UK coronavirus phishing scam uses phony emails: How to stay safe

phishing email scams
(Image credit: Shutterstock)

Cyber crooks are trying to steal passwords for small-business Microsoft accounts in the U.K. by sending phony emails promising government relief funds for businesses shut down by the coronavirus. 

In a blog posting yesterday (June 10), researchers from Abnormal Security say the email phishing campaign is posing as correspondence from the UK Government’s Small Business Grants Fund (SGF). 

“This attack is attempting to exploit current efforts by the government to provide relief funds for small business owners affected by Covid-19 closures and shelter-in-place orders," the Abnormal Security report says.

“Although the requirements vary by country, applicants do have to provide documents proving their eligibility," it says. "Since applicants are expecting email correspondence, this provides attackers with a unique opportunity to impersonate legitimate authorities and extract sensitive information from customers.”

  • Keep occupied and access iPlayer outside the UK with an iPlayer VPN

 Thousands of scam emails sent 

The phishing email, estimated to have been sent between 1,000 and 5,000 times via an official Dropbox domain, asks recipients to click on a file called “COVID-19-Relief-Payment.PDF”.

Abnormal Security explains that the attack is a two-step process.

“The first step is the link provided in the email that leads to a standard Dropbox transfer landing page with the enablement [sic] to download the file. After clicking on the download button, the page is redirected to a phishing landing page.”

The second step directs users to a landing page containing an Office 365 image and a button that asks the user to “Access Document”. The researchers warned that this is where the intent is revealed, which is to gain access to the user’s Microsoft username and password.

Once the recipient follows these instructions and fills out the provided forms, the researchers say that their Microsoft credentials will be compromised and can result in financial loss.

This attack is effective for several reasons. Users are asked to complete the form urgently, the email comes from a convincing sender and uses legitimate email headers, and the user may be expecting correspondence anyway if they’ve already applied for the fund. 

To make sure you don't fall victim to this scam, enable two-factor authentication on your Microsoft account. That will make it much more difficult for crooks to access the account, even if they do manage to steal your username and password.

TOPICS

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Independent, the Daily Telegraph, The Next Web, T3, Android Central, Computer Weekly, and many others. He also happens to be a diehard Mariah Carey fan!

Latest in Online Security
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Best antivirus software
How does antivirus software work
and image of the Google Chrome logo on a laptop
Google Chrome at risk from shape-shifting browser extensions — how to stay safe
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Tuesday, March 11 (#639)
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Gmail logo on iPhone
Gmail just got a huge AI upgrade that will save you a ton of time
Xbox handheld
Xbox handheld reportedly arriving this year, new PC-like console in 2027
Concept image of foldable iPad
Apple reportedly has an 18.8-inch foldable iPad prototype with under-display Face ID
Adam Scott in "Severance," now streaming on Apple TV Plus.
'Severance' season 2 finale runtime just revealed — expect a violent finale