COVID-19 panic exploited by cybercriminals
As COVID-19 is sweeping the world and causing disruption in our daily lives, impacting our economies and the way we work, cybercriminals are taking advantage and actively exploiting the pandemic. According to a new report by Recorded Future in association with Insikt Group, the number of phishing attacks related to Coronavirus have skyrocketed in the recent weeks. The report outlines observations of an extensive list of actors and malware employing phishing techniques, targeting a broad set of victims, including those in the United States, Italy, Ukraine, and Iran in particular.
The elevated increase and attention to detail of these attacks has reached a higher level of concern leading national authorities, like the Malta Financial Services Authority (MFSA), to warn all licence holders and the general public about such potential scams.
Threat actors have also endeavoured to gain the trust of victims using branding associated with the U.S. Centres for Disease Control and Prevention (CDC) and the World Health Organization (WHO), as well as country-specific health agencies.
The content types of phishing e-mails range from Coronavirus cure, tax refund, donations and preventive measures all disguised as genuine sources. BBC have compiled a list of reported attacks such as the above to help users identify these fake e-mails.
With the looming danger, D4n6 would like to give you some advice and our analysis on how to protect yourself from such attacks:
Always Check – is the sender e-mail genuine? Are you expecting such an e-mail or have you subscribed to a particular newsletter? Is the e-mail content cohesive, logical and relevant to you? Do any hyperlinks (URLs) within the e-mail content lead to the right website? Make sure to check all the above and hover over the links to reveal their true address before clicking. Never open attachments which you don’t expect. If you open an attachment and it wants to execute or asks for administration access to your systems, deny immediately.
Information Verification – never assume any information that you see on the internet, receive on e-mail or even on the phone to be automatically true. Always verify sources and double check information before assuming its authenticity. E-mails, telephone calls, social media contacts can be all faked or spoofed by criminals and used for adverse activities.
Prepare Your Workforce – train your workforce by running phishing campaigns to find out how resilient your staff is and educate them on the danger. Deploy additional technical controls within the organisation and empower your cyber security team with the right tools and assistance to cater for such eventualities.
By following the above steps you can mitigate the risk of being hit by a successful cyberattack. The most crucial task is to make sure people (the weakest link) don’t fall for and click these e-mails.
We believe that training about these types of threats should occur throughout the year and not just once, and our comprehensive phishing campaign with relevant learning modules can significantly aid in increasing the resilience of your staff against these attacks without the need of disrupting their daily routine.
Have questions on Coronavirus scams or would like to test your employee’s resiliency against phishing?
Contact us today to learn more about the phishing campaigns that have already helped a number of organizations locally up their level……. don’t get left behind!