6th April 2020

Will You Catch the Covid-19 Phish?

By Catherine Aleppo
Client Director - Head of Cyber
Data virus
Cybercriminals are wasting no time in taking advantage of the current climate and widespread fear caused by Coronavirus.  

 

With many employees now working from home, it is important for businesses to consider the cyber security risks associated with remote working. Companies rarely have the expertise or resource to combat cyberattacks, and with the effects of Covid-19 this is only going to worsen with staff shortages. Criminals are exploiting any vulnerability – be it targeting technology weaknesses, or human error through sophisticated social engineering manipulation.

It is often said that humans are the weakest link when it comes to cyber risk. However, as phishing emails continue to make it into our inboxes, it’s clear that technology is failing to identify and prevent them.  Therefore, the task of catching what technology is letting through falls to us, by being prepared, identifying and reporting all suspicious emails we receive. 

Technology is failing to identify and prevent phishing emails.

It is important now more than ever that we think before we click. It’s not so much that the volume of phishing emails has increased following the outbreak of Covid-19, or that new methods for stealing credentials have been born, criminals are taking old templates and adapting them to a Covid-19 theme and playing on the fear factor.

Examples of credential phishing emails include:
  • Enticing victims to click on embedded attachments titled “Covid-19 Treatment & Cure Reports” or “COVID-19 Preparation Guides”
  • Action required relating to “Enrolment for Working Remotely (From Home)”
  • Subject titles **URGENT** Covid-19 vaccine, containing files, and a simple message of ‘Please find attached’
  • Emails with no attachments but looks like a typical business email from a CEO/Exec member, relating to plans for Covid-19 enticing the victim to reply to sender.
  • Zip file attachments containing malware pretending to be outbreak prevention and cure updates from legitimate organisations; or fake client communication with Q&As on Covid-19

Five signs to spot a Coronavirus phishing email.  

Download the infographic here.

Criminals know this is a time when organisations are sending critical communications, and people are going to be more susceptible to these types of phishing scams.

There are no absolutes in risk management. With core business functions and objectives being affected, a ‘belt and braces’ approach is required that reduces the risk with timely security protocols. Cyber insurance is a vital protection for organisations against the fingers and thumbs dynamic, especially at a time when we are all pre-occupied with keeping ourselves and our loved ones safe.

Read this article for eight tips to help ensure your workforce is prepared and cyber smart.


If you have any other cyber-related queries, speak to our cyber specialists today on 020 8633 8430.