Beware scam HSE email offering guidelines on COVID-19 spot check
Email users in the UK should be aware of a scam email being sent to victims claiming to be from the Health & Safety Executive offering guidelines for an upcoming COVID-19 spot check.
The email, signed by someone identified as Mark J. Burrows, is targeting UK businesses, and claims that the HSE will soon be visiting the email recipient’s premises for a COVID-19 check. The email urges the recipient to follow the guidance provided through a link in the email.
SCAM
An example of the email can be seen below.
Subject: Required document’s for the next week spot check
The Health and Safety Executive is carrying out spot checks and inspections on all types of businesses in all areas to ensure they are COVID-secure.
We are making calls so we can give expert advice on how to manage the risks and protect workers, customers and visitors. We are also working closely with local authorities, assisting them in the sectors they regulate such as hospitality and retail.
By calling and visiting premises and speaking directly to employers, we can check the measures they’ve put in place are in line with government guidance.
Inspectors will make COVID-secure checks as part of their normal role in visiting workplaces during the pandemic. To ensure we reach as many workplaces as possible nationally and support the core work of our inspectors, we are working with trained and approved partners to deliver the spot check calls and visits.
We are planning to visit (spot check) your premises: 9 AM, 17/03/2021
Please follow The guidance to find the required documents. This is legal requirement.
Yours sincerely,
Mark J. Burrows
HSE Manager
telephone: 0300 790 6787
Monday to Friday 8:30am to 5pm
Health and Safety Executive
Redgrave Court
Merton Road
Bootle
Merseyside
L20 7HS
The email is a scam that attempts to trick recipients into visiting a malicious website and agreeing to allow malware download onto their computer.
Upon clicking the link, the email recipient is told to download guidelines in the form of a digital document. The download is a ZIP document that when opening, contains a malware payload. If the file inside the ZIP document is opened, the device will become infected with malware.
The HSE briefly warns of the scam on their website.
Sponsored Content. Continued below...
Tricking victims into downloading malware onto their devices is a common attack method when it comes to delivering malware payloads. Contrary to popular belief, malware downloaded from the Internet is nearly always delivered when the victim explicitly agrees to the download. Unless cyber crooks are exploiting a serious vulnerability in the user’s operating system or Internet browser (vulnerabilities that are thankfully very rare) then cyber crooks cannot automatically download harmful files to a user’s device without the user agreeing to the download.
However because the malware disguises itself as harmless (and often important) content, the victim is unaware that they are downloading malicious files. In this case, the malware payload has been disguised as important documents for a COVID-19 spot check.
If you get this email, please delete it. And if you belong to an organisation with multiple employees, please ensure all of them are aware of this type of email scam, and that they understand the risks associated with downloading files that they were directed to after receiving unexpected or unsolicited emails.
Sponsored Content. Continued below...
Quick tips to avoid email scams like this –
1. If an unexpected email contains an attachment or a link, assume it is a scam until you can demonstrate otherwise.
2. Always verify with the sender of the email that it’s legitimate before opening email attachments or clicking links.
3. Watch out for poor spelling or grammar mistakes.
4. Be especially cautious of unexpected emails that attempt to pressure you into clicking links or opening email attachments by causing alarm or panic.
5. Look at the From: email address to see if the email address adds up to the sender details (though also be aware that this information can easily be spoofed.)
Remember to keep on top of scam emails like this by following our Facebook and Twitter pages.
We have more tips on avoiding nasty malware infections here.