Beware of Fear-based COVID-19 Phishing Attacks

Globally, people are looking for honest information, facts, and answers to the COVID-19 (Corona Virus) Pandemic. Many organizations, including the Center for Disease Control (CDC), are doing their best to educate the public and prevent mass hysteria. While reliable people are working hard to disseminate data, there are those who are doing the exact opposite — hackers. These cybercriminals are preying upon unsuspecting people with phishing attempts to lure unsuspecting people into giving away sensitive information.

HOW ARE THE CYBERCRIMINALS ACCOMPLISHING PREYING ON YOU?

Much like other national or global tragedies (hurricanes, tsunamis, fires, etc.), these threat actors monetarily capitalize on these disasters by:

• spreading malware on devices
• creating fake websites for non-existent charities
• stealing personal identities

Additionally, the pandemic has given hackers the chance to peddle snake oil remedies, present investment opportunities in faux companies who are offering a cure, and hawking bogus, in high-demand medical equipment. With proper protection and knowing what to look for, it is possible to stave off these attacks.

PASSING ALONG THE [CYBER] VIRUS

1. New website domains using words like “Coronavirus” or “COVID-19” are popping up everywhere. Some of these are legit, but some are intentionally set up for malicious intent. In the age of social media and information sharing, this is an easy way to spread the scam/virus quickly. For example, many Security Operations Centers are seeing fake Coronavirus maps like this one website discovered by Reason Cybersecurity Ltd.

2. Another way is through email impersonations from seemingly reputable organizations such as the World Health Organization (WHO) and the CDC. Hackers will make the email address look legitimate and include a malicious link in the body of the email. Once clicked it will take the user to a completely new phishing website with malware.

3. This crisis quarantine has companies scrambling to allow employees to work from home or remotely. Remote workers rely on email communication from bosses and coworkers. Cybercriminals know this and have devised ways to prey on employees who are potentially waiting for news via email from their employer regarding next steps. They make it seem like an email is from HR or the company owner so you may be tricked into opening it, which could cause significant damage to the company.

Here is an example of a phishing email:

SOLUTIONS TO SPOT SCAMS & HOW TO PROTECT YOURSELF AND YOUR COMPANY

The best way to secure your company is by using security technology and educating employees:

• Ensure your company has reliable malware, anti-phishing, and virus protection.
• Use a cybersecurity awareness service that educates employees on how to identify phishing emails/phone calls/text messages.
• Do not click on links in emails from an unknown source.
• With the pandemic, it is highly unlikely that WHO or the CDC is going to email someone directly. For accurate updates, it is best to go to their website.
• Before opening an email from a recognized name, carefully read the domain name and display name. This is an easy way hackers slip past an unsuspecting victim.
• Never give personal information – including login details – if requested via email.
• Verify requests for information via a different method such as phone call, text, Slack or Team message, etc. because if it’s a phishing email, the cybercriminal will receive your reply and assure you it is safe to open or click.
• Immediately report any suspicious emails to IT

Additionally, we recommend setting up two-factor authentication on all important logins, in particular, email, financial, and social media accounts. (What is two-factor authentication?)

Cybercriminals were around long before the COVID-19 pandemic and they will not go away after this crisis. They will always be looking for opportunities to exploit tragedies. It is up to companies to you to protect yourself and your company from being vulnerable to attacks.

Companies such as ECS + My IT are diligently working to ensure clients are protected from these predators, especially during critical times – even helping with clients working remotely. Contact us if you would like to discuss your company’s cybersecurity concerns and IT needs