About How Cyber Attackers are Targeting Businesses During COVID-19
How Cyber Attackers are Targeting Businesses During COVID-19
How Small Businesses are at Risk
Cyber attackers have been taking advantage of the vast amount of information and changing guidelines around Covid-19 to target small businesses. By using phishing emails they have been effective in exploiting apprehension during this uncertain time. Our partner, cybersecurity firm KnowBe4 revealed that phishing email attacks related to Covid-19 increased by 600% in the first quarter of 2020.
A phishing email is a type of online fraudulent activity with the goal to steal sensitive information from the recipient such as user names, passwords or credit card information. They seek to gain trust through carefully crafted wording and design, misleading users into thinking these emails are legitimate.
Datto Security confirmed that 20% of cyber security attacks against small/medium businesses are successful in gaining and exploiting sensitive information. Attackers target small business as they predict they have inferior cybersecurity measures and that employees do not have same level security awareness training as larger corporations.
Covid-19 Themed Phishing Emails
New restrictions affecting your business.
Phishing emails have been reported that contain ‘new’ restrictions which require action from you to be compliant with new government regulations.
Internal update on workplace policies.
Emails that look like they are from your workplace with a link to read and agree to new policies can deceive employees into following a malicious link.
Applications for financial relief.
With numerous businesses struggling during these times, attackers have been exploiting this vulnerability by tempting targets with what looks like a legitimate message about financial relief.
Track & trace alerts.
With the increased use of track and trace processes, attackers will use this as an opportunity to fabricate a phishing email informing you that you’ve been in touch with someone who has tested positive.
Simple Checks for Protection Against Phishing Emails
Avoid emails that insist you act now.
Phishing emails often try to create a sense of urgency or demand immediate action to exploit your concerns, especially over Covid-19. Before you know it you have opened the link and opened yourself up to an attack.
Communication asking for personal information.
Check with the company asking for the information by getting their contact details from somewhere other than the email you received. Do not respond to the email with your personal data.
Inspect the email address or link.
You can check a link by hovering your mouse button over the URL to see where it leads.
Watch for spelling and grammatical mistakes.
If an email includes spelling, punctuation, and grammar errors, this could be a sign of a phishing email.
Look for generic greetings.
Phishing emails are unlikely to use your name so generic greetings could be a sign of malicious email.
C3 Can Help
Our security awareness training equips you on how to spot phishing emails and other potential threats. We also conduct monthly phishing experiments to put your employees to the test.
We work with industry leading cybersecurity partners to offer our clients the best protection from potential attacks.