Phishing Attacks Increase During Emotional Events
We are currently amidst an unprecedented global event. The outbreak of the Coronavirus Virus 2019 (COVID-19) – now officially a pandemic according to the World Health Organisation (WHO). This has caused apprehension globally, ultimately resulting in lockdowns, travel bans, panic buying, and economic turmoil. As increased social distancing measures are put in place and take effect, and with most activities/events shifted online, it is therefore of paramount importance to protect personal information from Phishing & Social Engineering Attacks
Vulnerable People Can Lead To Vulnerabilities Being Exploited
Fear can cause even the most diligent individuals to let their guard down and fall victim to social engineering scams such as phishing.
Phishing through emails or texts is one of the most common techniques used to acquire sensitive information such as usernames and passwords. This is most often achieved by scammers impersonating widely used and trusted companies with the hope an unsuspecting user would be fooled into believing its legitimacy.
Examples of COVID-19 Phishing Attacks
Recently, scammers have been exploiting coronavirus fears by posing as health and medical organisations. The World Health Organisation (WHO) and the National Health Service (NHS) have both been impersonated through emails that ask people to click fake links to important coronavirus information. These links can download malicious software or direct people to false sites that harvest important data that is later used for fraudulent activity.
“Other topics of phishing emails range from new home working policies sent from ‘HR’ to calendar invites for conference calls.”
Social Engineering COVID-19 Case Studies
In addition to phishing emails, social engineering scams targeting people through online websites and communications are also on the rise. These include fake charities seeking coronavirus-related donations, as well as so-called “romance scams”, where criminals build a relationship with their victims online, then ask for money to be transferred due to unfortunate circumstances — being quarantined due to coronavirus, for example.
In a particularly sinister move, cybercriminals have been incorporating a legitimate interactive dashboard detailing global Coronavirus infections and deaths into malicious web sites geared towards distributing password-stealing malware.
Expert Cybersecurity Tips For Staying Safe
In light of these new, more targeted scams, it is important to understand that the security awareness of individuals is at the forefront of tackling these types of attacks.
Some quick tips to have in mind are as follows:
- Take a moment to really read the content of the email. Check the sender, the grammar and the message. Ask yourself whether you expected the message in the first place.
- Avoid opening attachments within emails from senders you do not recognise. These attachments could contain malicious content, such as ransomware, that can infect your device and steal your information.
- If you are unsure, don’t click links within emails. Hover over them before clicking on them to see where they direct you. A phishing email may claim to be from a legitimate company and when you click the link to the website, it may look exactly as you expect. If in doubt, visit websites by inputting the URL yourself. Business use encryption, Secure Socket Layer (SSL). Certificate “errors” can be a warning sign that something is not right with the website.
- Be wary of emails or phone calls requesting account information or requesting you to verify your account. Think about what they are asking for and whether it is something you expect to give.
Ultimately its key to use common sense and be on your guard. Just as you are in the physical world with your handwashing, social isolation and two-metre distance from others, its also key to think before you act online.
Any questions or concerns, please email email@example.com and we will do our best to assist you.
Want to carry on your education? Check out our Q&A with our Principal Cybersecurity Consultant as he discusses COVID-19 risks, including the exposure consumer-grade video conferencing could bring.
Corisande Evans, one of SureCloud’s Cybersecurity consultants, delivers a variety of pen-testing and cybersecurity-related engagements. Corisande has a background in Forensics and Open Source Intelligence Investigations as well as Red Teaming and both physical and technical Social Engineering.
Corisande is passionate about security, especially about security awareness. She has delivered training sessions to a range of different skill and seniority levels to ensure that the first line of defence, ‘The Human at the Keyboard’ has the best chance to fight against opportunistic attackers. Cori is a proud member of the Security Senoritas.