With the increase in COVID-19 related news stories and articles flooding our newsfeeds, so too is the rise of malware and phishing attempts from hackers. Cybercriminals are using this time to take advantage of the public’s need for information. We do not yet know the impact that the coronavirus pandemic will have on businesses, communities or our families, but one thing is certain, cybercriminals do not care. A quick look at the headlines over the last month highlights the staggering trend of coronavirus themed attacks:
- Over 10% of all organizations in Italy were hit with a targeted coronavirus themed phishing campaign
- There have been over 4,000 coronavirus-themed web domains registered since January. Out of those, 3% were flagged as malicious, and another 5% as suspicious
- UK’s National Fraud Intelligence Bureau has identified multiple reports of fraud involving coronavirus links to date, with losses to victims totaling close to £1m in the month of February.
Each day, an alarming number of malicious emails and coronavirus-related sites, appearing to be from the Centers for Disease Control and Prevention or for online maps to track COVID-19 cases, have people opening and clicking the links only to have their usernames, passwords, and credit card numbers that are stored in the user’s browser stolen. Cybercriminals are exploiting the fact that people are vulnerable and busy adjusting to remote work and believe many will be more likely to not only fall for their schemes but also to pay their ransom. While most of the world is focused on understanding and preparing for this public health crisis, hackers are focused on profiting off the same.
Just as we are told to practice proper hand-washing and respiratory hygiene, we should also practice checking sources and refrain from downloading email attachments from unknown senders. Below are some items to keep in mind before opening or sharing any COVID-19 related information you might receive:
- The credibility of the source
- Email: if on a computer, hover over the sender’s display name to see what email address pops up – does the name match or is it spoofed?
- Website: start with the About Us section of the website to see if the source has initial credibility like the CDC or WHO
- The date of publication
- With a topic as fluid and dynamic as COVID-19, ensure you are accessing or sharing the latest up to date information
Being cyber prepared should be included in your personal emergency preparedness plan. So, be alert and aware of phishing emails and malicious websites, educate those around you, and practice information literacy. With more employees adjusting to working remotely, it is more important than ever to emphasize the importance of your organization’s cybersecurity awareness to your employees. If you haven’t recently conducted cybersecurity training for your employees, now would be a great time for virtual education.
We can help
Annie Brink is the Consulting Practice Coordinator for the Risk Advisory & Cybersecurity Services group. For additional information, contact a member of Risk Advisory & Cybersecurity Service group or fill out the form below.