We are currently amidst an unprecedented global event. The outbreak of the Coronavirus Virus 2019 (COVID-19) – now officially a pandemic according to the World Health Organisation (WHO). This has caused apprehension globally, ultimately resulting in lockdowns, travel bans, panic buying, and economic turmoil. As increased social distancing measures are put in place and take effect, and with most activities/events shifted online, it is therefore of paramount importance to protect personal information from Phishing & Social Engineering Attacks
Fear can cause even the most diligent individuals to let their guard down and fall victim to social engineering scams such as phishing.
Phishing through emails or texts is one of the most common techniques used to acquire sensitive information such as usernames and passwords. This is most often achieved by scammers impersonating widely used and trusted companies with the hope an unsuspecting user would be fooled into believing its legitimacy.
Recently, scammers have been exploiting coronavirus fears by posing as health and medical organisations. The World Health Organisation (WHO) and the National Health Service (NHS) have both been impersonated through emails that ask people to click fake links to important coronavirus information. These links can download malicious software or direct people to false sites that harvest important data that is later used for fraudulent activity.
“Other topics of phishing emails range from new home working policies sent from ‘HR’ to calendar invites for conference calls.”
In addition to phishing emails, social engineering scams targeting people through online websites and communications are also on the rise. These include fake charities seeking coronavirus-related donations, as well as so-called “romance scams”, where criminals build a relationship with their victims online, then ask for money to be transferred due to unfortunate circumstances — being quarantined due to coronavirus, for example.
In a particularly sinister move, cybercriminals have been incorporating a legitimate interactive dashboard detailing global Coronavirus infections and deaths into malicious web sites geared towards distributing password-stealing malware.
In light of these new, more targeted scams, it is important to understand that the security awareness of individuals is at the forefront of tackling these types of attacks.
Some quick tips to have in mind are as follows:
Ultimately its key to use common sense and be on your guard. Just as you are in the physical world with your handwashing, social isolation and two-metre distance from others, its also key to think before you act online.
Any questions or concerns, please email firstname.lastname@example.org and we will do our best to assist you.
Want to carry on your education? Check out our Q&A with our Principal Cybersecurity Consultant as he discusses COVID-19 risks, including the exposure consumer-grade video conferencing could bring.
Corisande Evans, one of SureCloud’s Cybersecurity consultants, delivers a variety of pen-testing and cybersecurity-related engagements. Corisande has a background in Forensics and Open Source Intelligence Investigations as well as Red Teaming and both physical and technical Social Engineering.
Corisande is passionate about security, especially about security awareness. She has delivered training sessions to a range of different skill and seniority levels to ensure that the first line of defence, ‘The Human at the Keyboard’ has the best chance to fight against opportunistic attackers. Cori is a proud member of the Security Senoritas.