Cybercriminals Are Targeting Workers Returning to the Office With COVID-19 Phishing Scams
Since the COVID-19 pandemic began in early 2020, cybercriminals have been taking advantage of public chaos by releasing phishing campaigns and malicious attacks related to the virus. A large majority of the COVID-19 scams that have been circulating since January have been targeted towards unsuspecting remote workers who were transitioning from traditional office life and were unprepared to mitigate cyber threats while working from home.
Cybercriminals are notorious for taking advantage of current events to lure in potential victims. Now, as businesses gradually begin to re-open and employees return to working in office, they are once again targeting those workers who are readjusting to their routines. Many businesses and organizations that are preparing for this transition are enforcing new workplace regulations to ensure that employees are not at risk of infection. To prepare workers for this “new normal”, many are offering webinars and virtual training sessions to demonstrate the new policies that will be in place, and cybercriminals have already begun exploiting this for their personal gain.
Check Point, a global provider of cybersecurity solutions for corporate and government enterprises, recently shared a newly discovered phishing campaign in which attackers are disguising emails and malicious files as COVID-19 training materials.
The email appears to come from Microsoft Office 365 and invites receivers to register for a COVID-19 office training webinar. Once the registration link is clicked upon, the user is redirected to a malicious Microsoft login page that closely replicates the legitimate site and is designed to steal Microsoft credentials.
As we continue to navigate life during the time of a global pandemic and rely heavily on technology to remain informed, it’s important to ensure that you are taking the necessary precautions to secure your personal information from cybercriminals who are seeking to take advantage of these times.
Recommendations to Protect Your Information from Phishing Scams
- Be wary of unsolicited emails and avoid clicking on links and attachments.
- Cybercriminals use sophisticated methods to make phishing emails appear legit and it can often be difficult to tell whether an email is trustworthy or malicious. Even if the email appears to be from a trusted source, be cautious of clicking on links and email attachments in unsolicited emails – especially if it relates to COVID-19 or other current events.
- Implement Multi-factor Authentication. Multi-factor authentication, where users are sent a verification code via text or email, adds an extra layer of security when logging in and provides alerts when someone is trying to use your credentials. Organizations should consider employing multi-factor authentication whenever possible.
- Use unique passwords for your online accounts. Ensure that your online accounts are protected by using unique passwords for each of your individual accounts online. This can help protect your personal information by ensuring that if an attacker gains access to login credentials for one of your online accounts, they will not be able to use that information to access your other accounts. Consider using a password manager to keep track of your unique passwords and prevent credential theft.
- Recommended link: https://www.cnet.com/how-to/best-password-manager-for-2020/