA

Page created by Virgil Duncan
 
CONTINUE READING
Information Alert 2 Coronavirus Special Edition - MIAA
Coronavirus Special Edition

                        Information Alert 2
      Sc
      N am
        o s

                        MIAA Anti-Fraud & Cyber Security Teams                                                             8 April 2020

Coronavirus scams update

This is the second issue of MIAA’s dedicated, regular series of frauds, scams and cyber-crime
alerts related to the COVID-19 emergency. Please read this alert carefully and share it as widely as
                                                                                                         ACTION REQUIRED
possible. This special alert series is intended to provide up-to-date information on scams and fraud
threats, in whatever form, currently in circulation to help prevent NHS staff and organisations from
                                                                                                          MIAA recommends this
falling victim.                                                                                            alert is distributed to:

Government text message scam                                                                                   NHS STAFF
On 30 March 2020, it was reported by Sky News and BBC News that fraudsters are attempting
to use ‘smishing’ scams to exploit the COVID-19 situation. Individuals are understood to be
                                                                                                                  for
receiving text messages from criminals impersonating the government (and banks or other trusted                ACTION &
organisations), offering payments related to the Coronavirus outbreak or claiming to be issuing fines,
with the malicious intention of obtaining personal or financial information or money.
                                                                                                              AWARENESS

On 24 March, the government began sending official text messages (SMS) to people urging them to
stay at home as part of the measures to help combat the virus.                                           For further information or to report
                                                                                                         NHS Fraud contact:
                                                             Within hours, a number of fake versions     Paul Bell
                                                             of the message began to circulate on        Senior Anti-Fraud Manager
                                                             social media, including one that told           151 285 4500
                                                                                                            0
                                                             people that they had been fined for            07552 253068
                                                             breaking the rules. This fake SMS               aul.bell@miaa.nhs.uk
                                                                                                            p
                                                             message told the recipient that their          paul.bell2@nhs.net
                                                             movements had been monitored through
                                                             their phone and that they must pay a fine
                                                             or face a more severe penalty.

                                                             Another fake government SMS message
                                                             informed the recipient that ‘it has come
                                                             to our attention that you have been out
                                                             of the house more than once. Due to this    If you are concerned that you are a
                                                             irresponsible behaviour, we are issuing a   victim of a cyber-crime or want to know
                                                             formal warning and a £250 fine’. Similar    how to improve your organisation’s
                                                             fake messages have been reported from       cyber resilience, contact:
                                                             ‘HMRC’, targeting the self-employed,
                                                                                                         Tony Cobain
and from the ‘Local Authority’ offering residents the opportunity to claim £458 of Coronavirus aid by
clicking on a link.                                                                                      Assistant Director (Informatics)
                                                                                                             07770 971 006
Action(s) to take: Individuals should be aware that, as of 8 April 2020, the Government has issued          Tony.Cobain@miaa.nhs.uk
only one official text message (SMS) - all other messages will be fake. Individuals are advised not to
respond to text messages or click on links contained in text messages from unknown sources. It is
also unlikely that UK Government texts will request recipients to respond.

    www.miaa.nhs.uk        @MIAANHS         MIAA      MIAA
Information Alert 2 Coronavirus Special Edition - MIAA
‘Helping hand’ door step scam
On 3 April 2020, it was reported by BBC News that a 92 year old woman living in Oldham was tricked by thieves into believing that her neighbour
had died of coronavirus so that they could raid her home. They knocked on her door, lied about the death and offered to clean her house, but instead
they stole a purse, money and jewellery.

Action(s) to take: Be wary of all strangers who knock at the door. Do not open the door or allow them in to your home. The Local Government
Association (LGA) advises anyone who is stuck without food or medical supplies, or lonely due to self-isolation, and who does not have any family or
friends or neighbours that they know in the area, to contact their local council in the first instance. All official charity workers should carry appropriate
ID. If in any doubt, individuals are advised to contact the relevant charity via their central telephone number to verify the identity of the individual or, if
possible, a friend or neighbour to provide assistance.

