News, emails and social media posts about Covid-19 will get the most attention these days. Hackers are ready, willing and able to use this to their advantage. This, however, is the right time to use only trusted news outlets and not let fear lead you into falling for online-scams, such as buying surgical masks, vaccines or tests from websites you don‘t know. This is where quality security awareness training comes in.
Just the other day we got a friendly but unsolicited email from an unknown person with the subject line "Ideas for businesses and employer’s workspace for a coronavirus (covid-19) outbreak avoidance". The email came with a short message stating that in the attached excel document we’d find directions about spread prevention in the work environment. Needless to say, and due to good security awareness training, this attachment was not opened. But this is just one of the methods used by cyber criminals during this pandemic.
The Covid-19 pandemic forced many workplaces to digitize over night. We predict that this will have a lasting effect on many workplaces. For most of us work-life has been changed, at least for as long as restrictions due to this pandemic last.
Industries that before this situation had prohibited remote work have been forced to digitize. This includes bankers and aerospace engineers to almost every teacher around the world. Another sectors that has had to digitize even more than before is the health care industry. One of the most vulnerable in the cyber space. The importance of good security awareness training for these sectors has never been more clear. This is why Comtech has created ready made quality security awareness training programs for both the finance and health care sectors.
It’s always important to be careful on-line. Now that so many are working from home or simply staying at home the internet has become one of the riskiest places to be. Hackers use our quest for news, information, entertainment and solutions during this pandemic to their advantage. There is no shortage of people who believe in the latest snake oil pitch, want to buy vaccines, tests or protective clothing. Some are simply unaware that just because a URL entails the word „covid“ it might not be an official website with good information.
Many of these people are now working from home. At home the behavior is different than at the office and cyber security measures are lacking. Hackers have a better access to these employees than ever before, which poses a great risk for companies. This is a great time for companies to offer quality security awareness training to their employees.
Corona virus-related fraud is up 400%. Hackers are developing websites, apps, and tracking tools that claim to provide real-time information about the virus, promise financial assistance or corona testing kits and treatments. For those anxious for information, it’s easy to be lured to a fraudulent site and fall victim to a cyber attack. People who have received quality security awareness training are less likely to become victims of such scams.
Here are the biggest Covid-19 cyber scams and hacks we’ve heard of:
And this is just the tip of the cyber iceberg. On an individual level people are being scammed left and right. For instance with promises of divine cure in exchange for donations, sold out protective equipment, Covid-19 tests, vaccines and even hand sanitizers.
Over 2000 new phishing domains have been set up over the past month to capitalize on the surging demand for Zoom from home workers, according to new data from BrandShield. Over 100,000 domains have been registered with covid, virus and corona. They can for example be used for phishing attacks with social engineering methods playing on the fear of people or their wish to find a vaccine or for ransomware attacks against hospitals.
And then there is the dangerous spread of disinformation. Upon reviewing phishing attempts since the beginning of this year, there is a rising number of attackers, impersonating news outlets or journalists. For example, attackers impersonate a journalist to seed false stories with other reporters to spread disinformation. In 2019, one in five accounts that received a warning was targeted multiple times by attackers. If at first the attacker does not succeed, they’ll try again using a different method or account.
The list goes on and there obviously is no bottom as to how low cyber criminals will go for money.