StartupFortune, December 10, 2020: Going into 2020, online scams hit a three-year-high. According to cybersecurity firm Proofpoint, 90% of all corporate entities were the subject of some form of phishing attack the previous year. By the middle of 2019, the corporate world experienced an average of nearly 400 attacks per month.
Now, with the advent of the COVID-19 pandemic, the digital landscape has undergone a radical change. More and more, people are engaged in a work from home scenario, meaning that an unprecedented number of users have access to sensitive corporate resources and infrastructure remotely, opening up a whole new set of corporate vulnerabilities.
The Definition of Phishing
Since the invention of email, phishing has always posed a major threat to businesses everywhere. Proofpoint defines phishing as an attempt to trick employees into divulging sensitive data, such as financial information or login credentials, through the use of misleading emails. Scams that use phishing rely on deception and manipulation in order to gain a foothold with the target company.
Phishing uses social engineering and psychology in order to obtain sensitive data. With COVID-19 dominating our cultural conversation, scammers have discovered a new avenue by which to manipulate unsuspecting employees.
Phishing in the Era of Covid-19
COVID-19 is a highly-polarizing topic. It has become an increasingly politicized, emotionally-charged subject. Unfortunately, hackers and malware authors have turned that to their advantage by circulating COVID-themed scams. According to Security Magazine, during the first months of the pandemic, Google blocked more than 18 million COVID-related phishing attempts every day. Scams like these are especially effective because workers in a remote scenario are isolated from normal corporate culture and more susceptible to duplicity.
This new brand of COVID-themed scam includes:
- False updates from health organizations
- Offers for COVID-tracking software and other resources
- Fake pandemic updates
- Facetious corporate information (policy updates, layoffs, etc.)
- Fake videoconferencing invites
- Appeals from non-existent charity organizations and nonprofits
- Fake software and browser updates
- Circulating fake petitions
In a time when information is fractured at best, and the corporate workforce is spread across multiple, remote locations, businesses are more susceptible to fraudulent scams and malware than ever before. Awareness is the first step, but there are other things you should do to protect your company going forward.
What Can You Do to Protect Yourself?
Conventional wisdom reigns supreme whenever you receive an email from an unfamiliar source. Your first line of defense is educating employees about the difference between trusted resources and potentially bad actors. Teach your people to spot fraudulent senders by showing them where official information is likely to come from (CDC, WHO, governmental agencies including local, state, and federal). It is also worthwhile to foster a corporate policy that requires employees to research the validity of unknown emails before taking any action.
The unfortunate truth is that no matter the intervention, most issues with phishing are the direct result of human error. The best course of action is to employ some form of email protection software to help protect the integrity of your intranet. COVID-themed scams should be expected to persist for some time. IT pays to be vigilant and skeptical.
This content is provided for news syndication by Startup Fortune
