As Coronavirus COVID-19 continues to take its toll and disrupt our daily lives beyond recognition, individuals are understandably keen to stay up to date on the latest news. Hackers has ceased the opportunity to create new attacks based on the public interest in the virus.
An email impersonating organisations like the UN World Health Organisation and the US Centres for Disease Control and prevention are among the most common. The criminal tricks users into opening a malicious email. These attacks are designed to do a variation of one of the following
• Infect the device and spread malware
• Gather login details
• Collect donations through malicious websites for fake charities
Increased risk for remote workers
To prevent the spread of the virus, employees have been asked to work from home. Remote working will undoubtedly increase the reliance on email communication from colleagues as well as updates on the outbreak and its effect on the workplace. Users are expecting email communications from management or HR about the virus and this expectation creates risk for the company as the user is more likely to accidently open a malicious email.
Combined with the reduced ability to confirm the legitimacy of an email due to remote working is the perfect environment for email scams.
Cybercriminals will always find new ways to take advantage of COVID-19 but if you have the prop email protection and you know what to look out for you can help protect your business from these malicious emails.
Protecting your organization and employees
Here are some of our top tips for protect your company and employees from malicious email attacks and they are based on employee education and security technology:
- Ensure that your organization has reliable virus, malware, and anti-phishing protection. In the haste to get everybody working remotely this may have been over-looked on personal devices.
- Malicious attacks are often delivered using a link in an email. Don’t click on links in emails from sources you do not know; they may lead to malicious websites
- Go directly to the CDC or WHO website for the latest information. Be wary of emails claiming to be from them.
- Spoofing the domain or display name is a common technique used for email attacks. Pay close attention to email messages from internal departments or management, they may not have come from who they say they have.
- Never give login details or personal information in response to an email. This is commonly how a phishing attack leads to the compromise of business email systems.
- Always report malicious email attacks immediately, especially if you have disclosed your personal details. A compromised account can be remedied, and the sooner action can be taken the less damage is likely to occur.
- Make sure employees receive up-to-date training on the latest phishing and social-engineering attacks.
If we all work together collaboratively to support each other, especially those most at risk, we can beat this and emerge stronger.
Take care, stay safe and look after each other