Phishing emails are hardly a new concept to members of the general public and especially to those workers that spend the majority of their time in front of a computer. However, in the midst of the ongoing UK lockdown, Julian Box, Founder at Calligo, says the tactics used by hackers are adapting all the time in a bid to take advantage of vulnerable people and remote workers.
Before the coronavirus pandemic began, research suggests that phishing attacks were up 65% in 2019 compared to the previous year, so it was already evident that this type of attack was seeing something of a resurgence. Many businesses duly responded by putting procedures in place to educate staff about the warning signs and preventative measures.
However, with the majority of businesses now operating remotely and the safety net of a secure office removed, many staff are now responsible for their own working environment, communications and ensuring the hardware and software they are using cannot be compromised. This creates an imbalance in favour of the hackers, which naturally concerns IT professionals and security teams; particularly those responsible for high levels confidential or personal data.
What has changed about phishing emails?
While the main strategies used by hackers using phishing tactics have always attempted to trick or coerce users into relinquishing their own or their company’s private information, the nature of these types of messages have been changing in the wake of this pandemic - both in terms of how they look and how they are worded.
Hackers are now utilising the coronavirus pandemic to play into the mindset of those seeking information related to Covid-19. In fact, earlier this month we saw warnings from the National Cyber Security Centre (NCSC) suggesting that malware and ransomware attacks were massively on the rise, primarily due to new threats related specifically to false Covid-19 information.
Various examples of phony coronavirus health advice, educational content or financial relief have been instrumental in encouraging users to click on links and download or open attachments over the past few weeks. If these are clicked on or opened, malware infects the device and compromises the network. With hundreds if not thousands of staff working remotely in some major businesses, the risk of a potential breach has never been higher.
How to spot the signs of a phishing email and other tactics used by hackers
The wording or layout of an email will usually appear slightly different to a normal one from the business or contact that the hacker is posing as, so during these times it’s crucial that staff are checking their emails and any correspondence even more closely than usual. If something looks a bit suspicious or a little strange in general, it’s recommended that the receiver communicates with the sender via phone or instant messenger to check the credibility of the message.
Messaging apps such as WhatsApp have also recently become rife with SMS phishing, or “SMiShing” attacks, that encourage users to disclose personal information with hackers posing as government agencies and financial institutions offering to provide information relating to the ongoing pandemic.
Alerting your teams about the potential warning signs
While it is harder than ever to reinforce this advice with the majority of office staff now working remotely, regular communication to employees to reinforce the following seven points can be an effective way to ensure staff pay close attention to potential hacks:
Do not open any links or attachments in emails from untrusted sources.
Be vigilant when opening any attachments, even when the email appears to be from
someone you know. If you’re unsure, ask them.
Hover above a URL to verify beforehand, check for typos or wrong domains. If you’re
still unsure, do not click on it.
Do not be fooled by “clickbait” offers and don’t be tempted to click on links offering
discounts or advice and news.
Be wary of social media – how much personal information are you giving away?
Ensure you use trusted media outlets and official healthcare websites to look for news
Always use strong passwords or passphrases.
With many people now also using work devices on private home wi-fi networks, it is also worth
encouraging staff to share these tips with their households to minimise the risk of wider breaches in
the home that could implicate any company hardware.