Increase In Phishing Attacks During COVID19

Are Your Workers Prepared To Deter Rising Phishing Threats?

Stay at home mandates, remote workforces, and heightened pandemic fears changed our live-work realities. They also presented an opportunity for cybercriminals to prey on our anxiety and target work-from-home employees using phishing schemes. The escalation in phishing attacks places the personal identity credentials and business networks at increased risk. That’s largely because hackers have adopted email phishing attacks as the preferred criminal method to trick an unsuspecting public.

According to reports, the FBI fielded more than 20,000 COVID-19 threats and the United Nations saw an increase in phishing email attacks that topped 600 percent since the pandemic began. Hackers commonly impersonate health organizations such as the Centers for Disease Control and Prevention, among others, to lull everyday people into downloading a tainted file or clicking on a malicious link. Once the person has been duped, hackers can siphon off personal and financial data. And if that work-from-home device includes business network access, digital thieves can walk right through the front door.

Federal Agencies Issue Cybersecurity Warnings

The FBI and FCC have been vigilant about alerting consumers and newly-minted remote workers that phishing has emerged as a hacker’s scam of choice. Bulk emails routinely provide some type of emergency or incentive for people to open them or take an action that results in a breach. But during the pandemic escalation, a sophisticated class of digital con artists has improved their messaging and techniques. According to the FBI, these are three alternative methods to phishing employed by online criminals.

• Vishing Scams: This nefarious strategy uses VoIP (Voice over Internet Protocol) calls to deliver a phony message.
• Smishing: This form of phishing uses text messaging to contact people with false offers and reasons to click on links or log in to an account, among other schemes.
• Pharming: This scheme inserts malicious code into a device that directs users to scam websites.

The FCC points out that cybercriminals have added contact tracing schemes, robocalls, and widely make false promises about vaccine breakthroughs to entice click-throughs. The flurry of hacking schemes leaves industry leaders in the dark about what work-from-home staff members are doing. With enterprise-level cybersecurity and deftly managed IT in place, it seems inconceivable that a valued employee could upend the entire organization with a single click.

How Vulnerable Are Organizations To Cyber-Attacks?

In a recent article posted on LinkedIn called “Spike in COVID-related Phishing Attacks: COVID 19 Cybersecurity,” March Haskelson discusses the inherent failings of the healthcare industry to transform frontline workers into part of a hardened defense system. He points out that a healthcare workers survey uncovered frightening data that includes the following.

• 32 percent of those polled said they never received cybersecurity training
• 34 percent were unaware of the organization’s cybersecurity protocols
• 18 percent were not even aware of HIPAA Security Rule requirements

It’s safe to say that healthcare workers onsite and working from home are undertrained and ill-informed about how to identify and deter phishing, vishing, smishing, pharming, and any other emerging threat. This type of oversight extends to other sectors as well. Haskelson points out that such scams often have telltale signs that an educated workforce could easily identify.

How Proactive Business Leaders Can Prevent Phishing Attacks

Agencies such as the FCC publish guidelines regarding phishing-attack prevention. While suggestions such as “Never share your personal or financial information via email, text messages, or over the phone” are helpful, they do not go far enough.

Frontline workers are inundated with legitimate requests for information, impending deadlines, and commonly get overwhelmed. In the midst of someone’s daily organized chaos, recalling an agency post about email scams is not likely to remain at the forefront of someone’s mind. That’s why business leaders must take the initiative to enhance security thinking on an ongoing basis. These are cybersecurity and awareness methods thought leaders are leveraging to empowering workers.

• Misspelled Word: Many email schemes are hatched in other countries where English may not be the primary language. Typos and awkward phrases are clues the email may not be legitimate.
• Personal Data: When electronic messages ask for personal identification information, that typically indicates a scam.
• Web Address: When an email address looks odd, that’s probably because it’s a phony.
• Appeal to Emotion: When an electronic message asks you to take prompt action, that’s usually a scheme.

While these and other indicators are useful, they tend to go by the waist side during a fast-paced workday. That’s why forward-thinking business leaders incorporate ongoing cybersecurity and awareness training into weekly schedules.

By working with a managed IT cybersecurity specialist, workers are educated about deterrence tips and alerted to emerging threats in real-time. Third-party cybersecurity firms may offer videoconferencing options, podcasts, and daily email alerts. The modest cost and time required to avoid having your network taken down by a hacker seem like a reasonable investment. In an age of rising cyber-attacks, proactive leadership remains the best defense.