Security experts believe the world is experiencing a cyber-history event, but it’s for all the wrong reasons. The coronavirus (COVID-19) pandemic is giving cybercriminals a reason to get into hyper-mode. They’re responding to the present health crisis with an acceleration of attacks using a single theme (coronavirus) like never in our digital history. Fraudulent phishing emails, text and voice messages focusing on COVID-19 are coming from all sides. They also include attacks using vital industries like critical healthcare, manufacturing, and pharmaceuticals as bait for their crimes. Offers for COVID-19 cures and vaccines, the availability and sale of scarce items, and bogus news updates on social media are in high gear. Cybersecurity experts are concerned about the relentless volume of these duplicitous attacks and for the countless victims who fall prey.
Proofpoint security has been studying the malware outbreak and reporting on the wide range of threat vectors tied to the coronavirus. There’s a virtual explosion of credential phishing, spam, business email compromise (BEC), malicious attachments, and links, downloaders, ransomware, fake-website landing pages and way more. Proofpoint also reports some startling statistics, this one about COVID-19-themed phishing emails, “Criminals have sent waves of emails that have ranged from a dozen to over 200,000 at a time. And the number of campaigns is trending upwards…This increase underscores just how appealing global news can be for cyber criminals.”
The report also finds “Approximately 70% of the emails Proofpoint’s threat team has uncovered deliver malware and a further 30% aim to steal the victim’s credentials. Most of these emails are trying to steal credentials using fake landing pages like Gmail or Office 365 and ask people to enter their username and password.”
Staying cybersafe during this pandemic is absolutely possible, but it takes a super-heightened sense of cyber awareness and a double dose of common sense to stay that way. Proofpoint is certain the cybercrime outbreak will continue as long as hackers can exploit the human condition. Below are important anti-phishing steps to use, especially at this most vulnerable time.
• Beware of any emails tugging on fears and emotions, over-promising, or offering news that sounds too good to be true.
• Verify senders are legitimate, as hackers love to steal contact lists and pose as trusted sources.
• Do not follow links or open attachments. They can be loaded with malware and can take you to a fake website that looks like the real thing. The bogus web pages are designed to steal your personally identifiable information (PII). Instead, verify and type-in the real domain name yourself.
• Carefully check URL’s for tricky misspellings, as well as the email content for bad grammar and typos. Hackers may be a slippery bunch, but they’re not known for their writing skills.
• Avoid using public Wi-Fi, especially when making purchases or banking. Consider using a VPN (virtual private network) for a secure connection or waiting until you get home to do sensitive tasks.