The COVID-19 pandemic has changed not only our lives but also the landscape of cybersecurity attacks. We are all seeking information about the virus, infection rates, our state and local regulations on re-opening, financial assistance programs, etc. Organized cyber crime groups are exploiting our need for information, fears and anxieties. We are seeing a large increase in COVID-19 themed phishing attacks designed to lure targets to fake websites and collect usernames and passwords. Some examples of COVID-19 Themed Phishing Attacks are:
- COVID-19 and CARES Act financial assistance and tax rebate lures which encourage targets to enter personal and tax information into fake websites.
- Phishing emails which lure recipients to fake CDC (Center for Disease Control) websites and collect usernames and passwords
- COVID-19 related emails with attachments containing malicious Microsoft documents and if opened exploit Windows vulnerabilities to run malicious code.
- A resurgence of phishing emails spoofed from company IT Departments and System Administrators, luring recipients to fake Google and Microsoft sign in pages.
As with pre COVID-19 phishing attacks, the key to staying safe is awareness. Regular security and phishing awareness training is an excellent practice by companies of all sizes. We encourage all of our customers and end-users to stay extra vigilant during these times. Hyper-attention should be paid to emails with COVID-19 related information from both knows and unknown senders.
Related: 8 Tips For Spotting A Phishing Email
Other effective ways to reduce the risk to your organization and employees
- Make sure all company accounts are setup to use strong passwords and ideally two-factor authentication.
- Establish a BYOD (bring your own device) policy which requires devices to be encrypted and have strong anti-virus and firewall software
- Ensure that your financial processes require multiple layers of approvals for money transfers.
If your business needs help implementing safeguards against phishing or other cybersecurity measure, please Contact Us.