Beware these coronavirus hacking threats, UK and US agencies warn

Hackers are using COVID-19 to target people and their employers, say the UK's National Cyber Security Centre and the US' Cybersecurity and Infrastructure Security Agency.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
2 min read

Hackers are using coronavirus fears and anxiety to target internet users, government agencies from the UK and US said Wednesday.

Angela Lang/CNET

Hackers are using the coronavirus pandemic to target internet users, according to a warning Wednesday from two cybersecurity agencies. The UK's National Cyber Security Centre and the US Cybersecurity and Infrastructure Security Agency put out a joint statement saying the pandemic is an attractive tool for cybercriminals and state-sponsored hackers, who can use the fears and anxieties caused by COVID-19 to trick people.

"An increasing number of malicious cyber actors are exploiting the current COVID-19 pandemic for their own objectives," the agencies said in a joint statement.

That's not to say that hackers are hacking more. Some cybersecurity companies have said they've seen an increase in overall hacking activity, but the two agencies, as well as Microsoft, said Wednesday that levels of hacking have stayed the same. What's changed is the way hackers are targeting internet users.

Watch this: Best practices for safe shopping, delivery and takeout in the age of coronavirus

"They know many are clicking without looking because stress levels are high and they're taking advantage of that," Rob Lefferts, corporate vice president for Microsoft 365 Security, said in a blog post.

The advisory contains a list of more than 2,500 data points from coronavirus-related hacking threats. The information is meant to help people defending computer systems find signs of hackers trying to break into systems. The agencies said the list is "non-exhaustive," and noted that the pandemic is changing quickly, and so could the way hackers try to use it to their advantage.

Fraud experts have warned that for people at home now, hacking isn't the only thing to worry about. There are also scams that'll try to take people's money in exchange for information, cures or masks and other forms of protection that turn out to be bogus. Everyone is well served by taking a moment and remembering that criminals could be trying to take advantage of regular people during this disruptive world event.

The hacking threats come at a time when more people are working from home as part of stay-at-home orders meant to slow the spread of the virus. That means personal devices and systems linked to businesses both might be more vulnerable, the agencies said. In an advisory, the agencies provided resources on how individuals and companies can protect themselves from these attacks, including how to spot suspicious email attachments, phishing emails, scams and ransomware attacks.

Our new reality now that coronavirus has sent the world online

See all photos