Phishers and other scammers are using Brexit as bait — don’t get caught in their net.
With the Brexit date fast approaching, uncertainty, speculation, and fear swirl around as no one really knows what to expect. Unfortunately, there will always be scammers who take advantage of uncertainty to rip off innocent people.
Recently, this took the form of the Brexit Email Virus. This email came around, titled Brexit 2019.
The email looks official, and prompts people to stay up-to-date on Brexit votes and to watch currency fluctuations. Anyone who clicked the “Latest Brexit Update” button actually downloaded Ursnif, a Trojan virus. Ursnif records a ton of sensitive information, including usernames and passwords for banks, social media accounts, and email. If you accidentally downloaded it, you should remove it ASAP before your sensitive data gets into the wrong hands.
While spreading computer viruses is, of course, illegal, hackers can be hard to catch. The European Union has certain laws governing IT security and privacy, which up until now have covered the United Kingdom, too. It’s not yet known exactly how the UK will adapt these laws after Brexit (at the time of this writing, an agreement has yet to be reached between the EU and UK that fully spells out post-Brexit plans).
The British government has released a series of documents that advise citizens on what they should do about various aspects of post-EU life, such as work, environment, transport, and education. They even go into fascinating detail about some topics, including how to bring donkeys abroad, the purebred breeding of pigs, and pet passports for traveling to the EU with your ferret. (Yes, really.)
One thing missing from the UK government’s preparatory documents is information about online privacy and security. Experts warn that Brexit might weaken cybersecurity in the UK, as discrepancies between UK and EU law may leave holes that scammers could exploit. Further, if data and information sharing between the EU and UK becomes limited, cyber defence against hacks could become more difficult.
On the privacy front, the UK currently abides by the EU General Data Protection Regulation (GDPR) legislation and will continue to do so even after Brexit. If GDPR evolves and changes over time however, then the UK may find itself out of compliance, potentially having a negative impact on British businesses. Again, the wide-reaching implications of Brexit are still not known at this time.
Don’t rely on the government to save you from computer viruses and privacy issues. And don’t let hackers make things even worse during this confusing time. There’s a lot you can do to protect yourself!
Be especially vigilant in case hackers try to exploit Brexit as an opportunity to scam you. The Brexit 2019 email trojan discussed above was just one example. Keep an eye out for similar hoaxes.
Phishing is a specific type of scam in which hackers pose as a legitimate organization, such as your bank, email provider, or even a government agency. The fake email will usually be from a similar, but incorrect address — for example, email@example.com or some other random email rather than firstname.lastname@example.org. Phishing emails are generally a lure to get your personal data, so they’ll usually include some excuse and ask for your username and password, or other information (handing phishers everything they need to steal your identity).
One quick way to check if an email is fake is to hover over (not click!) a link to see where it actually goes. If the address is something you don’t recognize, don’t click on it.
Beware of any unprompted email asking for your data. In light of the current times, stay alert for hackers using Brexit as a phishing excuse.
Posing as government agencies needing your information to update something for changing laws due to Brexit
Your “bank” asking for some information about your account due to Brexit-generated currency fluctuations
Any other email you receive that asks for personal information
Viruses and spyware
These two types of malware can get onto your computer if you open an attachment in an email or download a file from the internet. Once they get onto your system, they can wreak havoc by infecting your computer, stealing your data, and spreading to other people’s computers. So beware of strange emails, especially ones that might try to use Brexit-related issues to get you to open them.
One such scam used the email subject line Brexit causes historic market drop to provoke an emotional response that tricked people into opening the email. It’s best practice to avoid emails from unknown senders. It’s especially important not to click on any links or download any attachments from an email.
Of course, make sure you’re using an antivirus software, which will help keep you protected.
The EU’s GDPR is strict regulation that governs companies’ use of citizens’ data. If the UK ceases to follow these rules at some point down the line, it could impact your privacy and raise questions like: are companies allowed to store your data? Can they sell it? Do they require your consent? If you’re concerned about privacy, a good anti-tracking software can make sure no companies are able to track you online.
Privacy laws also govern what Internet Service Providers are allowed to do with your browsing history. If you’re concerned that your ISP could track and store everything you look at online (because they do exactly that in many countries), a VPN is an easy solution. It’ll also keep you safe if you like to browse the internet from your favorite coffee shop (or any other unsecured public Wi-Fi network).
During this time of insecurity, most people are focused on how they will be impacted in real life (is your ferret going to behave at his passport appointment?), but don’t forget to watch out for your online security and privacy too.
That .zip file looks legit, but it's actually a sneaky new way for cyber criminals to steal your info.
Information belonging to over 100 Italian banks breached by the Ursnif banking trojan was obtained by Avast Threat Labs, which then shared the data with as many of the victims as could be identified.