Phishing emails have spiked by over 600% since the end of February as cyber-criminals look to capitalize on the fear and uncertainty generated by the COVID-19 pandemic, according to Barracuda Networks.
The security vendor observed just 137 incidents in January, rising to 1,188 in February and 9,116 so far in March. Around 2% of the 468,000 global email attacks detected by the firm were classified as COVID-19-themed.
As is usually the case, the attacks used widespread awareness of the subject to trick users into handing over their log-ins and financial information, and/or unwittingly downloading malware to their computers.
Of the COVID-19 phishing attacks, 54% were classified as scams, 34% as brand impersonation attacks, 11% blackmail and 1% as business email compromise (BEC).
As well as the usual lures to click through for more information on the pandemic, some scammers are claiming to sell cures and/or face-masks, while others try to elicit investment in companies producing vaccines, or donations to fight the virus and provide support to victims.
“This is a new low for cyber-criminals, who are acting like piranha fish, cowardly attacking people on mass when they are at their most vulnerable,” argued MP Dean Russell, member of the Health and Social Care Select Committee. “It’s vital that the public remain vigilant against scam emails during this challenging time.”
Unfortunately, computer users are as exposed as ever to phishing scams like these, according to new research.
These odds make it incredibly more vital that you educate yourself on how to recognize a phishing scam (Click for a prior Educational Download from Trinity Worldwide Technologies.)
No one wants to become a victim of a social engineering attack, so it’s important to recognize an attack in progress and not be tricked into responding to it inappropriately.
While cyber-criminals are relentlessly taking advantage of the public during this pandemic we need to be hyper-vigilant in our efforts to recognize the barrage of scams coming against us. One of the services we offer is Cyber-Security Awareness Training and Real-Life Phishing simulations to train employees on how to respond to threats.
We can send these mock attacks at staggered times, avoiding the “prairie dog effect” whereas, employees warn one another of the email, for the best measurement of all employees’ awareness. We’ll track which employees have clicked on a phishing email, who has given away their password and who has ignored the email.
Once a learning gap is detected, we’ll deliver interactive educational videos to the most susceptible users. These easy-to-understand, short and visually engaging training videos include an online quiz to verify the employee’s retention of the training content. Training can be delivered regularly, to reinforce the importance of every employee’s role in protecting your business.
One of our most important roles as a technology service provider is to protect the assets of our clients. No matter how big or small your business is, a single compromised credential could put your entire business at risk.
Give us a call at 732.780.8615 or email us at [email protected] to further discuss how we can help in protecting your business against cyber security threats and how we can make technology work for your business.