The Coronavirus is a Breeding Ground for New Phishing Attacks
Just because businesses are taking a break to protect their employees and customers from possible coronavirus infections doesn’t mean that cybercriminals are going to stop. In fact, recent phishing attacks have started to leverage current events to scare potential victims into clicking on malware links and attachments.
In today’s video, Steven Goodman and Sean Jacobs discuss phishing attack strategies and how cybercriminals are leveraging current events to trick potential victims.
Watch Sean and Steve Talk about Phishing and Current Events
Warning: Phishers Often Use Current Events in Their Phishing Emails
The video starts with Sean talking about how phishers often like to use current events in their emails to heighten their urgency and perceived legitimacy. As he notes in the video, “Something that we see a lot, especially on phishing prevention sites, [is] people using current events to try to trick or scare people into clicking on a link.”
The major current event that is getting used as this post is being written is the coronavirus outbreak. A lot of phishing emails are being sent posing as organizations like the CDC with fake, malware-laden PDF downloads or links. Others are posing as businesses offering updates about their schedules in light of the virus outbreak—updates that you can get by clicking on the link in the email (which probably has malware or leads to a fake website).
At other times, phishers would use something different. One example that Steve gives in the video relates to seasonal promotional offers. As Steve says, “So most of the time, it would be something like: ‘Oh, it’s Valentine’s Day, don’t forget to pick up your free Starbucks something-or-other.’” Tricks like these that leverage current events help trick people into lowering their guard.
Anti-Spam and Anti-Phishing Engines Can Help, But They Shouldn’t Be Your Only Defense
As the discussion progresses, Sean brings up some real-world examples of phishing emails that have targeted some of Protected Trust’s clients and associates. In the video, he says:
“We’ve been seeing some emails that—fortunately, in this situation—they’re getting caught by anti-spam and anti-phishing engines. But… in our quarantine, I’m finding some emails that look like something that came from the CDC that says: ‘Click here to get information about prevention.’”
There have even been emails offering cures and vaccines that supposedly come from the CDC and other public health organizations. However, as noted by the World Health Organization (WHO), “The virus is so new and different that it needs its own vaccine,” which has yet to be developed as of the time of this article. Additionally, the WHO notes that, because this is a virus and not a bacteria-based disease, “antibiotics should not be used as a means of prevention or treatment.”
While spam filters and anti-phishing solutions can block a lot of these phishing emails, some may still get through to your employees—as evidenced by the emails that Sean found. So, it’s still important to drill into your employees the need to treat any email offering a miracle cure or an update about the coronavirus with due caution.
In addition to these protective measures, it’s important to have antivirus and antimalware software installed on your business’ computers, and to have remote backups of data in case a database or network asset becomes corrupted with malware.
Urgency Language: The Biggest Red Flag for Phishing Emails
In the video, Steve mentions that one of the biggest “red flags” indicating that an email might be a phishing attack is “Urgency Language.” Some may call this urgent verbiage, emergency messaging, or something similar—whatever you call it, it’s a major indication that you should be on your guard when interacting with any given email message.
Urgency language is an incredibly powerful tool that pushes people to make rash decisions, such as clicking on links without conducting proper checks, which helps phishing attacks succeed. So, one of the best pieces of advice for avoiding phishing attacks is to treat super-urgent communications that say things like “final warning” or “you must act now” with extreme caution.
Be sure to watch the video to get the whole story. If you have any questions about how to avoid phishing attacks, or about how you can use remote work and collaboration tools like Microsoft Teams to avoid public health pandemics, reach out to the Protected Trust team!