Ransomware
                                                                          On 4 April 2020, Interpol issued a global warning that hospitals and medical
                                                                          services have become targets of ransomware attacks, designed to lock them
                                                                          out of their critical systems in an attempt to extort payments. Intended victims
                                                                          are understood to be receiving emails falsely claiming to contain government
                                                                          agency advice or information regarding coronavirus that encourage the
                                                                          recipient to click on an infected link or attachment.

                                                                          Action(s) to take: Health organisations should ensure that their hardware and
                                                                          software are regularly kept up-to-date and that their essential files are backed
                                                                          up and stored separately from their main systems. Email systems should be
                                                                          secured to protect them from spam that could be infected. All systems and
                                                                          mobile devices should have the most up-to-date anti-virus software installed
                                                                          and running at all times. Strong and unique passwords should be used for
                                                                          all systems, and updated on a regular basis. Any concerns regarding health
                                                                          bodies’ cyber security provisions should be referred to MIAA’s Assistant
                                                                          Director (Informatics) - see page 1 for contact details.

Individuals should only open emails or download software and/or applications from trusted sources. Do not click on links or open attachments in
emails that are not expected, or that come from an unknown sender. In particular, be suspicious of anything with an urgent tone that invites you to
open an attachment or click on a link.

Look out for poor grammar and spelling errors and emails that begin impersonally with ‘Dear Sir’ or ‘Dear Customer’. If in any doubt, phone the
genuine company or person via an established or known number to verify.
Above all, take your time and think before you click.

Supplies theft
On 30 March 2020, it was reported by BBC News that a man dressed in
doctor’s scrubs and wearing a stethoscope had attempted to gain entry
to Bradford Royal Infirmary before running away after being challenged
by a security guard for ID. It was speculated that the man was possibly
attempting to steal supplies, or possibly drugs, and it was reported that there
had already been thefts of surgical gowns, masks, protective equipment and
sanitisers before the incident occurred.

On 8 April 2020, it was reported by Sky News that a man has been jailed
for three months for stealing face masks from King’s College Hospital in
London. Lerun Hussain, 34, was caught by security staff on 5 April stealing
three surgical face masks, and subsequently arrested by the Police after
being detained. He pleaded guilty to theft on 7 April at Croydon Magistrates’
Court.
Information Alert 2 Coronavirus Special Edition - MIAA
Action(s) to take: With the influx of additional personnel to the NHS, don’t be afraid to challenge unfamiliar faces for their ID badges, particularly
individuals in sensitive areas or around store rooms containing vital equipment, food or medical supplies. Challenging times can mean individuals
may resort to desperate measures to get what they need. Health organisations are advised to review the robustness of their arrangements for the
storage of supplies, including surgical gowns, masks, protective equipment and sanitisers, to mitigate against the increased risk of theft.

Whilst this period of uncertainty has witnessed an increase in Coronavirus-related fraud scams and threats, it is appropriate to acknowledge that
vigilance against non-Coronavirus-related fraud scams and threats remains equally important as all fraudsters look to exploit the crisis.

HR and payroll bank mandate fraud incidents
                                                                          A health organisation and a payroll provider in the North West have recently
                                                                          fallen victim to phishing attacks by criminals targeting changes to bank
                                                                          accounts that staff members have their salaries paid into. In both incidents,
                                                                          HR and Payroll received emails from fraudsters pretending to be employees,
                                                                          requesting that the bank account details that their salary was paid into be
                                                                          changed. On both occasions, appropriate checks - in line with existing fraud
                                                                          prevention guidance - were not properly carried out by the organisations in
                                                                          question and the fraudulent bank account changes were actioned.

