Sorry to disappoint, but it looks like the Coronavirus crisis is here to stay and, as long as it stays, people with bad intentions will continue to exploit this crisis and play on the vulnerable fears of people. One of the most successful methods malicious actors use to spread their nefarious phishing campaigns is through the use of phishing emails. Have you ever received an email that you just weren’t expecting? An email that mentions “thank you for shopping at a particular shop” and tells you to click on a link to confirm your order, even though you didn’t order from there? That is an example of a phishing email and they are thriving during the coronavirus crisis. Below are the various examples of the types of phishing methods out there in the wild. These are the types to look out for during the coronavirus pandemic. Simply put, phishing is a form of social engineering designed to trick people into willingly providing personal information such as passwords, pins, info about others to someone posing as a legitimate institution or person.
There must have been a time in work where a lot of your colleagues including you received the same email at the same time. Because of the user training you and members of your team received you were all able to realise that it was a phishing campaign, and then reported to your security team. Spear phishing is the exact opposite: it’s normally a single email that targets a specific individual. They are usually very well crafted because the sender uses social engineering techniques to tailor the email to that specific person. For example, say you posted your personal email on twitter for whatever reason, and after that, you then like a tweet regarding a supposedly potential vaccine for coronavirus in its final stages of testing. Someone with malicious intentions will see that and craft a very specific email to you relating to the tweet you liked. The email contents may contain info such as telling you that you’ve been randomly selected to participate in coronavirus vaccine trials and you’ll get paid £5000, click here to sign up. Before you know it you’ve just given that person more personal info about you if follow up with the scam email.
This is also known as SMS phishing. It is a method for malicious actors to send deceiving text messages to people. The messages often contain a link to click which downloads malicious payloads. An example of this is a link mentioning click here to win a pair of wireless earphones worth £200. They’ll mention high figures because who doesn’t want the opportunity to save £200? To keep safe from smishing, do not interact with any random text messages. Enter the sending number on Google to see others have reported it. If you haven’t signed up for text messages from a particular company, don’t click on anything when you receive a message.
Vishing is the practice of fraudulent phone calls made by cybercriminals to trick victims into sharing money and personal information. These are often smooth callers impersonating someone and can become very aggressive to get info out of you. Many times they create a sense of urgency to convince a victim to disclose sensitive information. Vishing incidents have sharply increased during the coronavirus crisis. According to the Federal Trade Commission, there have been over 128,000 fraud attacks on phones in 2020 costing $108 million. You can protect yourself from vishing by refusing to disclose any information to the callers, take their name and number down to conduct your investigation without giving away any ounce of info and, lastly, just end the conversation if you deem the call to be malicious.
Cybersecurity Training can and will help you avoid these issues above, but what’s also important is trusting your gut. If you think whatever you received is suspicious it probably is.
By Michael Ogunijimi