A phishing email is an email that lures the user in with the intent of doing harm. Typically, phishing emails are done with the goal of stealing private or sensitive information for a cost to the user.
An unfortunate truth during this crisis is that crooks are exploiting Coronavirus as part of their phishing attacks, malware, and ransomware. According to Barracuda Networks, these attacks have grown from 1,188 in February, to 9,116 in March. That's a 667% increase in criminal activity.
Here are the top scams to watch out for:
Claims of a cure of Coronavirus
Coronavirus updates from common companies with attachments
Medical information not directly from trusted sources like the CDC and WHO
Emails referencing FedEx, Paypal, WHO, or any banks
Text messages that prompt clicking a link, calling a phone number or installing an app
IRS W-2, tax forms, or stimulus information
Hospitality and travel related issues
Lay off, furlough, or other employment related issues - contact your HR representative directly
Anything capitalizing on fear
To avoid these scams, make sure to:
Look closely at email sender addresses
Don’t click on links in emails – navigate to the site yourself
Be cautious opening attachments from people you don’t know
Be suspicious if the message has a sense of urgency
Be suspicious of anyone asking for personal information, a credit card, or a money transfer
Before sharing sensitive information or looking at national updates, make sure the websites are legitimate government sites (often ending in .gov or .mil). Also look out for the https:// which ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely
Verify a charity's authenticity before making donations
Download our Ultimate Guide to Phishing Simulations
Implement an email filter/firewall.
Implement a Phishing Simulation to test your team. Cyber criminals are learning savvy ways to get past your email filters. There will always be emails that slip through the cracks. Building a human firewall is your first line of defense against these attacks. If weaknesses in your team are spotted, then those individuals will go through training to make sure they know what to spot.
Implement a SOCaaS. Having a SOCaaS in place will be your top line of protection. It is continually monitored and threats to your system are spotted before damage is done.
To ensure data and PII security, organizations that process financial transactions need a security operations center (SOC). A SOC centralizes the management of crucial security and risk management-related functions, including:
A comprehensive view of all log data via a central management console with security information and event management (SIEM)
Monitoring of network configurations, security controls and policy enforcement in order to verify ongoing compliance with PCI DSS, FFIEC, GLBA and other guidelines
Security alert triaging
Incident response
In light of this increase in criminal activity, Calance is dedicated to putting some good back into the universe. For the remainder of the quarantine, we have freed up our experts and are offering 30 minutes of FREE security consultation. We are also offering Phishing Simulations to test your employees' recognition of these threats.