As we mentioned a few weeks ago, cybercriminals are looking to exploit public fears using malware attacks. Now, spear phishing attacks are increasing at an exponential rate with cybercriminals attempting to capitalize on people working from home and distracted by COVID-19 fears.
The FBI recently issued an alert on the heightened threats using coronavirus as a lure to attempt to distribute malware, steal credentials, and other financial schemes. Some examples of emails to be weary of as they are actually phishing attacks with a focus on coronavirus include:
- Emails are being sent that request donations to fake charities, ask for investments in fake companies, or try to sell hard-to-find items, like face masks
- Emails claim to be from the CDC, for example, with attempts to steal credentials once the recipient clicks on a malicious link
- Compromised business email. Emails that appear to come from either your company or a vendor your firm works with containing malicious links that attempt to steal login credentials and data
What You Can Do to Protect Yourself
Most importantly, it is important to remember that the same security measures that applied to firms in the past are still relevant today, including antivirus and firewalls, keeping software up-to-date, education, and multi-factor authentication.
In addition, here are a few helpful pointers for individuals:
- Beware of links and attachments. Do not click on links or open attachments if you are not sure who the sender is or what the destination is.
- Beware of unusual communications from usual sources. Impersonation emails are rampant, so if you receive an email from someone that you often do business with, but the email looks different from the past, then do not open or click on it. Instead, contact that person directly and inquire about that specific communication.
- Beware of new companies contacting you. If a company that you do not already do business with reaches out with links or attachments, be weary. You can visit that firm’s website and do your own research. Then, you can reach out to the firm directly through its website, rather than clicking on a link in the email you received.
- Donate directly. To avoid falling victim to an impersonation scheme, find credible charities and donate directly to them. Also be weary of charities asking for donations in the form of cryptocurrencies, like Bitcoin. Legitimate charities will accept donations the same way they did before this pandemic, typically credit card or a check.
- Use common sense. The best advice is always when in doubt, do not act. If you delete a suspicious email without clicking on it, no harm should come from it.
Because of the constantly evolving threat landscape, Tabush Group launched a comprehensive service to protect both your systems and your users. Our Premium Defense Service offers additional security to anticipate and prevent cyberattacks. For more information, send us a message or call 212.252.0571.