Everyone is stressed and worried. Many companies are struggling to stay afloat and employees are anxious about whether or not they will have a job in a few weeks or months. Meanwhile, criminals are hard at work. With government tax relief programs, medical supplies in demand, and health alerts in abundance, a new landscape of hunting grounds has been created for phishers.
Cybersecurity agencies and companies are all reporting a steep rise in attacks. For example, Cloudflare has reported at 37% increase in phishing attacks in the UK and Barracuda networks has reported a 600% increase in phishing attempts since February. The web is awash in fraud right now. When people think of phishing they often remember the phishing emails of several years ago – the Nigerian Prince asking for money, poor grammar, impersonal salutations, obvious attempts at spoofing a company brand. But, no more. Phishing has become more sophisticated and much more difficult to spot. The same social engineering is used – preying on people’s fears and baser instincts (the need to act quickly for fear of losing out, the promise of help for an incredible price, fear of government action). Even more nefarious are the spoofed emails, known as business email compromise (BEC), from someone or an organization with which there is an existing, trusted relationship – such as a person in a position of authority, a vendor, or service – to lure you to open a document or pay an invoice. Now more than ever it pays to be vigilant, use caution, and take action.
What you can do:
- Keep your software and systems up to date.
- Use anti-virus software and a protective DNS service.
- Maintain vigilance
- Be wary of unsolicited emails, texts and phone calls. Financial institutions and government agencies do not send email, texts, or make phone calls requesting personal information or asking you to take action. Use the phone numbers and websites you know and trust to communicate.
- Be wary of unexpected attachments and files in email and text, even if they come from someone you trust. Before opening, contact the sender (through your normal means of contact) to ensure they meant to send it to you.
- Be wary of unexpected invoices. Verify through old fashioned means – use voice contact to confirm whether the payment should be made. Often these emails look like they are coming from a CEO or COO – a person with authority. Empower your employees to question anything that looks suspicious so they act to protect the business.
- Be cautious about links on the web and in social media. Known as click-bait – phishers also take advantage of people looking for information. Medical supplies, health organizations spoofing (CDC, WHO, NHS, etc.), COVID-19 information or relief, and small business relief are all subjects of social media and email phishing attacks. Watch this video to see how they do it!
- If you think you have been the victim of an attack, contact your local law enforcement agency to report it. You can also find valuable resources and guidance from the Cybercrime Support Network here.
Finally, visit the GCA Work From Home Community Forum for additional resources and to ask questions of security experts. We are in this together!