As with many cyber attacks Phishing is a common tactic used. Please see the phishing examples on this page and please don't be pressured in clicking on a link. Remember, if its too good to be true..... it usually is.
Keeping Yourself and your family safe from a digital infection during the COVID-19 outbreak.
People generally fall for phishing pretexts that promise:
- A call to action.
- To fill an information void.
COVID-19 offers opportunities for attackers in both approaches. People are desperate for information and are constantly being given updated guidance on how to adapt to remote work and stop the spread of the disease, along with other “helpful tips” to deal with COVID-19. Unfortunately, the onslaught of emails from businesses detailing how they will keep staff and customers safe during COVID-19 has set the stage for users to expect these emails and will likely lead to a higher percentage of users treating them as legitimate.
The best way to protect employees from this specific phishing threat is to:
- Detail when and how you’ll communicate COVID-19-related updates and policy guidance.
- Agree on an email template and communication delivery frequency (and then actually stick to it).
- Educate users that attackers will absolutely use COVID-19 as a pretext.
- Show them the examples in this document (see below) so they know what to expect.
Organizations should also educate users with specific advice on differentiating legitimate corporate updates from phishing attempts. Even if users click, once they view the login screen, they should be told to assess with high confidence it was a phish and report it.
Currently, very few vendor emails contain an attachment. Of those that do, most are PDF files, and none that we’ve seen have any active content (e.g., Office document macros). Also, none were delivered as a compressed attachment (zip, rar, 7Z, etc.)
Examples of COVID-19 Phishing emails:
Page built and maintained by Dean Russell at the YHROCU