As the Coronavirus makes its way across the world, individuals are doing their best to stay current on the latest outbreak locations and new confirmed cases. Because of this, cybercriminals are leveraging COVID-19 as a buzzword to spread malware and have created new attacks based on the public interest in this virus.
One of the most common new forms of attacks are email impersonation attacks; where the criminal impersonates organizations like the UN World Health Organization (WHO) to trick users into opening a malicious email. Multiple government organizations have issued warnings against these attacks.
Can you spot the difference?
This type of attack can harm individuals in the following ways:
- By infecting the user’s device and spread malware
- Stealing login credentials by way of a phishing site or other phishing mechanism
- Collecting donations for fake charities through malicious websites
Hackers often use tactics to trick users into thinking their emails are legitimate. These email impersonation attacks will include a link in the body of the email. Users who click on that link:
- Are taken to a phishing website where you will be prompted to fill in personal information.
- Will have malware automatically installed on their computer.
Remote work = increased phishing risk
As a preventative measure against the spread of the Coronavirus, many organizations are asking employees to work from home until further notice. These remote workers often rely on email for communication with other employees as well as updates related to the outbreak. This has users in a state of expectation for email messages from HR or upper management on the subject of the virus. Thus, creating increased risks for the company since the user is more likely to mistakenly open a malicious email if they are expecting a similar legitimate message from HR.
Protecting your organization and employees
- The first way to protect your company and employees from email scams, is to educate them on the topic of cybersecurity, especially during these chaotic times:
- Don’t click on links in email from sources you do not know; they may lead you to malicious websites
- Be wary of emails claiming to be from the WHO. Go directly to their websites for the latest information.
- Pay special attention to email messages from internal departments or executives who sent regular updates on the outbreak. Check their email address to make sure it is authentic.
- Never give out personal information, login details or make payments in response to an email request; call the person before, to confirm their request.
- All malicious emails and attacks should be immediately reported to IT departments for investigation and remediation.
- Ensure that your organization has reliable virus, malware, and anti-phishing protection.
- Monitor remote devices for any anomalies that may indicate a cyber threat
- Apply security patches as they become available
- As “Fake” Coronavirus websites continue to appear, protecting onsite and remote users from these malicious sites and inappropriate content is important. Make sure Content Filtering security solutions are in place for all employees.
- In addition, to protect remote devices’ data and eliminate downtime for remote users in case of data loss, cloud backup services will also be helpful.
- Lastly, make sure your employees connect to the office’s VPN. A business VPN allows users to securely connect to corporate networks to send and receive files, data and applications from anywhere – which right now is going to be from their homes.
MicroAge NWD is here for you!
If you have any questions on how to protect your employees from cyberattacks during this difficult time, feel free to contact us for a free consultation. Or call us at (450) 231-6246