The online searches for information related to Coronavirus have increased multifold as countries around the world grapple to contain the spread of COVID-19. Fraudsters and cybercriminals are trying to exploit the thirst for information as an opportunity for phishing attacks. Attackers are making use of COVID-19-themed phishing emails to purportedly deliver official information as regards the virus. They are tempting individuals into clicking on malicious links to download Remote Administration Tools or RATs on to their devices.
The malware downloaded into an individual’s PC, laptop, or mobile devices, access their emails, banking login ids and passwords, and credit card information. It even tracks typing strokes and accesses crucial data. When the computer or mobile device becomes affected by malware, users can lose confidential information or money as malware gives attackers admittance to both.
As part of the drive to contain the spread of Coronavirus, most countries have already implemented stringent measures. This has forced many individuals to work from home without applying the kind of network security that is ensured by corporates. Attackers are taking advantage of this situation and sending emails to provide information about the virus, claiming that they are from legitimate organizations such as the World Health Organization (WHO), the United Nations (UN), and the Indian Council of Medical Research (ICMR).
The phishing emails often come with enticing offers of freebies and discounts on products, safety measure lists against the virus, or updated COVID-19 information. Mails are also used for selling spurious medical products such as masks, vaccines, and remedies ranging from cow manure to colloidal silver, or even promoting home-based employment offers. It is, therefore, important that corporates empower their employees working from homes by setting clear expectations in managing the organization’s data security. Even individuals should take the utmost care to protect themselves against phishing attacks.
A Few Examples of Phishing Emails
Towards the end of last month, many people received an e-mail that offered Netflix subscription for free during the lockdown period. They just had to do complete an attached survey and refer the same to 10 Whatsapp users. Individuals who fell for the offer are probably cursing themselves. The phishing email stole the personal data of many people.
Phishing emails that claim to provide information related to Coronavirus take different forms.
CDC alerts – Cybercriminals design phishing emails that look as though they have been sent from one of the Centers for Disease Control in the United States. The email may provide a list of names of Coronavirus affected people in an area. The email will ask the individual to go through the list and confirm for safety purposes.
Health advice emails – Phishers have also sent emails, offering medical advice to help individuals protect themselves against the Coronavirus. Such emails might claim that help is being provided by medical experts in and around Wuhan, China, the epicenter of the COVID-19 outbreak. The email may ask users to click on a link to download the information on Safety Measures.
Workplace policy emails – Cybercriminals have also targeted workplace email accounts of employees. Such an email would say that the company an individual is working for is implementing safety measures due to the outbreak of Coronavirus by implementing a policy related to communicable disease management. The mail would request employees to read and accept the policy. Malicious software would be downloaded if anyone clicks on the provided link.
How To identify Phishing Emails
Here are a few indicative signs of phishing emails that can potentially introduce malware into the user’s system:
- Phishing emails will usually be from recognized national/global health care organizations such as WHO, ICMR, government bodies, or the UN
- Emails may even claim that they are from Human Resources Departments of organizations that individuals are working for as they may display similar domain names, company logos, and identical formats
- Typically, phishing emails come with an attachment or a clickable link and ask account holders to click on the link
- Such emails may claim to purportedly contain medical information, precautions, or warnings
- Phishing emails often contain messages that usually try and attract users into clicking on some link and providing personal information so that they can steal users’ identity and to perform fraud
Some Tips On Avoiding Getting Tricked
Individuals must be aware of requests for providing personal information through emails. A coronavirus-themed email that requests personal information or login details could be a phishing email. Legitimate government organizations will never ask for such information. Individuals should never respond to such emails or provide personal data.
It is important to check both the email address and the link. Users may point the mouse over the URL to find out where it leads them to. Sometimes, it may be obvious that the URL is not legitimate. However, it may not be very clear at times as phishers can create URLs that closely resemble authentic addresses. Users should delete the email.
Another thing that users must do is watch out for grammatical and spelling mistakes. If there are punctuation, spelling, and grammatical errors in an email received by them, it is most likely an indication that it is a phishing email. The must delete it immediately.
Additionally, they must look out for generic greetings. Typically, phishing emails are not likely to address users using their name. If the email uses greetings such as “Dear Sir/Madam”, then it is almost sure that it is not a legitimate email.
Finally, users should avoid emails that insist that they must act immediately. Phishing emails are known for creating a sense of urgency and demanding immediate action. This is because the sender’s goal is to make users click on the link and give them access to their system as well as personal information. Such emails should be deleted immediately.
