COVID-19: a new phishing hook for cybercriminalsPublished on 23 Mar 2020
Cybercriminals are ramping up their phishing campaigns to take advantage of the fear generated by the global spread of the novel coronavirus (COVID-19). Unfortunately, this method of attack is likely to achieve higher success rates because of the misinformation and panic surrounding the pandemic.
A number of COVID-19 phishing attacks have been identified that use the virus pandemic as the underlying premise to trick people into opening an email and clicking on a link or attachment. The message is cleverly crafted to look like it comes from a legitimate source – the content is highly relevant and the tone adds a sense of urgency and stress.
If the recipient clicks on the link or attachment, the campaign is designed to either lead them to a spoofed web page, with the intention of stealing personal information or infect their device with malware.
What is malware?
Malware is a computer program that installs itself on the target machine and then makes it possible for the hacker to access and exploit the information on that device.
The recipient is often unaware that this has happened until they run a security scan or find themselves the victim of identity theft or fraud. Malware is particularly dangerous, as it can use the infected machine to spread to other machines on the same network.
Our expert’s opinion:
Education is key to combating cybercrimes like phishing.
Here’s what you should know about COVID-19 phishing attacks and tips to protect yourself:
- Be suspicious of ANY emails that you are not expecting and that instruct you to open an attachment, click on a link or provide personal information, such as pin numbers.
- Unfortunately, it is getting harder to recognize phishing simply from the Sender address as phishers get more sophisticated in their domain choices.
According to Global Audit Tool, researchers from Check Point say that since Jan 2020, over 4000 domains have been registered globally that could be described as related to the novel coronavirus. Many of these will be used in scams.
- Be aware that phishing campaigns are spoofing legitimate sources like the World Health Organization to target victims. WHO has issued a statement relating to these scams, and warning people to check the validity of requests before acting.
- If you receive an email that is suspicious, take the time to report it to the brand being impersonated. Most large organizations provide a process for you to report a scam to their security team for further investigation.
The quicker the security team knows about it, the faster they can educate other customers and intervene to get fraudulent web pages shut down.
- Some campaigns impersonate a person of authority such as the CEO or CFO within a targeted organization. These “spear-phishing” attacks use a higher level of detail about the organization to make the email look legitimate.
It typically encourages the recipient to take immediate action on an urgent financial matter, such as credit the attached invoice, pay this supplier or transfer money.
For more tips on protecting yourself or your customers from phishing attacks, read this blog post: “squash phishing by educating customers”.
Head of Global Solutions