Organisations and the public should be alert to phishing emails and spoof websites, and many other scams as criminals are exploiting fears surrounding coronavirus. There has also been an increase in phishing via text message.  

Criminals are also exploiting the move to remote working to send fake messages from Microsoft Teams, Office 365, Zoom and other tools because they know people are using them for the first time and are therefore vulnerable to attacks.

Basic ways to protect yourself include:

1. Check that the message makes sense. This applies not only to the grammar and spelling, but also to the message as a whole. Does what you are being asked to do sound right? Would that person typically ask you to do this action in this way?  
2. Always confirm that a message is genuine by calling the person or organisation involved. Avoid using any numbers featured in correspondence. Look them up separately instead from a source you trust.  
3. Never click on links and attachments, unless you are 100% sure that they have been verified. There is almost always another way to check (e.g. by using your web browser). Often hackers send fake emails that appear to come from your colleagues with a link to a document within your system, e.g. a Microsoft Word document. In reality the link goes to a fake site or other webpage. Checking the link and the message is genuine avoids this.  
4. Stop and think before engaging with any correspondence. This applies not only to emails but to calls/texts/social media messages. Criminals look to apply pressure in some way to force people into making mistakes, so take a step back, don't be rushed, and get a clear perspective.  
5. Make sure your office systems use two-factor authentication. Two-factor authentication requires the use of a mobile phone as well as a password to login to web-based email and team working systems, such as Office 365 and Microsoft Teams.  
6. Only use official sources (e.g. Government website) for information around Coronavirus. 
7. Watch out for fake login pages/URL spoofing. When visiting a page/logging in, check the URL in the address bar to ensure that you're on the correct page, and everything operates as it should do. For added peace of mind, you can bookmark important sites and only visit those sites via that bookmark.  
8. More information: The National Cyber Security Centre (NCSC) released an article summarising the above situation. 
9. Reporting: If you have been a victim of a cyber crime, please report it to Action Fraud, which is the UK's national cyber crime reporting portal. You can report through phone (0300 123 2040) or via their website. Reporting helps build intelligence for law enforcement, which can aid investigations as well as informational campaigns to prevent others from becoming victims. Action Fraud operate a 24/7 live cyber reporting line for organisations.