Hackers are always taking advantage of others’ misfortunes, and they have even gone so far as to leverage the COVID-19 pandemic in efforts to launch phishing attacks. How have hackers utilized this worldwide disaster to their benefit, and what can we do to keep our organizations secure in this troubling time? Let’s find out.
SecureList reports that spam and phishing trends in Q1 of 2021 took heavy inspiration from the COVID-19 pandemic. Here are some of the major threats detailed:
Stimulus Payment Scandals
Early in 2021, businesses and individuals received stimulus payments from governments in the form of economic impact payments or business bailouts. Hackers used this opportunity to swindle others through the use of phishing messages that were surprisingly professional in appearance. These kinds of messages often target users of specific banks and utilize nearly identical phishing websites to steal credentials. Others might enter information while attempting to sign up for the latest details about the pandemic, putting these sensitive credentials at risk. It’s a classic example of fearmongering being used for the profit of others.
The Vaccine Race
There was a time at the beginning of the year when the COVID-19 vaccine was difficult to get. Even though the situation has improved significantly, this initial rush created the perfect storm for hackers’ phishing emails that replicated the language and looks used in official health organization correspondence. Users could click on a link in the message, being redirected to a form for inputting personal information or banking credentials. Even those who were lucky enough to get the vaccine were subject to fake surveys to harvest this information.
Fake Accusations
If your website has standard web forms that email you, you are probably used to seeing some unsolicited submissions. Even with features like Google’s reCAPTCHA, which is designed to stop bots from filling out forms, junk can still come in. Website owners have been seeing an influx of attacks, pretending to be lawyers, copyright holders, and other entities. These messages usually come bundled with URLs leading to dangerous malware or ransomware. If you get a message from the forms on your website, be very careful about clicking links. It’s a good idea to copy/paste some of the text from the email into Google to see if it is one of the many common scams going around, or reach out to us at Bardissi Enterprises.
What Can You Do?
Hackers are always trying every trick in the book to infiltrate your business’ defenses. Phishing attacks are nothing new, so it’s your job to keep up with the latest and make sure that you are doing all you can to protect your organization. Here are a couple of ways you can do just that.
- Implement Spam Protection: Spam filters are invaluable for keeping the majority of threats out of your inbox, but unfortunately, none are 100 percent effective. The more convincing a phishing email is, the more likely it is that it will make it past the spam filter. Therefore, we recommend taking further action to protect your organization.
- Train Your Employees: In the event that spam does make it past your filter, training your employees on how to identify threats can go a long way. If they know what to look for, they will be more likely to approach them in a favorable way.
- Utilize Unified Threat Management: Even the best employees make mistakes, so it’s best to have a little bit of reassurance in the event that they do mess up. A UTM provides one single security solution that covers your organization’s network security. It’s a great all-in-one tool for any business!
Bardissi Enterprises can help your organization navigate the challenges of network security. To learn more about how we can train your employees, perform regular “tests,” and optimize network security, reach out to us at (215) 853-2266.