Coronavirus: How to Prepare Your Team for Phishing Attacks

The coronavirus pandemic is pushing companies and their employees online as remote work becomes the new norm (at least for the time being). It’s an opportune time for scammers looking to sell your data and make no mistake, they are using every trick in the book to get your information.

Cyber threat actors (hackers) are opportunistic and pay close attention to relevant and urgent topics. That’s why we see targeted and seasonal phishing trends, such as:

• Open enrollment phishing scams in October and November
• UPS, FedEx, and Amazon phishing scams between Black Friday and Christmas
• Tax related scams in March and April (potential uptick in June 2020 for the same reason)

One of the main reasons huge, global events, like the COVID-19 pandemic provides the biggest opportunities for hackers is because of social engineering.

What is Social Engineering?

This method is common, and extremely effective. Social engineering occurs when targeted individuals are manipulated into giving up confidential or personal information to be used for fraudulent purposes. Social engineering is a way to dupe a victim to do something, like click a link or open an attachment, that they would not normally do. This technique increases the sense of urgency, which results in people clicking before they think.

Most phishing scams leverage social engineering. It is a smooth deception that people fall prey to more often than you’d think. Nowadays, with most of America using social media and email, it's making the job that much easier for cybercriminals to steal your employees’ information.

How You Can Combat Phishing Campaigns

Many phishing campaigns associated with COVID-19 have been related to organization closures, access to health care, and supply chain notification. We suggest that organizations do the following:

• Adopt a “single source of truth” strategy, as it relates to organizational information, such as plant or site closures, work-from-home, etc., where any of that related information will be distributed from a specific email address or public information officer.
• Push out notifications to their technology users that COVID-19 related phishing scams are increasing and to take precautions (Think before you click).
• Consider pushing out notifications in non-email methods, such as login banners.
• Use aggressive email filtering to quarantine suspect emails.

Get Security Awareness Training for Your Team

Don’t let your employees give scammers the time of day. Instead, give your team the benefit of security awareness training. Especially now that remote work has become the most prominent recourse for business continuity. Your people are your biggest vulnerability and biggest asset in the fight against cybersecurity threats, but how do you put them to work on the front lines to defend your organization? Give your team the tools they need to maximize their online security now and in the future. Reach out to IE’s security team today to see how we can help you protect your people and assets, secure data, and fulfill compliance requirements.