Coronavirus: Stay vigilant for phishing and smishing attempts

Not much is predictable at the moment, but the eternal opportunism of cyber criminals is something you can bank on (or rather they can).

With so many of us adapting to working remotely and preoccupied with worry, this is a plea to stay on the lookout for hiding (by email) or smishing (by text message) attempts.

Here’s an example of one I received yesterday, beautifully timed for Mothers’ Day:

text message phishing smishing attempt

This was a pretty rubbish attempt, to be honest.

Let’s look at the clues:

  1. No idea who it is from (probably more effective claiming to be from something like Paypal, but then they risk getting the wrong supplier so they are going for the scattergun approach)
  2. Poor grammar “act off 1974”
  3. Link doesn’t even look credible – no attempt to spoof a real site (e.g. something like

So I didn’t click and have no idea what I would have faced if I did. But some people will have and some will be out of pocket as a result.

And please be aware that many phishing attempts are much more persuasive and likely to catch us off guard.

Here’s another one I had, timed to coincide with self-assessment tax returns having recently been submitted:

hmrc phishing smishing text

This one gets more right:

  1. The timing was perfect
  2. The return was enticing and credible
  3. The URL (at a first glance) look more genuine

Luckily I spotted the actual domain name – the last bit between the full spot on .com and the full stop before – .claims-gb – and realised it was a spoof.

I am aware others weren’t so lucky.

The Coronavirus seems to have led to a surge in phishing and smishing attempts. I haven’t yet seen one personally actually using the virus/health information, but I’m sure it is only a matter of time…

“URGENT: due to your medical history, the NHS has issued urgent new coronavirus advice for you – click to read now https:/nhs/”

Reckon that would get any clicks right now? Sadly, I do.

So please be on your guard. Never trust an incoming link. If in any doubt, do to the website/app directly and check the information. Or phone a public number.

Stay safe!