Phishing Attacks and Covid-19

Posted 17 April 2020 in , TM3 News, Business and Marketing, Support

Data security is a vital component in the work we do at Blue Zinc, ensuring the data of both clinics and their clients is protected to the highest possible levels.


You may not know but we became ISO 27001 accredited last year, a certification that stands our data security head and shoulders above others in the industry. In light of the unprecedented times that we are living in, our Chief Information Security Officer Suzy Williams has shared her thoughts on the current risks of phishing attacks and how you can protect yourself from harm.

Whilst the country stands united in the fight against COVID-19 there remains an element of our global society that continue to actively pursue the exploitation of individuals or companies for financial gain. In fact, whilst the infection rate increases, so does the number of campaigns that are using the disease as a lure or a “hook”. Research by cybersecurity company Trend Micro estimates that approx. 20% of global malicious, coronavirus related, spam were sent to UK email addresses.

So, what should you look out for and how do you protect yourself against this ever-evolving threat?

Firstly, arm yourself with knowledge, a number of government supported websites provide advice and guidance on how to stay safe online and what to do should you fall foul of the scammers. Some tips on how to spot a fake email include:

  • You do not know the sender, or you are not expecting correspondence from them. Limit the amount of unsolicited emails you get by ensuring you tick or untick any default boxes when subscribing or signing up for services; this will not only limit the amount of mail you get but could make it easier to spot the authentic emails from the fraudulent.

  • The message is conveying an offer that appears too good to be true e.g. Hurry, 50% off whilst stocks last!

  • Contains spelling mistakes (designed to circumvent spam filters) e.g. G0V spelt with a zero instead of GOV.

  • There is an attachment, or a link, contained within the message; this could allow the originator of the message to either harvest sensitive personal data or financial details or to deliver malicious software to your device. If the email is from a company you do business with, log into your account via your normal, trusted route and enquire with the organisation if the email or text is legitimate. NEVER click on an attachment or a link unless you are sure it is safe and from a legitimate source.

  • The salutation/sign off or the terminology contained within the email or text is different to what you would normally expect to see e.g. your boss normally calls you Suzy but his email refers to you as Suzanne.

    Trust your instincts, if something doesn’t look right or you suspect that it may not be legitimate do not respond until you have verified its authenticity. You can do this by contacting the sender via a trusted means e.g. login via the company’s official website, call the official customer service line etc.

What if you have already fallen foul of a phishing scam?

If you do find that you have been in receipt of one of these scam emails then there are a few things you can do to limit any further exposure, these include:

  • DO NOT reply to the email or text message, even to acknowledge that you have sussed that it is a fraudulent email. Responding to the email or text simply confirms to the scammer that the email address or phone number is “active”, and it will allow them to target you further.

  • Forward the email in question to your “Spam” folder or block the number on your phone, both will ensure that any further correspondence is either blocked completely or relegated to your spam folder therefore limiting the chance of your accidently clicking on an attachment or a link. Some fraudsters aim to hit the same account several times in order to increase pressure on the recipient and provoke them into action.

  • If you do receive a fraudulent email from what looks like a company you do business with, let them know! Reporting this type of activity allows the company in question to investigate and potentially act against such fraudsters.

  • If you do become a victim of fraud it is important that you report it to the relevant authorities including your bank or financial institution.

As more and more of us are now working from home and at a time when both your business and finances matter more than ever, staying safe online and knowing what to look out for when it comes to identifying fraudulent activity is key to protecting yourself against online crime.

Remember, most fraudulent emails are looking to elicit an action from you either through curiosity, urgency, appeal or tapping into our desire to help others. Take a minute to ask if the correspondence looks genuine, question its validity, and check its authenticity but if you do fall foul of the scammers, report it immediately!

Book a Demo

Start finding ways to improve your clinic and patient experience now.