Beware of malware as criminals take advantage of COVID-19 worries
In the wake of the global spread of the novel coronavirus (COVID-19), cybercriminals are taking advantage of the fear this has generated and escalating their phishing campaigns. The large volumes of misinformation, and rising global panic, around the pandemic mean that their efforts are likely to succeed, unfortunately.
Cybercriminals are preying on people’s worries and fears by sending emails related to COVID-19 from legitimate-looking sources, containing ostensibly useful, and critical, information relating to work policy, health alerts or precautionary advice. The combination of relevant content and an urgent tone often work to trick people into opening the email and clicking a link or attachment.
Once they’ve clicked the link or opened the attachment the recipient is either led to a spoofed website designed to steal their personal information, or their device is infected with malware, which installs itself and allows a hacker to access the information on that machine.
Often people don’t realize that their device has been infected until their security scanner picks it up or they become victims of fraud or identity theft. What makes malware particularly dangerous is that it can get onto a company network and spread to other devices in the organization.
The best thing people can do in a time like this is to educate themselves, and those around them. We’ve prepared some tips to help keep yourself, your colleagues and your organization safe:
Treat every email that you are not expecting as suspicious. Be doubly cautious of anything that asks you to click a link, open an attachment, verify your details or share information that is private and personal - like passwords and PIN numbers.
Checkpoint researchers have discovered over 4 000 domains registered globally since January 2020 related to the coronavirus, according to Global Audit Tool. This is making it harder to identify suspicious emails just based on the sender’s address as cybercriminals get more sophisticated in their efforts to look legitimate.
Spoofing legitimate sources is a common tactic used by cybercriminals. The World Health Organisation has issued a statement on these scams and is asking people to verify the validity of any requests before they do anything.
Report suspicious emails to the company being impersonated. Many larger companies have a process for doing this and will ensure their security teams investigate it promptly. The faster a company is alerted, the more quickly they can respond and intervene to warn their customers and shut down spoofed websites.
Spear-phishing attacks, which purport to be from senior people in an organization, like the CFO or CEO, use a lot of accurate detail to make an email appear real. These generally ask a person to urgently make a payment or settle an invoice. If you receive an email like this, verify it through other means before you act, no matter how legitimate it appears.
Cybercriminals are getting increasingly sophisticated in their attacks, but by being mindful - and critical - of any communications you receive, you can protect yourself and avoid falling prey to their attempts.
By Linda Misauer, Head of Global Solutions, Striata
Linda Misauer is the Head of Global Solutions at Striata and is responsible for technical Research and Development, Operations and Project Management for global initiatives. Linda previously led the Product Management of the Striata Application Platform before moving across to Striata North America as Chief Technical Officer (CTO). As Product Manager, her responsibilities included internal project management of the product development team, market research & product feature design, as well as product lifecycle management and quality control. As CTO, Linda was responsible for all technical operations for North, Central and South America, including Project Management, Support, Production and Data Engineering. Linda has over 10 years of experience in the IT industry, ranging from video streaming solutions and website application development to electronic billing and messaging. Prior to joining Striata in 2002, Linda held the positions of Chief Information Officer at AfriCam, and was IT project manager at Dimension Data. Linda studied at the University of Natal - Pietermaritzburg and holds a degree in BSc, Majoring in Computer Science and Economics. Linda also has a Diploma in Project Management.