As businesses navigate the rough seas of the ongoing pandemic, one thing’s for certain: Cybercriminals have gone phishing. Organizations must take the necessary precautions and remain vigilantly aware to avoid getting reeled in to these attacks.
Phishing attacks are nothing new. Neither is the propensity to attack during a time of crisis. Online scams like phishing, malware, and the various forms of social engineering become increasingly more effective when individuals are vulnerable, desperate, or just looking for answers.
Global concern over COVID-19 is the perfect bait.
As businesses navigate the rough seas of the ongoing pandemic, one thing’s for certain: cybercriminals have gone phishing. Organizations must take the necessary precautions and remain vigilantly aware to avoid getting reeled in to these attacks.
What is phishing?
Email phishing scams involve sending deceptive emails and instant messages to bait you into sharing sensitive information. It often involves fabricated websites made to look identical to legitimate sites.
Or, think of it this way:
- Fishing: Bat a hook and see what bites. Reel it in and away you go.
- Phishing: In the spirit of traditional fishing, a phishing endeavor will take company logos, and send email messages to induce individuals to reveal personal information or to click links. When someone clicks these links, they are “reeled in” and malicious actions are taken.
What might a COVID-19 phishing scam look like?
- The cyber-criminal may claim to be with the CDC, or the WHO.
- They mention that they’re trying to “protect” you with COVID-19-related health tips.
- They’re providing an “update” on a coronavirus company policy with an attached PDF with details
How do you avoid getting hooked? 3 steps for investigating a potential phishing email:
1. Examine the email anatomy.
Closely examine the display name and email address. While the display name may be “Amazon Product Highlight,” dig a litter deeper into the actual email address and specifically the domain name. If it’s a phishing scam, you will see something bogus (recent example: Email name: Amazon.Product.Highlight. Email domain: @gravbrotfamilydental.com).
2. Hover over the link.
Sender asking you to click on a link? Take your cursor and hover over the link, and it will expose what site the link is actually traveling to. Upon examination, you’ll find out quickly that you’re not going to be going to Amazon Product Highlight.
3. Nab the URL.
Still not sure? Without clicking the link, nab the url by right clicking and copying link, and and put it into a Google or Bing search window and see what comes up. Come up as Amazon? No problem. Something else? You have further confirmation that the link is nefarious. Just be careful to place the link inside the actual search bar to view search results, and do not visit the actual website.
How do you promote awareness? 9 tips to put in your tackle box: (courtesy of technology partner Intermedia)
- Be cautious of emails that stress high urgency and quick action — these tactics are often used in phishing to prompt a response.
- Never provide financial or personal information via email.
- Look for misspellings and bad formatting as a sign of impersonation.
- If the offer seems too good to be true, it probably is.
- If you did not prompt the action (i.e., password reset, signing up for a trial of a product), then it’s probably a spoof.
- Be careful about what you post and its visibility on social media, as this is a source of information for cybercriminals.
- Stay up to date on the latest tactics used by hackers – tactics are always changing.
- Don’t send or store passwords in email.
- Act quickly to notify your IT department if you click on a possible phishing link.
What makes phishing particularly cumbersome in 2020? It's the number one delivery vehicle for Ransomware, a malicious software designed to block access to a computer system until a sum of money is paid.
To learn more about this dangerous and prolific attack method, download the
"Global State of the Channel Ransomware Report" below.