There is an enormous amount of confusion at the moment. Fear, Uncertainty, Doubt. Not to mention Disinformation, Rumour, Conspiracies. All this is encouraging cybercriminals to try and get computer users to give away information. Phishing, of course. With large numbers of people working from home, there are plenty of distractions, and it only takes a moment of inattention to click on something which under normal circumstances, you never would. Anything with Coronavirus or Covid in the subject – be VERY wary, of course.
Our inboxes, mobile alerts, TVs, and news updates are all COVID-19, all the time. It’s overwhelming and attackers know it. They know many are clicking without looking because stress levels are high and they’re taking advantage of that. That’s why in IT we are seeing an increase in the success of phishing and social engineering attacks. Attackers don’t suddenly have more resources they’re diverting towards tricking users; instead they’re pivoting their existing infrastructure, like ransomware, phishing, and other malware delivery tools, to include COVID-19 keywords that get us to click. Once we click, they can infiltrate our inboxes, steal our credentials, share more malicious links with co-workers across collaboration tools, and lie in wait to steal information that will give them the biggest reward.
Also, requests to change payment arrangements. (Your supplier REALLY changed bank ? Sure picked a funny time, right?) Give details of your bank account so the government can place grant funding directly. The social security department has automated its payment system due to the pandemic, what is your account number ?
If you get an email, supposedly from someone you know, or an existing customer or supplier, verify that this has truly come from them. DON’T reply to the email ! Verify by phone, or by emailing to your normal contact from a different computer, or by asking a colleague to do it.
An email that evokes fear, urgency, self-preservation – BE SUSPICIOUS.