CYBERCRIMINALS STOP AT NOTHING TO EXPLOIT EVERY CHANCE TO PREY ON VICTIMS.
The rapid spread of coronavirus, along with media coverage of events related to it, has led to a rise in online frauds and phishing campaigns.
Cybersecurity researchers identified malware disguised as a “Coronavirus map” web application used to steal credentials such as user names, passwords, credit card numbers and other sensitive information stored in the victim’s browser.
Fraudsters also use phishing emails purporting to be from research organisations affiliated with the Centers for Disease Control and Prevention (CDC) and the World Health Organisation (WHO) claiming they can provide a list of infected people in the recipient’s area. To access this information the victim clicks on a link to a malicious website.
Follow these tips to protect your business and your clients from phishing attacks:
BE SUSPICIOUS OF UNKNOWN SENDERS
Be wary of unsolicited emails and new contacts reaching out, as well as unexpected links and attachments. Sense check the validity of any email you receive, whoever has sent it. Stop and think, does the email look and feel right, both in content and the request? If you have doubts, validate the enquiry through alternative means – not via interacting with the requester.
DON’T CLICK ON LINKS
Any link in an email is inherently dangerous. If anyone sends you a link, do not click on it unless you were explicitly expecting it and it’s from a known source. If the link is to a website, do not use the link from the email to navigate to that website. Instead navigate to the website by opening your browser and typing its name into the address bar.
DON’T GIVE AWAY YOUR CREDENTIALS
The only time you should enter your email address, password, account information or credit card number online is if you navigate directly to a website and login. NEVER email or message your information to someone. NEVER enter information on a website that you’ve linked to through an email.
BEWARE THE “URGENT ACTION”
Look out for emails that convey a sense of urgency. Fraudsters often rely on victims clicking before thoroughly thinking about the situation. Attackers often try to drive an emotional reaction using fear tactics urgent language, and offers that seem too good to be true.
USE TWO FACTOR AUTHENTICATION
To help secure your email account use two factor authentication (2FA). Accounts that have been set up to use 2FA require a second factor, which is something that you (and only you) can access, giving another layer of security.
Whilst technical solutions can prevent significant amounts of spam and email-based threats, phishing attacks are becoming more sophisticated to try and circumvent perimeter controls. Employees remain a valuable last line of defence against data loss and cyber-crime. Ensure your employees are trained and aware of the risk that phishing poses. Consider using a simulated phishing service or exercise to gauge their response to a real attack.
Do not respond to suspicious emails. If you believe that you may have been a victim of a phishing attack then report the incident immediately to your IT team/ specialist and the Network IT Helpdesk.