Cybercriminals are adding insult to injury. Using a mix of psychologically gripping scams, malicious parties are leveraging COVID fears to prey on the worried and vulnerable – even as the crisis begins to abate.
From health scares to finance fears, they’ll stop at nothing to separate users from their valuable, sensitive data. Scams like those ahead are up several hundred percent, and the only cure is prevention. Focus on these to educate and protect your employees from falling victim.
Advanced phishing attempts
Phishing emails have one goal: extract credentials like usernames and passwords. In March 2020, these email scams spiked 667%. Armed with hot button verbiage about the pandemic like N95 masks, virus-killing cleaning products or vaccines, these messages understandably struck a chord.
Recipients of phishing emails remain three times more likely to follow a bad link and unknowingly give up their credentials than in pre-COVID times.
Based on the research, recipients of phishing emails remain three times more likely to follow a bad link and unknowingly give up their credentials than in pre-COVID times. The increase is due in part to the numerous professional-looking messages created to capture users who may be new to hastily implemented digital transformation efforts.
Remind employees that each tool or platform they sign up for comes with some level of risk. At minimum, each one needs to have its own secure password. Some experts also recommend creating an entirely separate email address for each new account.
Booming “internal” email scams
Naturally, we’re all more likely to open an email from someone we know, especially if that person happens to be the boss. That’s the exact idea behind fraudulent business emails.
It all starts with a message from your CEO or a higher-up. They may ask for bank account info to correct an accounts payable error. Others have instructed employees to transfer funds, noting a glitch collecting their monthly healthcare premiums.
The reason they’re so successful is the apparent legitimacy of the account. Same email signature, domain and company logo. However, if employees look closely, they’ll often see a slight misspelling in the person’s name or a period where there usually isn’t one.
As a rule of thumb, employees should call a trusted, in-house contact to verify anything that appears hurried and even remotely suspicious.
Fake directives from IT
After working remotely for so long, our IT teams are practically on speed dial. Since they’re such a trusted and essential contact, scammers are impersonating them to dupe the unsuspecting.
Similar to the CEO scam, emails from a fake IT team may come through asking recipients to supply a password or instructing them to download a new programme or update their software. Many will come stacked with the name of a real-life IT member the fraudster unearthed during their research.
You can help your employees spot these fake outs by having them double check with a trusted colleague or point person before downloading anything. Yes, even a meeting invite for a new video conferencing app.
Whether peddling sanitation supplies for the office or posing as a Google representative offering to help update a search listing, employees of small businesses are fielding a variety of convincing calls.
Most recently, there has been a flurry of calls from “government agencies” who threaten legal action if contact isn’t made.
Kindly remind your staff not only are these calls illegal, but the only safe response is to hang up and report the attempt to the appropriate department.
Your network is a data goldmine. With the rise of telecommuting, hackers hoping to infiltrate it now have their best chance.
Looking for resources you can share with your team to help stay ahead of a breach? Try these online security tips when working from home. Remote work is here to stay, and staying safe will be important long after COVID.
We all have a responsibility to keep each other safe right now. That’s especially true in the office environment. Businesses are only as secure as their most susceptible employee, so educate them early and train them often to get ahead of a potential disaster.