COVID-19 Phishing Emails
Cyber-attacks have been steadily increasing over the past couple of weeks, as cybercriminals try to take advantage of the panic created by COVID-19. One of the ways that cyber-criminals are capitalizing on the spread of COVID-19 is through increased phishing attacks. Large volumes of fake emails claiming to offer virus-related information or government support have been appearing in Canadians inboxes. While most organizations have cybersecurity systems in place to combat phishing attacks, the continued shift to working remotely means that these systems may no longer be as effective.
What is Phishing?
Phishing attacks often aim to steal user data, such as login credentials or financial information. Cybercriminals, posing as legitimate organizations, will send messages through email, social media platforms or other messaging services that aim to get victims to click on fraudulent links or provide information. Cybercriminals will then use this data to hack company servers or funnel funds from victim’s accounts.
Identifying COVID-19 Phishing Emails
- Watch out for sensationalized, false or misleading information
- Beware of products claiming to be miracle cures or remedies
- Beware unsolicited medical advisory emails with links or attachments
- Fraudsters may spoof the information of government and health care organizations with medical advisory emails with links or attachments. Government and health care organizations will never ask for information over email.
- Beware of unauthorized or fraudulent charities requesting money for victims or research. Ensure to verify that it is a registered charity.
Risk Management Tips
- Keep all systems current and updated with the latest security patches.
- Require encryption for employees that are telecommuting.
- Notify your Information and Technology department / provider of any phishing emails.
- Install reputable antivirus software, schedule signature updates, and monitor the antivirus status on all equipment.
- Conduct training sessions for employees with mock phishing scenarios.
- Utilize a reputable SPAM filter that detects viruses, blank senders, etc.
- Deploy a web filter to block malicious websites.
- Encrypt all sensitive company information.
- Convert HTML email into text-only email messages or disable HTML email messages.