Email phishing pivots to pandemic November 13, 2020 Oscar Cele Digital Workplace, Software Services It should come as no surprise that cybercriminals around the world would leap at the opportunity to exploit the Covid-19 pandemic. These circumstances have created a host of vulnerabilities for users – and the villains of the web have been updating their playbooks to exploit them. Working remotely means fewer protections The ability to have staff work from home is a lifesaver, but it does pose new risks in terms of security. Few people have security on their home devices that’s equivalent to the enterprise firewall of their office environment. This elevated risk for remote employees means the onus is on them to be especially vigilant. Cybercriminals know this, and they also know that people everywhere are hungry for information about the pandemic and are anxiously reading about new developments. Efforts to exploit this situation have evolved in recent weeks, but they’re still using a familiar set of tricks that are simply rehashed with a Covid-19 theme. How Covid-19-related phishing evolved Ever-adaptive cybercriminals were quick to start looking for ways to prey on fear and uncertainty as the pandemic began to dominate our lives. KnowBe4, a US security awareness training platform, identified three distinct waves of email phishing and social engineering activity. The first appeared when the outbreak started to become a global issue with straightforward spoofing of official sources of information such as the World Health Organisation, government bodies and even the HR departments of targeted organisations. The second wave was a wide array of new and inventive scams being put into practice as offenders experimented with different angles. This was soon eclipsed by a third wave of familiar old phishing mail formats that were reskinned and disseminated on a massive scale. Common Covid-19 phishing angles While some fraudsters take the approach of using sensationalist news and conspiracies to lure users into opening an attachment or link, the more insidious angles of the third wave tend to imitate everyday corporate communications conceived specifically with remote employees in mind. The imitation of file-sharing platforms like Dropbox, OneDrive and SharePoint is a prime example, with fake notification emails that contain links to spoofed login pages. Others seek to replicate secure document delivery services, invoices, purchase orders or delivery service tracking updates. False internal corporate communications range from mundane IT or HR department policy updates related to the pandemic to dramatic announcements of infections in the organisation. CEO fraud or “whaling” need only mention current circumstances for an air of legitimacy to convince employees to take actions that compromise the company. We can help Altron Karabina and SYNAQ have put together a special bundle of Office 365 licensing with SYNAQ, to prevent email phishing and secure your inbox. Read more about it here. Tags:Cybercriminals Email Security Microsoft Phishing Share on Facebook Share on Twitter Share on LinkedIn Previous Next
November 20, 2020 Digital Workplace, Software Services Altron Karabina partners with SYNAQ to provide advanced email security Read more
November 17, 2020 Digital Workplace, Software Services User education and training to identify security threats Read more
November 12, 2020 Events, Software Services Webinar: Make the most of your Microsoft investment Read more