In these strange times, increasing numbers of us are confined to the home with little but our concerns for neighbours and loved ones, and hopefully some work, to keep us going. But those with an entrepreneurial spirit and complete moral bankruptcy really are going all out to make sure that their criminal chums or their state-level paymasters profit from this crisis at the expense of the rest of us.
This pandemic really does provide a golden opportunity for scammers to use our fears to extract money, login details, ways into corporate networks, etc.
Many people are confused and worried. They will be more inclined than usual to click where they shouldn’t click if they think they’re going to have their fears assuaged, and that’s where the phishers come in.
Most phishing emails will direct a user to open an attachment to install malware or click on a link which will at some point direct them to enter login details or valuable personal information.
Anything that plays on people’s fears, needs and even generosity will be being exploited:
- Information about the spread of Covid-19
- Maps showing local infections
- Offers of much needed supplies, such as face masks or other personal protective equipment
- Requests for money from charities
- Details of how to get a government handout or a mortgage refinancing
- Offers of help with medical costs, or even cures for Covid-19
- Pretty much anything Covid-related that generates a sense of urgency
The FTC are so concerned about people being scammed that they’ve created a Scam Bingo card to help increase awareness.
Now, it’s all too easy to scoff at the ‘ignorant’ user clicking on something they shouldn’t when they’re looking at something they shouldn’t, and doing it on work time! However, business worries are also being exploited.
- Is that shipment going to arrive in time?
- Can I get the parts I need?
- Is that company I invoiced last week going to make the payment?
- Is it even safe to handle deliveries from [insert name of any city/state/country]
These concerns have always provided a target for the phishing scammers, but the target is especially big right now. Many businesses genuinely do not know if their supplier or client will exist next month, and any email that seems to give an answer could be the one with the malicious attachment.
An attacker could gain control of the computer of a C-level exec, or they could grab their login details and impersonate them using their own email account. The damage to the business could be as bad as the impact of coronavirus itself.
If you have changed business practices recently to allow remote working, you may have much less visibility over users’ actions. Obviously it’s crucial to ensure that all computers have up to date security patches, software and anti-malware; no more so than when users are working remotely. But that’s not the only protection you need.
Awareness training at all levels and testing where possible will be the best way of preventing something bad happening. It will also be useful to the employees in normal life, whatever that is now. And it’s no bad thing for the IT department to make themselves more visible and much more approachable, even virtually. An attitude of ‘no question too dumb’ might stop something dumb happening!
The outlook for many businesses is at best unclear right now, but it shouldn’t be made worse because someone falls for an easily avoidable scam.
Speak to the experts at TBG Security about how to make your business more resilient against the phisher-folk.