Support 100 years of independent journalism.

  1. Science & Tech
21 March 2020updated 01 Jul 2021 1:14pm

“Phishing emails work better in a pandemic”: how Covid-19 led to a surge in cybercrime

Attackers are using people's fears to prey on businesses and individuals.

By Oscar Williams

On Sunday 15 March, staff working at the US Health and Human Services Department (HHS) observed an unusual spike in traffic to their servers. US officials believe the attack, which hit HHS’s systems millions of times, had been designed to frustrate the health agency’s response to the coronavirus outbreak.

One official, who spoke to Bloomberg anonymously, revealed that while the source of the attack is yet to be determined, a foreign state actor may have been responsible. Speaking to the New Statesman, Alan Woodward, a professor of cyber security at Surrey University, warned that if a nation was found to have carried out an attack on another state’s infrastructure during the outbreak, they would “reap the whirlwind afterwards”.

Such an attack on a country’s health system would likely be seen as “tantamount to a declaration of war”, Woodward explains. “In a time of national crisis, if someone’s attacking key critical services, that’s way out of the realm of a little bit of virtual warfare. That’s actually affecting real people in a tangible way, potentially causing deaths.” Only states that do not care for their own populations, which may suffer the consequences of retaliation, would be “stupid enough” to carry out such an attack during an international crisis, Woodward says.

While there is still some uncertainty over who launched the attack on the HHS, what’s clear is that the global cyber-crime industry, which is estimated to generate more than £1tn a year, is seeking to profit from a crisis that has left citizens, businesses and public sector organisations acutely vulnerable. Widespread disruption to industry, twinned with heightened levels of anxiety, plays into hackers’ hands, and business leaders are now reporting a surge in the number of attacks.

Healthcare organisations may be particularly exposed. On 12 and 13 March Brno University Hospital, one of the Czech Republic’s primary Covid-19 testing centres, suffered a suspected ransomware attack that, according to reports, forced staff to relocate some patients. Providers of essential services have become a prime target for hackers in recent years. Hackers see them as attractive for one key reason: they face enormous pressure from both taxpayers, and their insurers, to pay up and resume normal operations. In the midst of the Covid-19 outbreak, hospitals may be even more willing to do so. “I’ve got a sinking feeling that they could become targets,” says Woodward.

Select and enter your email address Quick and essential guide to domestic and global politics from the New Statesman's politics team. A weekly newsletter helping you fit together the pieces of the global economic slowdown. The New Statesman’s global affairs newsletter, every Monday and Friday. The best of the New Statesman, delivered to your inbox every weekday morning. The New Statesman’s weekly environment email on the politics, business and culture of the climate and nature crises - in your inbox every Thursday. Our weekly culture newsletter – from books and art to pop culture and memes – sent every Friday. A weekly round-up of some of the best articles featured in the most recent issue of the New Statesman, sent each Saturday. A newsletter showcasing the finest writing from the ideas section and the NS archive, covering political ideas, philosophy, criticism and intellectual history - sent every Wednesday. Sign up to receive information regarding NS events, subscription offers & product updates.
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy

In light of the WannaCry ransomware campaign in 2017, the NHS has made a major investment in hospitals’ cyber defences, and it’s hoped that the health service would be better protected in the event of another attack.

Content from our partners
The cost-of-living crisis is hitting small businesses – Liz Truss must act
How industry is key for net zero
How to ensure net zero brings good growth and green jobs

But while healthcare organisations internationally might be at particular risk, citizens and businesses are being advised to be vigilant to scam emails attempting to exploit people’s concerns about the virus. The World Health Organisation is one of the many organisations scammers are seeking to impersonate. “The spread of fear is just as contagious as COVID-19,” says Jake Moore, a former police officer who specialised in cyber crime and now works for the security firm ESET. “Phishing emails work better in a pandemic.”

Earlier this week, the UK’s National Cyber Security Centre issued a warning about such scams. “Techniques seen since the start of the year include bogus emails with links claiming to have important updates, which once clicked on lead to devices being infected,” the NCSC revealed in a statement. “These ‘phishing’ attempts have been seen in several countries and can lead to loss of money and sensitive data.” One allegedly state-sponsored actor is using coronavirus-themed documents to deploy malicious software on to targets’ systems.

The NCSC, a division of GCHQ, has taken steps over the last week to remove sites which use the viral outbreak as a way of luring victims into clicking on links that deliver malware or harvest information. “Our advice to the public is to follow our guidance, which includes everything from password advice to spotting suspect emails,” said NCSC’s director of operations Paul Chichester. “In the event that someone does fall victim to a phishing attempt, they should look to report this to Action Fraud as soon as possible.”

The NCSC lists a number of tips for spotting phishing emails on its website. The agency advises businesses and individuals to watch for poor grammar, punctuation and spelling, oddities in design, and the use of “valued customer”, or “friend” rather than a name as the hallmarks of phishing emails.

Threats – emails that ask the recipient to act urgently, “send details within 24 hours” or “click here immediately” are major red flags, as are offers of money or access to private information.

Woodward reiterates NCSC’s advice. “I’m afraid it’s business as normal,” he says. “Assume nothing, believe no-one, and check everything.”

Topics in this article: