Email phishing pivots to pandemic

It should come as no surprise that cybercriminals around the world would leap at the opportunity to exploit the Covid-19 pandemic. These circumstances have created a host of vulnerabilities for users – and the villains of the web have been updating their playbooks to exploit them.

Working remotely means fewer protections

The ability to have staff work from home is a lifesaver, but it does pose new risks in terms of security. Few people have security on their home devices that’s equivalent to the enterprise firewall of their office environment. This elevated risk for remote employees means the onus is on them to be especially vigilant.

Cybercriminals know this, and they also know that people everywhere are hungry for information about the pandemic and are anxiously reading about new developments.

Efforts to exploit this situation have evolved in recent weeks, but they’re still using a familiar set of tricks that are simply rehashed with a Covid-19 theme.

How Covid-19-related phishing evolved

Ever-adaptive cybercriminals were quick to start looking for ways to prey on fear and uncertainty as the pandemic began to dominate our lives. KnowBe4, a US security awareness training platform, identified three distinct waves of email phishing and social engineering activity.

The first appeared when the outbreak started to become a global issue with straightforward spoofing of official sources of information such as the World Health Organisation, government bodies and even the HR departments of targeted organisations.

The second wave was a wide array of new and inventive scams being put into practice as offenders experimented with different angles. This was soon eclipsed by a third wave of familiar old phishing mail formats that were reskinned and disseminated on a massive scale.

Common Covid-19 phishing angles

While some fraudsters take the approach of using sensationalist news and conspiracies to lure users into opening an attachment or link, the more insidious angles of the third wave tend to imitate everyday corporate communications conceived specifically with remote employees in mind.

The imitation of file-sharing platforms like Dropbox, OneDrive and SharePoint is a prime example, with fake notification emails that contain links to spoofed login pages. Others seek to replicate secure document delivery services, invoices, purchase orders or delivery service tracking updates.

False internal corporate communications range from mundane IT or HR department policy updates related to the pandemic to dramatic announcements of infections in the organisation. CEO fraud or “whaling” need only mention current circumstances for an air of legitimacy to convince employees to take actions that compromise the company.

We can help

Altron Karabina and SYNAQ have put together a special bundle of Office 365 licensing with SYNAQ, to prevent email phishing and secure your inbox. Read more about it here.