As many of us are adjusting to the everchanging environment around the Coronavirus, criminals are devising ways to attack us from another front, our computers. Companies across the US are moving to have employees work from home. These remote workers are at risk to have their user information and transactional data exposed during online transactions from specific types of threats. Including:
- Phishing
- DNS poisoning
- Keystroke logging
- Screen grabbing
- Cookie scraping
- Clipboard grabbing
- Browser and session hijacking
The rise of COVID-19 has also led to a growing trend of phishing attempts using public concern over this crisis to trick people into clicking on malicious links posing as resource information. While Phishing scams are hardly new threats, the Coronavirus outbreak creates the perfect storm for these scams to be effective. People eagerly looking for updated and valid information regarding the pandemic. This emergency is particularly ripe for security incidents because COVID-19 has the potential for disruption to both personal activities and businesses. We can expect to see phishing emails not only from sites posing as government agencies and health organizations but also deliver companies or companies providing information on market conditions.
Phishing is one of the most troubling form of hacking because it provides an entry point for many types of cyber incidents, including identity theft and delivery of malware onto a victim’s computer. These types of scams can lead to criminals accessing the entire user’s network and be an entry point for ransomware attacks.
Check Point Software Technologies, a leading provider of IT security products and services, reported last week that, since January 2020, there appear to have been more than 4,000 Coronavirus -related domains registered globally. Check Point’s researchers believe that approximately three percent of the domains registered are malicious, and an additional five percent appeared suspicious.
The result is an environment poised for the perfect storm. As people search for more information it is very likely they will click on links, even from unknown senders, without first confirming the validity of the sender and the link. With the increase activity of the 24-hour news cycle environment, it is easier for phishing emails to blend in with the high volume of email traffic, leading to reduced vigilance. New campaigns are being discovered daily, one egregious example being a campaign in the form of a phishing email with a PDF offering Coronavirus safety measures. When opened, malware is loaded onto the user’s computer.
May of these attempts circumvent traditional firewall and antivirus protections. In an attempt to stay on informed, people often forget to confirm URL validity before accessing sites or opening attachments. Cyber criminals use links to fake maps which appear to track the progress of the pandemic, and to information purporting to come from legitimate and respected health resources. These fake sites contain malware that steals usernames, passwords, credit card information and other data stored in browsers. In some cases, users are eventually sent to the legitimate site (after providing passwords and other information to the hacker).
Pitfalls to avoid include the following:
- Pay close attention, does the sender appear to be a legitimate source of information? Do not click on links if you are unsure.
- If an email asks you to click on a link or open an attachment, check the following first:
- Scroll over the link to see if the full address is consistent with the sender identifier;
- Check closely for misspellings in the sender name (close to a legitimate name but not quite right);
- Check for odd content in the email (for example, the salutation identifies you as “Dear Ms. L. Smith” instead of “Dear Ms. Smith” or “Dear Lisa”); and
- Do not be embarrassed to call the sender to verify the email came from that person (do not reply to the email).
- Watch out for links to non-profits asking you to donate in relief. If you want to make a donation, go straight to the non-profit’s website.
- Never click on a link asking you to reset your password. If in doubt, go straight to the website, log in, and use the formal password reset procedure. Do not provide personal information, including financial information via an email link.
- Implement and use dual authentication protocols.
- Keep computer systems up to date, including all security protections.
- Businesses should already be routinely testing their environments and providing security education and training for personnel. This is the time to remind everyone of these protocols.
When in doubt, do not click. It is better in this environment to be overly cautious.
Teksight360 is aimed at revolutionizing the cybersecurity industry by developing innovative cybersecurity products and solutions. Teksight360’s mission is to empower small and medium sized business to adopt a proactive approach towards cybersecurity through strategic and tactical threat intelligence sharing, and cyber forensic analysis.