The Explosion Of Cyber Phishing Scams During COVID-19

The term “phishing” refers to cybercrime in which the targets receive either an email or text with someone pretending to be from a legitimate source, these individuals then trick users into revealing their personal data.

Hundreds of millions of organizations are constantly targeted, and Google has mentioned that they’ve had to block over 18 million scam emails about COVID-19 every day. Since we’re all digitally connected in this technologically advanced era, it’s important to know the common ways of how these scammers target people, and what you can do to protect yourself.

Email phishing

Most phishing attacks are usually done through email. These scammers will register a fake domain that resembles that of a real organization and send out thousands of emails. They generally pretend to be a legitimate company, including a link on their email that takes you to a website, where you are then asked for your personal details, credit card information, account numbers, and so on. Unfortunately, these websites are fake and the information you provide goes straight to the scammers, who will use it to commit fraud.

While there may be many ways to spot a phishing email, the easiest way is to check the email address of any message you receive that asks you to click on a link or to download an attachment. Another way you can do this is to hover over the website link – if you check in the bottom left of your screen it will show you the website that link goes to. Doesn’t look legit? It’s not. Finally, you can check for grammatical errors or see if they refer to you by your full name. If there are too many errors, or they start the email with Dear Customer, or simply Dear Sir (and you’re a female), it’s a sure sign it’s a fake. Regardless, it’s imperative that you never open a link unless you are 100% sure it has come from a legitimate source.

Whaling

Whaling attacks are usually even more targeted and take aim at higher-ups to steal sensitive information from a company. While these scammers are still aiming to get information, it’s not as obvious. You won’t be getting emails asking you to click on links or download attachments. Instead, you’ll be receiving fraudulent emails that convey a sense of urgency, or contain personalized information about either you or the organization.

Whaling generally includes an email from someone pretending to be a major role player in a business, such as the CEO. The emails are personalized, usually with your name, and the email address will look credible. It could even include logos or links to a website that looks real but isn’t. The person sending the email will be looking for sensitive information, or they could even be after finances, which is something that happened to Mattel a few years ago.

In this case, a finance exec received a note from a new CEO, requesting a $3 million wire transfer to a bank in China. Because the email looked genuine, the finance exec approved it and the money was transferred. Luckily, it was a bank holiday in China and they were able to recover the money, but it could have been a devastating blow for the company’s finances.

Smishing and vishing

Both of these methods utilize phones instead of emails as the method of communication. Smishing involves these scammers sending text messages and such COVID-19 text messages have already started circulating in certain parts of the world such as Australia.

Vishing on the other hand involves the scammer calling you and posing as an investigator that’s either from a card company or a bank and telling you that something’s happened to your account. They’ll then try to gather your card details or ask you to transfer money to a ‘secure’ account.

Cybercriminals are utilizing these methods to attack both the computer networks and systems of various individuals and organizations at a time when cyber defenses may not be at its strongest due to a focus on the health crisis instead.

With the increase in cyberattacks, you must remain vigilant and take the necessary precautions against any ongoing threats to yourself or your organization. If not, you run the risk of causing significant damage to your company – just like one of Australia’s largest freight company, Toll.

Some ways to bolster your security

Here are some tips and strategies for the organization’s to boost their security internally:

• Encrypt and protect any sensitive documents that you may have so it doesn’t fall into the wrong hands.
• Use anti-virus tools, firewalls, and filtering services.
• Change your passwords frequently.
• Don’t allow remote access to your computer.
• Perform regular health scans on your devices.
• Security awareness training for your business.

Final thoughts

By taking the necessary steps, you’ll be able to prevent phishing attacks and reduce the likelihood that you or your employees will reveal personal information or transfer money to attackers.

If all of this seems like too much, you might want to consider getting some professional help. After all, developing a contingency plan, coming up with email filtering solutions, and bolstering your network security is key to combating cyberattacks. By having strong technological defenses, you’ll be well on your way to dealing with the inevitabilities of a cyberattack.