Hackers are looking for ways to take advantage of the COVID-19 news and launch various campaigns targeted at spreading malware and breaching sensitive user information, including user credentials. Recent industry research suggests some specific examples of attacks users may get exposed to:
Malware
Malware can be distributed on users’ computers using phishing campaigns. They aim to breach login credentials and company data.
Always look out for the documents that appear to be from a reliable source (a co-worker or a client). Once opened, these documents can launch malware to your system.
Credential Theft
Emails may appear to be from some authentic sources like the CDC and have links to spurious login pages. Once clicked, these pages will ask for your credentials in an attempt to steal usernames and passwords for any of your sensitive accounts, like Microsoft Exchange.
Scams
Emails pretending to sell face masks or coronavirus cures, even ask for investments in bogus companies that appear to be developing vaccines.
Spurious emails, asking for donation requests to fake charities – such a request usually includes a Bitcoin wallet for donation purposes.
What Should Users Do to Secure Themselves?
1. Stay cautious of any emails trying to get you to open any link or attachment
Use a reliable email spam filter solution to stop these malicious emails from reaching the recipient as it provides a sound defense system. However, applying these solutions minimize the malicious emails, though no email filter can completely stop spam emails.
2. Never share your personal information
Users should never share confidential information through the links given in emails. Also, never send an email with critical information to anyone. Adopt a good practice of checking the website address. A safe website always begins with ‘https’ extension where ‘s’ stands for secure.
3. Be alert while opening emails from organizations you expect to get contacted
Ensure cross-checking the authenticity of the sender’s email address and domain name on each email you get. Just hover your mouse over any given links to make sure they point to some trusted website.
What should organizations do to secure users and data?
1. Aware employees with training sessions on phishing scenarios.
2. Keep all systems updated with the latest security patches.
3. Apply a security policy to address password complexity and expiration.
4. Use multi-factor authentication for safe access to applications and the environment (such as a VPN).
5. Implement a web content filtering solution to stop malicious websites from harming you.
6. Deploy email spam filtering solution to minimize the number of phishing emails arriving.
7. Implement an Endpoint Detection & Response (EDR) solution on each system to stop malware from distributing into the IT environment.
Layered protection can help secure your business and your users from any potential security threats. Protected systems and informed employees are critical when protecting your company from any phishing attacks. If you are seeking expert assistance to create a strategic phishing security plan or need help with anything you see above, please reach out to SupportNerds on 888-462-2719 for instant solutions.