Coronavirus Phishing – Don’t Be Fooled by New Online Scams

COVID-19 has cyber-attacks on the rise: Email phishing attacks have spiked over 600% since March 2020 due to the ongoing pandemic. Hackers will routinely take advantage of current world events, and the coronavirus is no exception. Last year, the median small business received 94% of its detected malware by email. [1] Now more than ever, you need to be on your toes when checking unsolicited emails. 

Coronavirus-themed phishing has come in the form of fake CDC alerts, health advice, and fake workplace policy emails. Recent research has also shown that more than 1,700 Zoom-related domains were registered in just three weeks, and that 4% of those look malicious. [2] Domains such as these are being used to send out emails such as fake Zoom meeting notifications, tricking people into giving away their login information or downloading malware. Similar schemes have been found of bad actors impersonating Skype, Google Meet, and any programs used for remote work in general. 

Here is a real-world example of a fake CDC email, taken from the U.S. Health and Human Services site: 

The single most important thing you can do to prevent these types of attacks from affecting your business is to train your employees. Our team offers in-person and remote Security Awareness Training that can get everyone in your office up to par. It only takes ONE uneducated employee to open up your business to an attack. Employees need to be educated, reminded, and re-taught information as old habits set in and as cyber-attacks evolve with the times. For these reasons, we recommend taking our Security Awareness training yearly.  

You can’t rely on a firewall alone to take care of suspicious emails, so it’s important to get educated on how to avoid them. There are a variety of ways to identify phishing attempts – for some quick tips, we’ve outlined the more common tactics in a blog post here. 

A couple important rules to keep in mind: If you get an email that looks suspicious, do NOT interact with it in any way. Don’t click any links, open any attachments, and don’t even respond. If you respond to the sender, it’ll signal that your email address is currently in use and will make you more of a target. Phishing emails are annoyingly common, but if you don’t interact with them at all you have no reason to worry. 

These types of scams rely on a sense of urgency – they want you to click on links or open attachments without thinking it through first. By being aware that phishing attempts taking advantage of the pandemic are going around, hopefully you and your team will think twice before automatically giving in to an attack!

References:

[1] https://www.fundera.com/resources/small-business-cyber-security-statistics#:~:text=Overview%3A%2030%20Small%20Business%20Cyber,than%20%242.2%20million%20a%20year.

[2] https://www.securitymagazine.com/articles/92666-how-hackers-are-using-covid-19-to-find-new-phishing-victims