Along with the rapid worldwide spread of the pandemic COVID, so has been the increase in the number of cyber attacks as well. Employees are undoubtedly the backbone and strength of any organization and companies should protect their employees from malicious cyber thefts or attacks by asking them to be skeptical of opening up emails from unidentified or unfamiliar sources.

Detection and response activities should be coordinated well in advance by the cyber security teams in close association with the fraud risk management team to stay safe from such attacks.

What Are The COVID-19 Related Issues Arising?

There are numerous social engineering campaigns based upon manipulating the fear of the virus being widely shared around and being spread, as quickly as the disease itself. Malicious mails keep spreading across various channels with the fake id of trusted banks, merchants or co-workers, managers or IT administrators. The volume of malicious emails and users have rocketed up to the high level these days, according to many surveys conducted by cyber securities companies monitoring virus related cyber attacks.

What Are The Main Focus Of Cyber Criminals now?

BEC also referred to as Business Email Scams are what the cybercriminals are running after at this time of worldwide crisis. They are designed with the mission of tricking victims to transfer sensitive data or funds that could be personal or corporate and could even be to threaten actor’s accounts.

Stealing credentials is another focus of these cyber criminals wherein they can utilize these data to infiltrate organizations and compromise information systems, especially corporate payment systems and quality of services provided. Once found successful, these attacks can open doors to more fraud activities as well.
Ever heard about social engineering scams?, well they often tend to proliferate in the wake of natural disasters, calamities, pandemics and mass shootings. Please be aware about some COVID-19 related tactics that have emerged.

Emails Floating As Government Announcements

There are many cyber attackers around who are sending phishing and BEC emails often designed as initiated by authorized government bodies. These fraudulent emails will contain logos and other images associated with the Centers For Disease Control (CDC) and the World Health Organization. To make these emails look even more interesting, they would probably be linked to other items of interest such as “updated cases of coronavirus near you”. What you should be careful about is the landing pages to which these malicious urls often redirect you to would be false pages which may look legitimate, but the sites are often found to be malicious and may be designed to steal away your email confidential credentials.

Operational And Industry Disruption

Most of the temporary supplies and revenue of major functioning industries has been disrupted unpredictable since the outbreak of the pandemic COVID-19. Cybercriminals are utilizing this situation and they hope that victims will mistake their malicious emails to be legitimate ones. For example, emails with appealing subject lines like “Coronavirus – Brief note for the shipping industry,” have been sent to employees of many companies in industries being disrupted by the virus.

There are few other cases reported wherein some campaigns have even been disguised to look like invoices, shipping receipts and job applications. BEC campaigns are targeting manufacturing, finance, pharmaceuticals, healthcare and transportation companies. False emails typically include attachments that contain malware designed to harvest sensitive data, or harmful ransomware that could disrupt access to, or availability of, information systems.

Hidden Malware

We have seen a rise in malicious emails directing recipients to educational and health-related websites riddled with malware. One email, masquerading as a notice from a virologist, read: “Go through the attached document on safety measures regarding the spreading of coronavirus. This little measure can save you.” Recently, coronavirus maps have enticed users to click on maps loaded from legitimate sources that run malware in the background.

False Advise and cures

Emails purporting to hail from regional medical providers, sent to people in Japan in January and February, were among the first coronavirus-related phishing attacks. Some phishing emails invite recipients to download attachments containing “secret cures” for the virus. The attachments instead contain malware designed to steal the personal and financial information of the victim. Some emails include conspiratorial and false claims that COVID-19 was manufactured to reduce the world population.

False Charity

Another phishing campaign involves emails designed to mimic the CDC, soliciting donations to fight the spread of the virus. The emails appeal to recipients’ altruism, urging victims to donate into a Bitcoin wallet or to make other types of payments. The CDC, a federal agency under the Department of Health and Human Services, is taxpayer-funded and would not solicit donations. Other malicious actors may create fraudulent charities. One should never donate to charities via links in emails; instead, give at the charity’s website. Follow fundraising platforms’ guidance on  how to recognize and report fraudulent charities.

Fraud that goes beyond Business Email Compromise

Your cybersecurity team should coordinate fraud detection and response with your organization’s fraud management teams to compete such cyber attacks. During crises and economic downturns, many other types of frauds increase, and they can be harder to detect and may require adjustment to controls to mitigate the risk. For example, customer account security controls, such as risk scoring models, will need to be recalibrated to discern fraudulent transactions from legitimate transactions. Fraudsters may target different products than they did prior to the crisis, as customers may change behaviors and preferences amid the crisis and the economic downturn.

Help Your Employees Fight Such Cyber Attacks With EMTECH

Threat aware employees could be the first line of defence against all cyber intrusions. Even before the COVID-19 outbreak, the statistics reveal that on mid-large scale industries almost 70% have been successfully delivered to their target with about 7% recipients clicking on malicious links. As time has prove, it just took a click for your entire organization to be infected which means one click, one endpoint agent, one failed alert or one suspecting employee can help cyber attacks to claim victory over your network.

To assure your employees that heightened awareness can be a powerful antidote. To protect from social engineering attack, coach all employees to take these precautions:

Be Skeptical of all emails from unidentified or unknown sources on your inbox or could even be designed from some familiar people of your organization (like CEO or Channel head) who don’t usually communicate with you.

Don’t Click on open links and attachments from unknown emails.

Don’t Forward suspicious emails to your coworkers without verifying or being sure of their genuinity.

Always analyze the sender’s email address to ensure that it is from a true source. Hover your mouse over the link, without actually clicking on it to analyze the “from” and “to” fields and look for any suspicious content.

Observe for grammatical errors as they are usually a sign of any fraud or malicious activity.

Always report suspicious emails to the IT or security department.

EMTECH has a specialized cyber team in handling cyber attacks and also in keeping your organization safe from all such related cyber thefts and attacks. Reach out to us for more customized solutions that could help you keep your organization’s data secure from all kinds of malicious cyber attacks.

#stay safe from cyber attacks!.