How Should Businesses Respond To Threats Posed By Phishing Emails
In these critical times, business leaders must set clear expectations as to how their organization should manage security risk. Businesses should empower their employees by leveraging technology and new policies as many people have started working from home. Under the circumstances, the top management of organizations must send messages related to security aspects so that the right examples are set from the beginning. Having said that, here are a few suggestions for business leaders:
- Have a clear understanding as to what the threats mean to the organization. Organizations must take their security teams into confidence and work with them to identify the probable attack vectors because of the current scenario wherein more employees are working from home. Besides, they should prioritize the protection of business-critical applications and sensitive information.
- Further, business leaders should encourage transparency in communication after providing clear guidance. Home-working policies must be very clear and include easy-to-follow procedures so that employees can make their working environment more secure. This means that employees should be instructed to immediately communicate with the company’s internal security teams if they happen to come across any suspicious emails or activities.
- Organizations must ensure the right security capabilities for all corporate-owned or managed devices. This calls for extension of the organization’s network security best practices to the remote environments as well. The five critical capabilities include the following:
- Connect users securely to the business-critical cloud as well as on-premise applications like video teleconferencing applications.
- Endpoint protection on employees’ laptops and other mobile devices, including encryption and VPN tools.
- Enforcing multi-factor authentication.
- Blocking malware, exploits, and command-and-control traffic by way of real-time and automated threat intelligence.
- Refining malicious domain URLs and performing DNS sinkholing for preventing common phishing attacks
How Should Individuals Respond To Threats Posed By Phishing Emails
Individual users must strictly follow the security guidelines provided to them by their organizations to prevent attacks. They should also ensure good password hygiene. This is to say that employees must make use of complex passwords as well as multifactor authentications wherever possible. Also, they should change their passwords as frequently as possible. Further, they must install patches and updates as and when made available to them. This is applicable for mobile and other non-corporate devices that they have to use for work.
Another aspect that individuals have to keep in mind is securing their WiFi access points. Changing the default settings as well as passwords helps to reduce the impact of an attack. The use of a virtual private network ensures a trusted link between individuals and their organizations. Corporate VPNs work the same way as network firewalls in offices and provide additional protection. Moreover, individuals should be wary of Coronavirus scam emails.
Yet another discipline that employees must follow is that they should avoid the use of their devices for work. The services they would not use/install while at the office should not be used or installed when working from home. Finally, it is important to recognize the fact that the threat environment never remains static. This means that corporates and employees must keep a close watch as threats keep evolving.
More Tips On Avoiding Phishing Attacks
The mail sent by an attacker might look innocent, but it might be designed to raise a person’s fears about something. Fraudsters often impersonate either someone users know or a trustworthy platform. Therefore, the best preventive measure is day-to-day diligence. Users must consider aspects such as whether the mail makes an enticing offer, urges them to at fast, or whether they have interacted before with the person or organization sending the mail.
The offers or information contained in some emails might appear too good and attractive to be true. Individuals should exercise a great amount of caution when dealing with such emails. A few common-sense measures that users can employ are:
- Verify and ensure that the sender of the email is who he/she claims to be. The contact name of the sender should also match with the email address it is sent from.
- Never download files send by unfamiliar people and do not open attachments received from any of the external email addresses.
- Users that receive emails from unfamiliar addresses must check with their coworkers as to whether emails from these senders are expected. They can also check one of their friends whether an email appears strange to them. Good and safe practice in this regard is making use of a different medium for verification purposes.
- Some specific scenarios that users must watch out for include the following:
- Fraudsters might use genuine-looking messages to encourage individuals to sign up for a service.
- They might provide the link of a website that resembles a social media network that individuals commonly make use of for work.
- Sometimes, the website links sent by fraudsters might even resemble that of the payments and banking sites used by individuals.
Types of malware
Two types of malware are commonly being used by senders of phishing emails. They are ransomware and Trojans. When ransomware gets downloaded into the user’s system, it steals a company’s critical information and the personal data of people working for the organization. When Trojans get downloaded, they operate like legitimate applications but perform malicious operations in the background. For example, AzorUlt Trojan found in COVID-19-themed mails collects important data such as browser history, session cookies, and passwords from infected systems and sends the data to command and control servers located elsewhere. This type of Trojan stays hidden in the system.
It has also been recently documented that a few phishing campaigns make use of a live and interactive COVID-19 map for distributing several variations of AzorUlt Trojan. The interactive map and dashboard created by fraudsters closely resemble one that was originally developed by Johns Hopkins University. Visually, the email might appear trustworthy and valid even to experienced people.
Although phishing campaigns have made headlines during COVID-19 times, they are not new at all. It is not very difficult to detect them and by exercising some amount of caution organizations and individuals can stay safe. Users have to remain vigilant and report to concerned authority by forwarding the suspicious emails they receive.
Embrace ApacheBooster as the first level of protection against DDOS and as a server performance booster reducing the server load spike considerably. Your work-from-home will be smoother than you dreamed about!