As long as people in general have been struggling with the Corona pandemic, companies have been exposed to Corona-related attacks by cybercriminals on their email inboxes. Because depending on which topic is currently in focus in connection with Covid-19, the hackers also change course and switch to the current pandemic topics.
In March 2020, Covid-related phishing attacks skyrocketed by more than 667 percent. And with the advent of vaccination campaigns came a new wave of email-based threats. The latest Omikron variant is currently not only leading to a massive increase in incidences, but also in phishing attacks, which criminally exploit the associated insecurities of people.
Phishing attacks: Corona test topic
The increased demand for corona tests in recent weeks has also increased the number of fraud attempts, which often have the scarcity of the tests as their topic. Barracuda's security analysts have noticed an increase in phishing attacks related to Covid tests in recent months. Since the beginning of October, the number of such attacks has increased by more than 521 percent.
The criminals use various tactics to gain the attention of their victims and lure them into the trap. Some of the most common scams were:
- Offers to sell Covid tests and other medical supplies such as masks or gloves. Some of them sell counterfeit or otherwise unauthorized products.
- Fake Corona test unpaid order notifications where the scammers provide a PayPal account to receive payment to purchase rapid tests.
- Impersonation of labs, test providers or individual employees sharing fake Covid test results
Effective protection against Corona-related phishing
remain skeptical
Everyone should remain highly skeptical of all emails related to Covid testing. Some email scams contain offers to buy corona tests, information about immediately available test sites, or to share test results. It cannot be said often enough: links and attachments in suspicious emails are absolutely taboo.
Use artificial intelligence
Scammers adapt their email tactics to bypass gateways and spam filters. Therefore, a solution that detects and protects against spear phishing attacks such as impersonating brand identities, business email compromise and email account takeover is critical. A specially developed technology that is not limited to only detecting malicious links or attachments, but can use machine learning to analyze normal communication patterns and detect anomalies that could indicate an attack.
Set up account takeover protection
Not only external e-mail messages should be monitored, but also internal e-mail communication is often difficult. Successful spear phishing attacks very often come from compromised internal accounts. Make sure the scammers don't use your business as a base camp for these attacks. State-of-the-art technology powered by AI detects compromised accounts and takes real-time remediation by warning users and removing malicious emails sent from acquired accounts.
Train employees to detect and report attacks
One of the most important preventive measures to protect against phishing attacks is to educate employees. Up-to-date training on phishing awareness, seasonal scams, and other potential threats ensures employees are aware of the latest attacks and how to report them to IT immediately. Using phishing simulations for email, voicemail and SMS, the effectiveness of the training can be tested and the most vulnerable users verified.
Implementation of strict internal guidelines for fraud prevention
Businesses should have policies in place to confirm all email requests for transfers and payment changes a priori. In addition, it is important that the regulations are regularly reviewed to ensure that personal and financial information is treated properly on an ongoing basis. All financial transactions require confirmation and/or approval by multiple people in person or over the phone.
The pandemic will keep companies and organizations and their employees busy for a while in terms of cybersecurity, as criminals will also adapt their business model again and again. However, effective precautions by those responsible can certainly protect themselves and thus at least make the attackers' chances of success significantly more difficult.
More at Barracuda.com
Via Barracuda Networks Striving to make the world a safer place, Barracuda believes that every business should have access to cloud-enabled, enterprise-wide security solutions that are easy to purchase, implement and use. Barracuda protects email, networks, data and applications with innovative solutions that grow and adapt as the customer journey progresses. More than 150.000 companies worldwide trust Barracuda to help them focus on growing their business. For more information, visit www.barracuda.com.