Protect yourself from COVID-19 Phishing Attacks
Five Sneaky Ways Cybercriminals are Capitalizing on COVID-19
By Carrie Dagenhard (Tech Writer)
For the past couple of months, most of us have been stuck at home, striving to maintain some semblance of a normal routine. Nearly everything about the way we work has changed, and, as an IT leader, keeping your business operational and online has largely fallen to your team and your leadership.
For the past several weeks, youve been implementing and integrating communication software and setting up a remote workforce (including some professionals who may be working from home permanently for the first time). So, its already challenging. But imagine what a nightmare it would be if your business were hacked.
As youre likely already aware, cybercriminals are capitalizing on COVID-19 (because, of course they are.) So, to help make sure youve got your bases covered, were sharing some of the most egregious Coronavirus-related hacks and scams making the rounds:
Fake Informational SitesAs the virus traversed the globe, ripping through communities world-wide, government mandates sand company processes shifted by the day. People are not only hungry for new information they also expect it. For several weeks, their inboxes and newsfeeds have brimmed with pandemic-related warnings, tips, advice, and directives.
Unfortunately, cybercriminals know this and have been using it to their advantage. For example, hackers have created fake websites claiming to offer special information, aid, or financial relief. These sites often ask visitors to enter personal information and/or download a file infected with malware. Smart IT managers are encouraging their customers to limit who has access to install new software to prevent phishing scams. But the best defense is always education. Let your team and customers know what to watch out for, like strange URLs etc.
Pandemic-Related Social Engineering Attacks
If early to mid-March feels like a blur, its because you were probably really busy. Thats when most organizations began sending their workforces home in an effort to curb the spread of the virus, and tasked IT teams with quickly setting up software and tools to support remote work.
Hackers know things are a bit chaotic and confusing for employees right now, which means theyre ripe for manipulation. Social engineering tactics, like posing as a company CEO and asking an accounting professional to wire money, are rampant. So be aware and set up an internal system to protect your business from social engineering hacks.
COVID-19 Themed Phishing
How many emails has your company sent out about new policies and plans for office re-openings? If your employer is like most companies, the answer is a lot. And sometimes, these emails may ask you to take action.
So, employees might not hesitate to comply with an email asking them to download a new software tool that their company has supposedly sanctioned. And thats exactly what hackers are banking on.Phishing attacks have increased exponentially since the virus took hold. In fact, Google reported blocking a whopping 240 million coronavirus-related spam emails in one week alone.Again, education and compartmentalization is your main line of defense against these kinds of attack. Nominate a go to IT Manager who can install new software and let everyone know about known vulnerabilities.Video Conferencing IntrusionsIn just three months, the video communications platform grew from 10 million daily active users to more than 200 million, according to data shared by VentureBeat. Suddenly, it seemed every company around the globe was hosting meetings, one-on-ones, and team happy hours on the popular platform.Enter Zoombombing a situation where uninvited attendees enter and disrupt your meetings, doing everything from pestering people to sharing hateful messages and explicit images.Make sure that all your videoconferencing calls are password protected and that they are not shared. Don't publish meeting info publicly and use the waiting room feature.For more teleconference safety tips, check out this blog we wrote about teleconferencing safety and Zoom alternatives.WiFi HackingYou do a lot to protect your on-site network, such as restricting internet access to only authorized individuals and devices, and setting up separate access for guests. But you can bet that someone on your network may not take the same level of care when it comes to their home WiFi. In fact, many may even share access with neighbors, roommates, or use public WiFi networks.
Just last month, users discovered hackers were brute-forcing routers admin passwords and changing the DNS setting to attack users devices with coronavirus-themed malware, according to Bitdefender. Hackers used the malware to steal passwords, cryptocurrency, credit card numbers, and more.
What You Can Do
There are a few extra precautions you can put in place to mitigate your risk of falling victim to one of these nefarious acts:
EDUCATE YOUR WORKFORCE
Take the time to refresh employees on best practices, how to identify potential threats, and how to report suspicious emails or activity.
INCREASE PASSWORD PROTECTIONS
Consider installing two-factor authentication wherever possible, and require employees to change their passwords regularly. Encourage them not to re-use passwords, and ask them to set all video conferences to private.
DEPLOY A VPN
While you cant control your employees home WiFi setup, you can ask them to use a VPN before accessing the internet on their work devices.
IMPLEMENT RELIABLE HELPDESK SOFTWARE TO ENHANCE SUPPORT
Be sure youre staying in constant communication with your team and manage assets remotely using reliable professional services automation software.
Theres no way of knowing exactly how long the pandemic will continue, or what other types of mayhem hackers may cause in the interim. But by remaining vigilant and making communication a top priority, you can help protect your business from malicious actors.