Written by George Mahon, IT Security Manager at Axonex
Cyber criminals never take a break and they are currently using the Covid 19 pandemic to their advantage.
Professional services network KPMG reports they have seen over 15’000 new websites created last week alongside massive global email phishing campaigns, and these emails and websites aim to prey on people’s fears regarding COVID-19.
The sites and emails that aim to entice a user contain some of the following themes:
- Selling COVID-19 key supplies.
- Maps and resources containing hidden malware.
- Masquerading as Health organisations like the NHS or WHO.
- Masquerading as Government organisations offering tax benefits and advice.
- Fake charitable collections for health workers.
If a user is successfully hooked an attacker will aim to achieve one of the following:
- Ransomware Infection
- Crypto Currency Fraud
- Business Email Compromise Fraud
- Office 365 Credential Theft
All of which can have devastating consequences to an organisation.
The age old saying, ‘if it sounds too good to be true then it probably is’ can be applied to phishing, however there are some other typical giveaways that an email or website is suspect:
- Poor grammar, punctuation and spelling
- Design and quality of the email or website isn’t what you would expect
- Not addressed to you by name, but something more generic like “Dear Friend” or “Dear Valued Customer”
- Includes a vailed threat or sense of urgency
- Directly solicits personal or financial information
We are currently living in a completely unprecedented situation regarding healthcare and personal well-being, but it is important to make sure that you stay vigilant and don’t allow your fears and/or curiosity regarding COVID19 to catch you off-guard.