New Coronavirus Phishing Scams & How Remote Workers Can Avoid Falling for Them

New Coronavirus Phishing Scams & How Remote Workers Can Avoid Falling for Them

It seems that no matter how other areas of technology evolve, phishing scams remain the biggest threat to cybersecurity. They are so popular, and dangerous, because they rely on getting past a human, and humans can make mistakes.

Phishing is involved in 78% of cyber-espionage incidents and 32% of confirmed data breaches. Phishing is also dangerous because it easily morphs to take advantage of the current crisis event or news of the day.

The most recent subject for phishing campaigns is the COVID-19 outbreak, and several types of emails have been spawned from that theme. All of them have a similar goal of getting users to compromise login credentials or click a link to a site that injects malware into their device.

In less than a month, phishing emails have increased 667% due to the coronavirus pandemic.

If you have employees that are now working from home due to the coronavirus, they could be doubly at risk, because of their isolation from coworkers. 

For example, when an employee is at their desk at the office and sees an email that they’re not quite sure is legitimate, they’ll often ask a colleague (or two) at the next desk for their input before clicking on anything. Having more than one eye on a phishing email can often help the recipient catch the scam.

When that employee is working from home instead, they don’t have that colleague beside them to ask. They may make the wrong decision and accidentally inject their work device with malware or put their login credentials into a spoofed Office 365 login page.

Security awareness training on emerging threats and how to avoid them is vital to securing your remote workforce. 

COVID-19 Phishing Scams to Watch For

There seems to be no lack of imagination when it comes to the types of scams being used based upon the coronavirus pandemic. Here are some of the biggest to make your employees aware of so they’ll be able to spot them.

Company COVID-19 Policy

This scam involves an email that purports to be from the company’s HR department and can even use the company name in the email. It asks employees to review a new policy related to the outbreak by a certain date.

As with all phishing scams, the link will take the user to a malicious site.

Map of Coronavirus Outbreaks in Your City

Another dangerous COVID-19 phishing scam is an email that uses the World Health Organization logo to fool the recipient. The email pretends to provide a “map of the outbreaks in your city” and includes a link for users to click.

Fake Stimulus Email

Many countries, Australia included, have planned economic stimulus packages to help their citizens in the wake of the outbreak. 

The ink is barely dry on those deals and scammers are already taking advantage by sending out phishing emails claiming to give people more information about how to get their stimulus money or directing them to sign up to receive their check.

“Doctors” Offering Medical Advice

One phishing scam going around preys upon the fear people have of contracting the virus. It pretends to be sent from a doctor of a well-known health organisation and offers suggestions on how to keep yourself safe from contracting COVID-19. 

Like the others, it includes a link for users to click that will take them to a malicious website.

Teaching Remote Employees to Avoid Phishing Attacks

User awareness training of how to spot and avoid a phishing attack is just as important now as it ever has been. Teach your employees to use the following tactics to avoid becoming a phishing victim.

Get a Second Opinion on Any Unexpected Email

Even if an employee is working from home, they can still reach out for advice on a questionable or unexpected email. Encourage them to connect with colleagues through a cloud application, like Slack or Teams, or use your remote IT support for advice before taking action on any questionable or unexpected email.

Don’t Click Links, Hover Over Instead

Phishing scammers will often use text that hides a true URL. By hovering the cursor over the link without clicking, employees can reveal the real link and many times this immediately reveals the email to be a scam.

Go to Websites Directly

If you receive an email that says it’s a map from the World Health Organization about COVID-19 cases, don’t click that link. Instead, go to the website for that organization directly, so you know you’re on a legitimate site. If they truly have a map, you’ll be able to find it there while avoiding the phishing scam.

Double Check Spellings, Grammar, etc.

Although phishing emails have become more sophisticated and many don’t have misspelled words or grammar mistakes, they can still occasionally be a giveaway.

A more common misspelling to look for is in a URL or email address. For example, one scam purporting to be from the Gates Foundation uses info@gatesfonudation in the “sender” email line. If you’re just glancing over that address, the mistake could be missed, but if you look carefully, you’ll see it’s not the true domain, it has a misspelling in the URL.

Backstop Your Employees with Advanced Email Protection

Keeping phishing out of user inboxes in the first place can greatly reduce your risk of a data breach. Connected Platforms can help you put this into place and improve your IT security for workers in the office or at home.

Contact us today for a free security consultation or to find out more about other IT solutions we can help you with. Call (07) 3062 6932 or book a coffee meeting online.

More blog posts

How to create secure passwords

How to create secure passwords

Weak passwords are one of the biggest security risks to your business.
Why?
Because cyber criminals are getting smarter than ever before. If they manage to crack just one password, they could gain access to your sensitive business data, financial information, or even gain control of your entire system.
Cyber criminals use automated tools to guess passwords, allowing them to try out millions of combinations in seconds. So, if you’re using something like “Password123” or “CompanyName2025”, you’re practically handing them the keys to your business.
A compromised password can lead to big issues, such as:
• Data breaches
• Financial losses
• Identity theft
• Reputation damage
But how do you create strong passwords without driving yourself (and your team) mad?
Think of your password like a secret recipe, where only you should know the ingredients. It should:
• Be at least 14 characters long (the longer, the better)
• Include a mix of uppercase and lowercase letters
• Contain a few numbers and symbols (like @, $, %, or &)
• Not contain any common words or easily guessable information (like birthdays, names, or the word “password”)
Instead of using a single word, you could try a passphrase – a short, random sentence that only you would understand. For example, instead of “Sailing2025”, try something like “Coffee&CloudsAreGreat9!”. This is much harder to crack, yet still easy to remember.
You should also steer clear of these common mistakes:
• Using personal info (your name, birthday, business name, etc.)
• Reusing the same passwords across multiple accounts
• Using simple sequences (“123456” or “abcdef”)
• Storing passwords in an easily accessible place (like a sticky note on your desk)
If remembering unique passwords for every account sounds impossible, there is another option: Password managers. These generate strong passwords, store them securely and autofill them for you.
With a password manager, you only need to remember one strong master password for the manager app itself. The rest are encrypted and stored safely, reducing the risk of data breaches.
Even the strongest password isn’t foolproof, which is why multi-factor authentication (MFA) is also important. MFA requires a second form of verification, like a one-time code sent to your phone or generated from an authentication app.
If you have employees accessing your business systems, it’s a good idea to have a password policy in place to explain your rules and why they’re important. This should include:
• Unique passwords for each system and account
• Regular security training on password best practices
• Business-wide use of MFA for critical systems
• Scanning for compromised passwords regularly
By making password security a priority, you can reduce the chances of a cyber attack creating a nightmare for your business.
And if you need help making your business more secure, get in touch.

Beware these common ‘malvertising’ attacks

Beware these common ‘malvertising’ attacks

Ever clicked an online ad and wondered afterwards if it was a scam?… most of us have – and cyber criminals want us to keep doing it. Here’s what to look out for to stop your business’s data (and profits) falling into the wrong hands…

Call Now Button