Cybersecurity CEO: Don’t Let Coronavirus Fears Distract Your Employees From Phishing Scams

March 19, 2020

Ransomware infections persist as workers head to home offices

– Robert Herjavec

Los Angeles, Calif. – March 19, 2020

The Coronavirus is headline news, and we expect that to be the case for at least another month or two. CISOs beware — your employees should not let their phishing guards down. Now is the time for you and your teams to double-down on your knowledge of the most popular and rampant type of cybercrime.

A few months ago, I noted that 90 percent of cyberattacks are initiated by a phishing scam. And it was just a few weeks ago when my fellow Shark, Barbara Corcoran, suffered a nearly $400,000 loss when one of her employees was phished.

If you’re sending workers to their home offices in light of COVID-19, I encourage you to provide them with these ten tips on how to spot phishing scams. They’re the reminders that everyone in your organization needs — from the mailroom to the boardroom. While they may sound trivial by now, trust me when I say everyone should read them again… and again!

How To Spot A Phishing Scam

1. Phishing emails often have spelling errors and poor grammar in the subject line and body of the message.
2. Phishing emails are known to contain hyperlinks with malicious URLs that lead to fake websites. Hover on hyperlinks to check them out before you click.
3. Phishing emails often contain hyperlinks with URLs that lack security certificates. These URLs begin with http:// and not the secure https://.
4. Phishing emails are known to have generic greetings such as “Dear Online Banking Customer.”
5. Phishing emails will sometimes sound legitimate — i.e. stating that they’ve noticed suspicious activity or login attempts on your account, or that there’s a problem with the payment information on your account and products or services will be withheld from you.
6. Phishing emails almost always want you to click on something, for instance, to update your payment details, or access the latest information on COVID-19.
7. Phishing emails are commonly sent from bogus email addresses containing a company name, for instance, rjohnson[at]mail.google.work masquerading as a Google employee. These types of tricks are getting more and more sophisticated though, oftentimes with just 1 letter or symbol being out of place.
8. Phishing emails are notorious for containing file attachments, which range from fake invoices to documents with hyperlinks, to malware that will inject ransomware infections into machines.
9. Phishing emails are designed to make people panic such as threatening to close an account if the recipient doesn’t act immediately.
10. Phishing emails often come from an employer’s CEO — except they don’t. When a hacker disguises themselves as a CEO, it’s called CEO Fraud. These messages are usually sent to employees with a request to transfer money to an unauthorized account.

Cybercriminals thrive on chaos, whether it’s real or perceived. Your team will experience an uptick in phishing attacks as a result of the global Coronavirus pandemic.

Your employees may be very distracted in their new work surroundings, with kids home from school, a new schedule, new surroundings… In my opinion — it’s really the perfect time to ensure diligence and precaution in the remote work environment.

You may want to start or continue a phishing simulation to keep employees on their toes. Either way — keep in mind that while the health and safety of your teams is paramount, cyber hygiene should never take a back seat.

To Your Success,

Originally posted on cybersecurityceo.com