CISA: Massive Increase in COVID-19 Phishing Attacks
CISA just released a new alert warning of a massive increase in cyberattacks, especially phishing attempts, in the wake of COVID-19. As we reported in The Week in Breach, phishing attacks have risen by a whopping 667% in just one month.
Cybercriminals aren’t wasting any time in their rush to maximize on the opportunity offered by the fear and uncertainty surrounding the Coronavirus pandemic and the world’s sudden shift to telework – which means that companies need to act fast to secure their data and systems.
Here are a few of their favorite tricks right now:
- Phishing for passwords and more – Using tailored pandemic related subject lines like “Update on Coronavirus cases in Maryland”, these official-looking messages are designed to fool the unwitting user to click a link inside and provide the bad guys with credit card information, password, personal information, and other valuable data.
- Phishing for malware deployment – The old “download this attachment” has a new twist. These COVID-19 related email messages are crafted to look like they’re from a trustworthy source like a government agency and ask the receiver to open an attachment or download a file – except it’s really a malware bomb.
- Phishing for remote workers via Zoom – Everyone is using teleconferencing software these days – and cybercriminals know it. That’s why they’ve started phishing in a new way by sending out invites for calls on Zoom or other services that look like real meeting invites but when the user clicks the link, it’s actually malware.
This drastic increase in the danger posed to systems and data by Coronavirus-related cybercrime is a wake-up call about the importance of training every staffer to be savvy about spotting and repelling phishing attacks. Using BullPhish ID, companies can quickly get their staffers up to speed on today’s phishing threats. Using training and testing that’s tailored to the needs of each unique business, BullPhish ID strengthens every organization’s best defense against phishing attacks – it’s people.