COVID-19 Related Phishing Attacks On The Increase
During these unprecedented times, many of us are having to work from home on our mobile devices. COVID-19 restrictions mean that we now spend more time on our phones and laptops. But this comes with its fair share of cyber risks.
The global COVID-19 pandemic has drastically affected all of our lives. One way has to do with how businesses operate. To help slow the spread and save lives, more employees than ever are now working from home.
In this article, My team and I from tech42 in Scranton PA, take a look at the impact of COVID-19 on your organization’s cybersecurity.
What Is the Impact of COVID-19 on Your Organization’s Cybersecurity?
As we spend longer periods on our electronic devices, we are more vulnerable to cyber-threats. No one is more aware of this than hackers.
An example of a cyber-threat that has seen a sharp rise during this pandemic is phishing attacks.
What Is a Phishing Attack? A phishing attack (meant to sound like “fishing”) is a type of cyberattack that uses malicious tricks to steal sensitive user data such as:
- Credit card numbers
This can result in several consequences for victims, including:
- Identity theft
- Theft of funds
How Does a Phishing Attack Happen?
Typically, the hacker disguises themselves as a reliable entity. The most common way is through an email in which the hacker impersonates someone or some organization that the recipient might interact with.
However, one of the critical identifying qualities of a phishing email is a request to click on a link. The email aims to trick users into clicking on the link and downloading harmful malware. Being one of the oldest forms of cyberattacks, phishing techniques have significantly evolved over the past few decades and are now highly sophisticated.
A recent tactic during the pandemic involves hackers leveraging the fear and anxiety of unsuspecting victims. The phishing email claims to be from a health organization such as the world health organization or the centers for disease control. Victims are duped into clicking on the link, perhaps hoping to see areas where the virus has spread and end up clicking on a malicious link.
Alternatively, some hackers are impersonating certain video conferencing platforms like zoom to bait victims into giving up their passwords.
That said, there are numerous phishing techniques out there.
What Are the Common Types of Phishing? Typically, the messages are sent randomly to a huge number of users. However, occasionally, the attack is aimed at specific users or members of an organization. This is much more dangerous as hackers will put in greater effort towards a particular goal.
- Spearfishing: Attackers come up with a tailor-made message aimed at a specific target that may be identified on sites like LinkedIn.
- Whaling: A form of spearfishing that targets high-level employees, such as CEOs or board members. Those, particularly at risk, are those who may use personal email addresses for business-related communication.
Why Have Phishing Attacks Spiked During the COVID-19 Pandemic?
Hackers never shy away from exploiting our fear and confusion during crises. They prey on our emotions and take advantage of us when we are at our lowest. This pandemic is no exception. During difficult times, we are desperately hungry for information leaving us more likely to click on questionable links impulsively.
All hope is not lost, however. Phishing attacks can be easily prevented.
How Can You Prevent Phishing Attacks? Like any business challenge, you need to take the appropriate remedial actions as soon as possible. These include:
- Two-Factor Authentication: This is the best protection against phishing attacks because it adds an extra step during logins. Apart from passwords and usernames, employees should be required to have, for example, a smartphone. This acts as a safety net in case their credentials are compromised.
- Enforcing Strict Password Management Policies: For example, staff members could be required to change their passwords regularly. Another option is prohibiting the use of a single password for several applications.
- Cybersecurity Training and Awareness: Training employees to become vigilant and recognize phishing emails is a key measure in preventing data breaches. This is because the vast majority of data breaches are, in fact, due to human error.
Ready to Leverage Managed IT Services to Safeguard Your Organization’s Data?
Data security is a big concern in today’s business, especially during these tough times. We strongly believe that the best way to keep your business information secure is by closely working with a trusted IT support provider.
Get in touch with us to take that all-important first step towards cybersecurity.