Cyber criminals are using the WannaCry ransomware as a platform to launch a phishing attack targeting BT customers. The scam email, which claims to be from the company, claims that in the wake of “security breaches on an international scale”, BT is updating its systems. It asks customers to follow a link and provide log-in details to confirm a security upgrade.
The scheme has come to the attention of Action Fraud, the UK’s national reporting service for fraud and cyber crime. In a statement, it said the attack is particularly dangerous because it coincides with similar, legitimate warnings about WannaCry from other companies.
Don’t click on links
As is frequently the case with phishing emails, the message creates a sense of urgency. It claims that BT has “temporarily limited access to profile features that contain [users’] sensitive data” and the only way to lift those restrictions is to click on the attached link.
Action Fraud advises anyone who receives one of these emails to not click on any links. Instead, they should go to BT’s website directly and log in from there.
“We are also aware that companies are sending out legitimate emails of reassurance in connection with the recent cyber attack,” Action Fraud says. It adds that, if you are in doubt, you should “contact [the company] directly on a method other than the email you have received”.
Cyber criminals often use current events to tailor their phishing campaigns. Every year, tax payers are targeted by emails that appear to come from HRMC, while, in the aftermath of the Brexit referendum, scammers launched a phishing campaign with the subject line “Brexit causes historic market drop”. Users who clicked on the attached link had malware downloaded on to their computers.
Learn more about phishing
Phishing is becoming an increasingly common tactic for cyber criminals. According to Verizon’s 2017 Data Breach Investigations Report, phishing was present in 21% of attacks last year, up 8% from 2016. Meanwhile, 1 in 14 users were tricked into clicking a link or opening an attachment, and 25% of those went on to be deceived more than once.
To help more people understand the risks of phishing, you should watch IT Governance’s short instructional video on the dangers of scam emails: