Phishing Attacks During COVID-19 Pandemic: How to Reduce Risk
As more and more businesses move to working from home, cybersecurity practices are being challenged in unprecedented challenges. Phishing attempts are on the rise as COVID-19 spreads. We’ve investigated what to look out for so you know when to bite back against malware.
What is phishing?
According to the US Department of Homeland Security Cybersecurity and Infrastructure Agency, phishing attacks use email with links to malicious websites to steal personal information by posing as a trustworthy organization. Phishing attacks may also appear to come from other types of organizations, such as charities. Phishing and business email compromise (BEC) allowed criminals to steal billions of dollars from unsuspecting businesses and individuals worldwide last year. Attackers will take advantage of current events and certain times of the year, such as
- Natural disasters (such as Hurricane Sandy or major weather concerns)
- Epidemics and health scares (such as H1N1 or COVID-19)
- Economic concerns (such as IRS scams)
- Major political elections
What do COVID-19 email attacks look like?
For example, an email may include a link which looks like a trusted source such as the CDC or other government agency when in actuality, the link is malicious or poisonous.
What other ways are hackers targeting the public during this crisis?
Cybercriminals rely on vulnerabilities. When tensions are high and overwhelming, a hacker is bound to take advantage of the situation. During the spread of the coronavirus, we’ve seen emails with links and downloads with supposed information about local outbreaks asking victims to enter their personal data in order to stay updated. This technique preys directly on our most basic human anxieties during this tumultuous time.
Another approach to attacking vulnerabilities during COVID-19 has been through sending healthcare safety recommendations or tips and tricks which look legitimate. When users click on the link or download the suspicious content, they become infected.
With the main source of communication now online as everyone shifts to working from home – cybercriminals are utilizing fake HR and executive communications more than ever.
How do I protect myself against these threats?
MSSP Alert recommends reviewing and maintaining cyberhygiene standards now more than ever, verify your sources before clicking or downloading anything, and continue updating your computer to stay on top of patches which could leave you vulnerable.
VIPRE Security recommends that all organizations utilize a layered security approach when implementing defensive measures. A top-rated endpoint security solution coupled with advanced email security and threat intelligence solutions will ensure that you are protected from malicious threats via multiple attack vectors.