Coronavirus Anxiety Causing Expanded Phishing Threats
The COVID-19 pandemic has certainly changed the way we do things in a very short period of time. Unfortunately, in times of absolute crisis and anxiety, cybercriminals use it as camouflage to steal data and infiltrate normally-secure networks. Let’s take a look at some of the ways hackers are able to exploit your employees and how you can work to protect your business.
How Do Cybercriminals Use Mass Anxiety?
“You can sit in a room and create anything you want on a laptop. That’s why the real con men are gone.”– Frank Abagnale
Former confidence man and FBI consultant Frank Abagnale understands that, as public anxiety over Coronavirus grows, cybercriminals will work to take advantage of those fears by working the pandemic into phishing attacks. This has been going on for a large percentage of the time that the virus has been here.
These attacks have been delivered explicitly toward the following targets:
- Healthcare Companies - Providers are being continuously targeted with phishing attacks whose payloads include malware and spyware. These attacks are formed to look like correspondence from regional hospitals or healthcare entities like the World Health Organization.
- Consulting - “Educational” messages that reference coronavirus enable hackers to steal data and deploy malware of all types.
- Manufacturers and distributors - Supply chain members of the increasingly crucial supply chain have seen coronavirus messages that deploy data-stealing malware through malicious Microsoft Word documents.
Of course, we’re not limited to these types of scams.
People are always trying to take advantage of others in times of crisis, and this is no different today.
How This Complicates Things
Of course, this strategy is working. Hackers excel when events force people into tough situations or take advantage of them when they are distracted. This COVID-19 situation has everyone distracted in one way or another. The same phishing tactics can be seen deployed around tax time.
These slight-of-hand tactics are bad enough, but to take advantage of something as unique as the COVID-19 outbreak, where literally everyone is tuned into minute-by-minute developments shows the inhumane nature of the cybercriminal. Unfortunately, this situation doesn’t look to have an end in sight, so expect this behavior to continue.
If you consider that this is the first major pandemic since mobile and social media systems were implemented, you realize that it is unprecedented in scope. Moreover, there is so much misinformation on this topic that there is no place that people can turn to, which will continue to exacerbate the problem.
What Can Be Done?
In your typical cases, finding errors or bad links in phishing emails is pretty straightforward, but in times of crisis, people get sloppy. That’s why it is important that you are extra diligent in reminding your staff that in most cases, resisting the efforts of hackers will require extra diligence. Here are some actions you can take:
- Train effectively - Train with real technology in mind. Provide your team with the knowledge they need to both recognize phishing attacks and to understand how to keep from interacting with them.
- Report any and all suspicious attempts - You will want everyone to know all the phishing attempts people within your organization come into contact with, especially if they were successful. Some will only be as a result of your periodic training, but even those will be important to get everyone on the same page.
It really doesn’t matter that there is a once-in-a-generation virus pandemic for hackers to use. You should be actively updating your phishing knowledge to ensure that you, and your team, have the knowledge they need. Call Nexela today at (215) 525-3223 to talk to one of our staff about threats and what to do about them.