Phishing is and will continue to be the largest cyber threat to individuals and businesses. Phishing, the oldest type of cyber attack, uses “alleged legitimate” email as a weapon. The goal is to trick the email recipient into believing the message is something they want or need and to click a link or download an attachment.
The most distinguishing characteristic of a phishing scam is that the attacker masquerades as a trusted entity. This is why during world events this is the most popular type of attack. Cybercriminals use this sophisticated maneuver to gather personal information using deceptive emails and websites for financial gain, by preying on one’s fears during times of uncertainty.
Phishing emails claim to provide information regarding stimulus packages and government relief for workers. Many are lured by promises of cures and vaccinations. Health organizations, including the World Health Organization (WHO) and the US Centers for Disease Control and Prevention (CDC), have been prime targets for impersonation. Emails that appear to be from these credible sources tempt victims with a promise of important safety information. These scams include:
- URLs which redirect to a malicious domain attempting to harvest credentials.
- Document downloads, which when accessed download and install an information-stealing malware.
No one is immune to these scams. Campaigns have been targeted toward geographies with significant numbers of confirmed COVID-19 infections. The “Coronavirus Map Phishing Method,” which promises a real-time map of the virus’s outbreak for a price, has taken advantage of many around the world.
Over the past three months, the registration of COVID-19 related domains has significantly increased, as well — as many as 1,400 have emerged. Although many may be legitimate,
a percentage is likely to have been created with malicious intent. These domains can be used to spread misinformation, host phishing pages, impersonate legitimate brands, and sell fraudulent or counterfeit items.
As you can see, cybercriminals are becoming increasingly sophisticated and equally mischievous, while devoid of compassion.
- Be suspicious of unsolicited correspondences that contain alarmist messaging and/or impersonate official health and safety institutions.
- Grammatical and formatting errors can help you identify malicious phishing emails.
- Enlist the guidance of a professional to help reduce your risk of cyberattacks.
To protect your remote workplace from cyberattacks contact Charles Leach Agency at 1-888-275-3224 or info@leachagency.com.