                                                                          Action(s) to take: Health organisations, in conjunction with payroll
                                                                          providers, should run audit logs of bank account changes to identify any staff
                                                                          whose bank details have been changed to check this back with staff that the
                                                                          change was authorised by them and not the fraudster. Relevant staff who
                                                                          require sight of the appropriate fraud prevention guidance in this area should
                                                                          contact their Anti-Fraud Specialist.

Agreement of Balances code email scam
A health organisation has recently reported receiving emails from a fraudster inviting the recipient to click on a link to access documents. The email
address of the sender had been ‘socially engineered’ to display the Agreement of
Balances (AoB) code ‘RFQ’ which is not part of the AoB contact list.

Action(s) to take: Individuals are advised to be aware of ‘social engineering’
techniques used by fraudsters to make fake emails look genuine, including the use
of AoB codes in the sender email address, email signature and branding.

Fraud targeting via Social Media
It has been reported that fraudsters may be harvesting information from social
media in order to target people for fraud. A payroll officer recently reported
receiving an email requesting a change to Direct Debit details from a fraudster. The
recipient identified the fraudulent email because of anomalies in both the email
sender’s address and the content of the email. The individual was targeted via
their LinkedIn account; the sender of the e-mail viewed their profile the day before
sending the fraudulent request.

There is currently a chain message circulating on Facebook where recipients
are invited to answer a series of questions about themselves such as ‘What was
your favourite teacher’s name?’ or ‘Who was your childhood best friend?’ and then
forward the post on for their friends to answer. People should be warned that these
types of questions are the same questions that are asked as security questions
when setting up bank accounts and credit card accounts. Hackers are setting these posts up as “get to know each other better” games but their
malicious intention is to harvest personal data and information that can later be used for fraudulent purposes, such as hacking individual’s accounts
or opening new lines of credit in their name.

Action(s) to take: Individuals should be aware that the information that is added to LinkedIn and other social media accounts can be used
by fraudsters to target them and their organisation. Individuals are advised to redact their accounts and/or adjust their privacy settings and
Information Alert 2 Coronavirus Special Edition - MIAA
remain vigilant. Individuals are advised to refrain from posting personal information on chain messages that may later be used by fraudsters for
unscrupulous purposes.

Other actions to take:

1. Report all suspicious and spam emails as an attachment to spamreports@nhs.net (click here for step-by-step instructions). Also, report any
   coronavirus-related attempted scams to your Anti-Fraud Specialist. All successful phishing attempts should be reported to Action Fraud at
   https://www.actionfraud.police.uk or on 0300 123 2040.

2. To report any concerns or suspicions of fraud, bribery or corruption, please contact your Anti-Fraud Specialist (see page 1 for contact details).
   You can also contact the national NHS Fraud and Corruption Reporting Line on 0800 028 40 60 or online at https://cfa.nhs.uk/reportfraud

To stay up-to-date on the latest coronavirus scams, please visit:

l MIAA - https://www.miaa.nhs.uk/insights/fraud-alerts-news

l Action Fraud (National Fraud Intelligence Bureau) - https://www.actionfraud.police.uk/news

l Chartered Trading Standards Institute (CTSI) - https://www.tradingstandards.uk/news-policy/news-room

Other Useful Documents:

l HFMA: Identifying malicious e-mails - Eight red flags to help identify malicious e-mails -
 https://www.hfma.org.uk/publications/details/identifying-malicious-emails

l ACCA: A warning be vigilant - coronavirus scams - Examples of scams and how to reduce your risk -
 https://i.emlfiles4.com/cmpdoc/2/5/6/6/2/files/660004_coronavirus-scams.pdf

l National Cyber Security Centre: Home working: preparing your organisation and staff - Advice on preparing for an increase in home working and
Information Alert 2 Coronavirus Special Edition - MIAA Information Alert 2 Coronavirus Special Edition - MIAA Information Alert 2 Coronavirus Special Edition - MIAA Information Alert 2 Coronavirus Special Edition - MIAA
You can also read