Phishing Attacks During the COVID-19

There’s No Shortage of Phishing Attacks During the COVID-19 Pandemic

As Businesses Embrace Remote Work, Cybercriminals Change Their Targets to Home Computers. Here’s How to Stay Safe Against the Influx of Phishing Attacks and Other Threats…

The coronavirus pandemic has resulted in the closure of non-essential businesses, daycares, and schools around the world. Any sort of large gatherings, similar to those in an office, have been deemed unsafe for a good reason. Right now, social distancing is the best way to maintain our health and safety. But cybercriminals were quick to catch onto the influx of remote workers – changing their targets to home computers that tend to be less secure than their office counterparts.

The FBI has claimed they’ve received thousands of complaints about fraudulent activity related to the coronavirus pandemic. FBI Assistant Director Matt Gorham explained,

“Unfortunately, there’s a lot of precedent for criminals taking advantage of natural disasters and government relief packages to conduct fraud, including through cyber means.”

Consumer Reports also made a statement regarding the influx of cybercrime, and in particular, phishing emails.

“Many of the emails, which often appear to be sent by WHO or the Centers for Disease Control and Prevention, pretend to offer new information about the virus,” according to Consumer Reports. “Some hint at the availability of a vaccine, and others claim to be from charitable organizations looking to raise money for victims.”

Even COVID-19 themed domains are on the rise. There have been approximately 6,000 coronavirus-related domains registered in the past few weeks – and they’re 50% more likely to infect users with malware than other non-coronavirus-related domains.

Chuck Bell, Advocacy Division Program Director of Consumer Reports, expressed, “Like a good movie, scams get your attention by telling a convincing story. Con artists love to take advantage of new health scares, to cash in on the public’s fear and anxiety.”

How Do Phishing Attacks Work?

The first step to staying safe is by understanding how phishing attacks work. Let’s take a look at the typical process:

1. The attacker creates a phony email address and website (if links are involved) that are disguised to look like a legitimate, well-known organization.
2. The attacker gathers emails of decision-makers and/or employees at a range of target organizations.
3. The attacker sends out a mass email designed to appear from the legitimate, well-known organization with the goal of:
   1. Getting responses that include sensitive information
   2. Getting clicks to the phony website that downloads malware
   3. Getting victims to download the malicious software in an attachment

It’s quite simple, but unfortunately, very effective nowadays when the majority of us are working from home.

What Are the Most Common Phishing Emails Right Now?

Right now, the most common phishing emails are those that take advantage of the coronavirus pandemic in the form of:

• CDC & WHO Reports: The attacker offers phony information about vaccines, a list of infected people in your area, testing kits, and other details claiming to be from the CDC or WHO. Keep in mind; these large health agencies aren’t likely to send you personal emails.
• Government Financial Assistance Programs: The attacker sends out targeted emails claiming to offer a link to sign up for relevant government financial assistance programs in the wake of the pandemic. They likely know which programs are available in which areas and send based on this information.
• COVID-19 Products: The attacker sends out offers for products that are in demand right now, such as hand sanitizer, protective wear, HVAC cleaning kits, and various other tools and even cures. They often offer the products at a special price, or in some cases, provide a purchase order that needs to be fulfilled.
• News Alerts: The attacker emulates local media resources – offering localized reports and/or safety steps that are mandatory for individuals and businesses in a geographic region. They send a request for the victim to click on a link to read the very important updates on the latest news.

Unfortunately, many organizations simply aren’t prepared to handle the influx of phishing emails while working from home.

How Can You Keep Your Employees Safe?

Although your employees are likely using home desktops and laptops to work, there are various measures you can take to keep them, and in turn, your sensitive data safe. Here are our recommendations:

1. Require the use of a virtual private network (VPN) with two-factor authentication to create a secure, encrypted tunnel for connections between the network and the home computer.
2. Enforce the use of multi-factor authentication whenever possible for employees that are using any sort of remote access or online, cloud-based tools to access sensitive information.
3. Require sensitive information to be sent through secure channels, including encrypted emails or a secure file sharing solution that will keep the data safe at rest and in transit.
4. Provide cybersecurity awareness training that can be done remotely to give your employees the guidance and knowledge necessary to understand how phishing works and stay safe against it.

Let’s work together to keep your remote workers safe against cybercrime. Fill out the form to get in touch with us.

Like this article? Keep reading…

Microsoft Teams Options Improve Remote Presentations

What Is Two-Factor Authentication (2FA) and Why Does it Matter?

Cybercrime & Coronavirus: What You Need to Do to Protect Business, Employees, and Profits