Protect Your Business From Coronavirus Phishing Attacks
Hackers are preying on vulnerable companies with a host of coronavirus-related phishing attacks. Learn how to protect employees working remotely from threats.
Hackers are taking advantage of the fear surrounding the COVID-19 pandemic by using new schemes to try to steal valuable company data and halt operations.
The despicable acts are, sadly, playing into the fears many people have right now as they grapple with profound changes to their personal and professional lives.
A survey by the CNBC Technology Executive Council noted that 36 percent of executives reported an increase in cyber threats as the majority of their employees have shifted to working from home.
“We know that cybercriminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the coronavirus outbreak,” Paul Chichester, director of operations at the U.K.’s National Cyber Security Centre, told ZDNet.
Circumstances are exacerbating the potential threats that companies face. The CNBC survey noted that 85 percent of senior technology executives had at least half of their employees working from home; 25 percent of those surveyed were fully remote.
With more family members home, that means more devices connected to home networks. That connectivity increases the risk of intrusions, especially when those devices and networks have weak password protection. While companies typically plan for security breaches, system disruptions and traffic slowdowns, the work-at-home situation is atypical; more than half (53 percent) had not stress-tested systems for this type of incident.
For hackers, it’s a perfect storm.
How Are Hackers Exploiting the COVID-19 Pandemic?
Cybercriminals are getting creative with their phishing attempts and increasing the frequency of attacks. Agencies and private companies the world over are reporting a rise in attacks. In most cases, the attacks are preying on the fear and urgency of recipients.
Several of the attacks have mimicked emails from the World Health Organization (WHO), the U.S. Centers for Disease Control and Prevention (CDC) or other official agencies. Like with most phishing attempts, the emails include an attachment or link. Clicking on either can embed malicious code on the user’s computer, leading to data theft or system hijacking that leads to ransomware demands.
The emails often claim to have important information that recipients need to act on. In one case, a hacker sent emails claiming to be from the CDC to a South Korean electronics company. The headline noted it was an urgent update on the coronavirus outbreak and local safety measures. If users clicked on the attachment, a remote access Trojan would be downloaded, allowing hackers to infiltrate the company’s network.
Another attack in late February claimed to be from the WHO and the Ukrainian health ministry. It falsely claimed there were five active COVID-19 cases in the country. It also included a keylogger, which can record a user’s keyboard strokes.
Another type of phishing email focuses on delivering health advice, such as one Norton reported coming from a Singaporean medical authority. “Go through the attached document on safety measures regarding the spreading of coronavirus. This little measure can save you,” the email reads. It then asks readers to open a link titled “Safety measures.pdf.”
How Can My Business Protect Against Coronavirus Phishing Attacks?
The first line of defense against phishing emails is employee education. Employees should look for these tell-tale signs:
- Email addresses and links that are suspect. Hovering over either with a mouse shows the actual email address or web address. If questionable, employees should report and delete the email
- Spelling and grammatical mistakes which are common in phishing emails
- Emails that ask for immediate action
- Requests for personal information, payments or to enter password information
- Donation requests
- Offers for vaccinations
Employee education is a critical component of a comprehensive defense strategy. At Menark, we help businesses with comprehensive cybersecurity solutions, including cybersecurity training, managed firewall services to monitor and defend your network perimeter, endpoint protection, compliance, business continuity and incident response. To learn more, contact us today.