CISA Alert: Cybercriminals Are Taking Advantage Of The COVID-19 Pandemic
Phishing and other cybercrime threats are more prevalent than ever before – cybercriminals are targeting your remote employees with scam emails in order to steal information and money. Does your staff know how to protect your business against phishing?
CISA has issued a warning to US businesses about the increase in phishing and other social engineering scams over the past few weeks. CNN is reporting a 500% increase in phishing attacks since the start of the COVID-19 pandemic.
These attacks are exploiting the COVID-19 pandemic, targeting unsecured users working from home and offering false information about the crisis in order to take advantage of them.
Do you know how to keep your employees, and your organization as a whole, secure?
Top Cybercrime Threats You Need To Be Aware Of
These COVID-19 cybercrime campaigns involve the following types of threats:
- Emails that use the subject of COVID-19 as a lure, offering information about the pandemic, or a possible cure, to get targets to click a dangerous link or download malware.
- Registration of COVID-19-related domains to use in emails, prompting targets to click hyperlinks and endanger themselves.
- Targeting new work-from-home users that have unsecured personal networks.
What is Phishing?
Phishing (and all social engineering techniques) is about the element of surprise.
It’s a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers.
You should have cybersecurity measures in place, but they can’t read every email for you and your staff – you have to play a role in your cybersecurity as well.
If the cybercriminal can make you believe that they’re your bank, your boss, or a close friend, then you’re that much more likely to download malware or give up your SSN. That’s why your staff needs to know what to look for.
How To Spot A Phishing Email
- Check The Right Fields: If you’re unsure about an email, check the details on the email itself – specifically the “mailed-by” and “signed-by”, both of which should match the domain of the sender’s address.
- Suspicious Links: Always be sure to hover your mouse over a link in an email before clicking it. That allows you to see where it actually leads. While it may look harmless, the actual URL may show otherwise, so always look, and rarely click.
- Spelling and Grammar: Modern cybersecurity awareness comes down to paying attention to the details. When reading a suspicious email, keep an eye out for any typos or glaring errors. Whereas legitimate messages from your bank or vendors would be properly edited, phishing emails are notorious for basic spelling and grammatical mistakes.
- Specificity: Another point to consider is how vague the email is. Whereas legitimate senders will likely have your information already (such as your first name) and will use it in the salutation, scammers will often employ vaguer terminology, such as “Valued Customer” – this allows them to use the same email for multiple targets in a mass attack.
- Urgent and Threatening: If the subject line makes it sound like an emergency — “Your account has been suspended”, or “You’re being hacked” — that’s another red flag. It’s in the scammer’s interest to make you panic and move quickly, which might lead to you overlooking other indicators that it’s a phishing email.
- Attachments: Phishers will often try to get you to open an attachment, so, if you see an attachment in combination with any of the above indicators, it’s only more proof that the email is likely part of a phishing attempt.
Don’t sacrifice your cybersecurity just so your staff can work from home. With the right technologies and processes in place, you can maintain a productive and secure remote work model.
Like this article? Check out the following blogs to learn more: