|
Top 5 Email threats exploiting coronavirus fears The COVID-19 pandemic is a huge opportunity for cyber criminals. And they’re taking full advantage of it: spear-phishing attacks using the coronavirus as a hook have been growing since early 2020. Barracuda Cloud-to-Cloud Backup seamlessly protects all Microsoft Teams and Office 365 data. Every email, OneDrive file and SharePoint document is backed up with no storage limits. You can easily recover data lost due to malware, ransomware, or deletion — whether accidental or malicious. As your employees go remote, critical data is now being created on laptops and mobile devices outside your office. Applications like Office 365 help your workers collaborate, but you need to protect that work.
With workers using unfamiliar tools and processes, and subject to new distractions and anxieties, the chance of falling victim to a phishing scam has increased significantly. Understanding the top types of threats being used to exploit fear and anxiety is the first step to taking effective steps to harden your email security and protect your users, your data, and your organization. |
|
1 Malware A number of common malware types are being distributed through coronavirus-related phishing. The first malware reported utilizing coronavirus was Emotet, a popular banking Trojan. LokiBot is another modular malware, which often aims to steal login credentials and data and has been distributed in at least two different coronavirus-related phishing campaigns. 2 Scamming Fifty-four percent of COVID-19-related spear phishing attacks were scams. Most of them appear to be offering coronavirus cures and face masks for sale, requesting donations to fake charities, or asking for investments in fake companies that claim to be developing vaccines. 3 Brand Impersonation Attacks impersonating well-known brands and services make up around 34 percent of COVID-19 spear- phishing attacks. Notably there are a number of attacks impersonating the World Health Organization. These phishing emails appear to come from WHO with information on COVID-19. They often use domain spoofing tactics to trick users into thinking these messages are legitimate. These email impersonation attacks include a link in the body of the email. Users who click on that link are taken to a newly registered phishing website. |
4
Blackmail
Some attackers use raw emotional leverage to get readers to respond out of fear or embarrassment. With heightened anxiety and fear around COVID-19, it’s not surprising that some are using that emotion in blackmail or extortion attempts. For example, some attacks have threatened to infect victims and their families with coronavirus unless a ransom was paid—and they make credible claims to knowing who you are, where you live, etc.
5
Business Email Compromise (BEC)
BEC attacks usually impersonate a person of authority within an organization in order to access funds or valuable information. So far, COVID-19-related BEC attacks make up around one percent of spear-phishing attacks, but their number is growing fast—encouraged by the large number of employees working remotely. These attacks tend to ask urgently for fast payments related to COVID-19, or fraudulently advise of changes to payment methods in order to steal funds.
Three effective ways to help protect your organization:
Use anti-phishing software to prevent malicious emails and payloads reaching your users’ inboxes. Evaluate spear-phishing risk with the Email Threat Scanner tool and uncover hidden threats lurking in your mailboxes.
Continuetoeducateandtrainyourremoteworkerstohelpthemkeepsecurityawarenessfrontand center. Enable them to look out for COVID-19 phishing emails from organizations that you do not regularly communicate with.
Leverage advanced incident-response tools to automate incident response and quickly remediate advanced attacks.