Cybercriminals Ramp Up Their Efforts with an Influx of Phishing Attacks

The Centerville Police Department Issued a Notice About COVID-19 Related Phishing Attacks… Here’s How to Stay Safe.

Cybercriminals COVID19 Phishing Attacks

Phishing Attacks During Coronavirus

Utah sees a growing number of confirmed coronavirus cases. As a result, social distancing is in full effect, with businesses being forced to embrace remote work or shut down altogether. Unfortunately, the coronavirus pandemic has led to cybercriminals ramping up their efforts due to:

  • The widescale adoption of remote access and/or cloud-based technologies
  • The increase in activity on home networks
  • The uncertainty and fear resulting in more interest in updates

For many, the transition to remote work has been rushed due to the current circumstances. This leads to less time spent considering the threats associated with allowing employees to access systems and data from home.

Flavio Aggio, Chief Information Security Officer for The World Health Organization (WHO), explained,

There has been a big increase in targeting of the WHO and other cybersecurity incidents. There are no hard numbers, but such compromise attempts against us and the use of WHO impersonations to target others have more than doubled.”

A Look at the Most Common Ways Cybercriminals Are Taking Advantage of Uncertainty and Fear Right Now…

The Centerville Police Department issued a notice about COVID-19 related phishing attacks via social media. The notice can be found here. In their notice, they outline some of the most common ways cybercriminals are taking advantage of uncertainty and fear as they launch more phishing attacks than ever before:

  1. Alerts about the virus that often claim to be from the CDC or WHO offering information in the form of downloads and/or links. Typically, these alerts contain language like:
    • The attached document will let you know if you are at risk.
    • The attached document outlines the common symptoms.
    • The attached document regarding cases should be reviewed.
  2. Advise regarding health and safety that often claim to be from researchers in Wuhan, China where the virus started. Typically, these alerts contain language like:
    • These healthy and safety measures can save you.
    • Download the attachment for preventative tips to keep you safe
  3. Alerts about workplace policies that claim to be from your place of employment, offering a policy that must be downloaded and signed. This policy is often simply malicious software.
  4. Alerts about workplace purchases that look like purchase orders for masks, sanitizer, and other safety materials and products that typically request the receiver to send a wire transfer.

Unfortunately, many organizations lack the proper tools and guidance to manage these phishing attacks safely. We recommend ensuring you have enterprise-grade antivirus software and spam filtering solutions in place at all employee workstations. Also, talk to your employees about the influx of phishing attacks they should expect to see.

A Few More Tips to Keep You Safe Against the Influx of Phishing Attacks During the Coronavirus Pandemic…

Here are a few more tips to help you stay safe against the influx of phishing attacks happening during the coronavirus pandemic:

  1. Use a virtual private network (VPN) to create a secure, encrypted tunnel for employees connecting to the network from home.
  2. Use multi-factor authentication wherever possible when accessing any remote access or cloud-based solutions.
  3. Avoid using email for sending sensitive information and, instead, use a secure file sharing service.
  4. Verify before clicking links or downloading attachments and use trusted sources, such as the CDC or WHO, to stay up-to-date instead.

You can find information on https://coronavirus.utah.gov/ as well. If you have questions about cybersecurity during this difficult time, reach out to our team at (801) 839-7006.