In recent days we are seeing many phishing attacks that use COVID-19 as an excuse.
Many of the COVID-19 scams that occur involve attempts by companies and individuals to sell products that they say prevent or cure the new coronavirus, which has already killed more than 899,000 people worldwide.
Scammers are selling bogus remedies ranging from colloidal silver to cow manure. But the new coronavirus is exactly that, new, and there is still no known cure. Vaccine trials are underway, but any scalable results are months away.
Cybercriminals seek to exploit our craving for information as a means of attack. Attackers frequently use COVID-19- themed phishing emails, claiming to provide official information about the virus, to get people to click on malicious links that download different types of malware onto their devices.
Attackers are also taking advantage of the fact that many people who work from home have not enforced the same security on their networks as they do at work. Either company doesn't have the right technologies or security policies in place to ensure that all corporate devices have the same Wi-Fi security protections, regardless of whether they are connected to a corporate network or an open home network.
Additionally, multiple cases have been reported of malicious Android apps related to COVID-19 giving attackers access to smartphone data or encrypting devices for ransom.
The global pandemic has also led to the creation of more than 100,000 new COVID-19 web domains, which should be treated with suspicion, even though not all are malicious.
In the wake of large-scale global events, cybercriminals are among the first to try to sow discord, spread misinformation, and seek financial gain.
10 Tips to Protect Yourself From Phishing About the Coronavirus
Both employers and individual employees have essential responsibilities to protect the business and ensure that cyberattacks do not further risk the already disrupted work environment.
Here are some tips to protect yourself from phishing about the coronavirus, whether you are an entrepreneur or an individual.
Business
At this critical time, business leaders have a greater responsibility to set clear expectations for how their organizations manage safety risks in new work environments, taking advantage of new policies and technologies, and training their employees.
It is important that safety messages come from the top of an organization, and that good examples are set from the beginning. Here are three recommendations for business leaders.
1) Understand Business Threats
It is important for employers to work with their security teams to determine the biggest threats that can arise from employees working from home and to set priorities to protect the most sensitive information and business-critical applications.
2) Offer Clear Guidance and Encourage Communication
Companies will ensure clear telecommutes, using policy including simple steps that workers must follow to perform safe work at home.
They must also train employees to notify internal security teams as soon as they detect suspicious activity.
3) Provide Adequate Security Capabilities
Companies will ensure that all company-owned devices have essential security measures in place, including existing company network security practices to all remote environments where work will be performed.
These critical capabilities include:
- Make secure user connections to your business-critical cloud and enterprise applications, such as video conferencing applications that are critical for teleworking scenarios.
- Total Security protection on all laptops and mobile devices, including encrypted VPN tools.
- Apply multi-factor authentication.
- Block exploits, malware, and command-and-control traffic using automated real-time threat intelligence.
- Filter malicious domain URLs and DNS sink to thwart common phishing attacks.
Individual Users
Individual users should be empowered to follow the guidance offered by companies and take preventive measures.
4) Keep a Good Password
Employees and individual users should use complex passwords and multi-factor authentication when possible and change these passwords frequently.
5) Update Systems and Software
People must install updates and patches in a timely manner, even on mobile devices and any other non-corporate device they can use to work.
6) Securing the WiFi Access Point
People should change their default settings and passwords to reduce the potential impact on their work of an attack through other connected devices.
7) Use a Virtual Private Network (VPN)
The VPN can help create a reliable connection between employees and their organizations and ensure continued access to corporate tools. Corporate VPNs provide additional protection against phishing and malware attacks, in the same way, that corporate firewalls do in the office.
8) Beware of COVID-19 Scams
As we mentioned earlier, there has been a huge increase in phishing emails, malicious domains, and rogue applications. Threat actors love to exploit real-world tragedies, and COVID-19 is no different.
9) Be Attentive to Messages and Emails Received
To detect COVID-19 email and text message scams, look for generic greetings (such as "Hello Sir / Madam"), confirmation requests for personal information, or emails related to updating your billing information to judge whether an email from a business is legitimate.
If the language of a message seems urgent, like it's trying to pressure you into providing information to avoid some kind of data disaster, it could be false. If you receive a suspicious email from a particular company or even a friend or employer, contact them by phone to verify the message before responding.
10) Don't Mix Staff and Work
Workers must use their work devices to carry out their work and their personal devices for their personal matters. If you wouldn't install or use a service while you're at the office, don't do it while you're at home on your work device.
No comments:
Post a Comment