Cybersecurity CEO: Don’t Let Coronavirus Fears Distract Your Employees From Phishing Scams
March 19, 2020
Ransomware infections persist as workers head to home offices
Los Angeles, Calif. – March 19, 2020
The Coronavirus is headline news, and we expect that to be the case for at least another month or two. CISOs beware — your employees should not let their phishing guards down. Now is the time for you and your teams to double-down on your knowledge of the most popular and rampant type of cybercrime.
A few months ago, I noted that 90 percent of cyberattacks are initiated by a phishing scam. And it was just a few weeks ago when my fellow Shark, Barbara Corcoran, suffered a nearly $400,000 loss when one of her employees was phished.
If you’re sending workers to their home offices in light of COVID-19, I encourage you to provide them with these ten tips on how to spot phishing scams. They’re the reminders that everyone in your organization needs — from the mailroom to the boardroom. While they may sound trivial by now, trust me when I say everyone should read them again… and again!
How To Spot A Phishing Scam
- Phishing emails often have spelling errors and poor grammar in the subject line and body of the message.
- Phishing emails are known to contain hyperlinks with malicious URLs that lead to fake websites. Hover on hyperlinks to check them out before you click.
- Phishing emails often contain hyperlinks with URLs that lack security certificates. These URLs begin with http:// and not the secure https://.
- Phishing emails are known to have generic greetings such as “Dear Online Banking Customer.”
- Phishing emails will sometimes sound legitimate — i.e. stating that they’ve noticed suspicious activity or login attempts on your account, or that there’s a problem with the payment information on your account and products or services will be withheld from you.
- Phishing emails almost always want you to click on something, for instance, to update your payment details, or access the latest information on COVID-19.
- Phishing emails are commonly sent from bogus email addresses containing a company name, for instance, rjohnson[at]mail.google.work masquerading as a Google employee. These types of tricks are getting more and more sophisticated though, oftentimes with just 1 letter or symbol being out of place.
- Phishing emails are notorious for containing file attachments, which range from fake invoices to documents with hyperlinks, to malware that will inject ransomware infections into machines.
- Phishing emails are designed to make people panic such as threatening to close an account if the recipient doesn’t act immediately.
- Phishing emails often come from an employer’s CEO — except they don’t. When a hacker disguises themselves as a CEO, it’s called CEO Fraud. These messages are usually sent to employees with a request to transfer money to an unauthorized account.
Cybercriminals thrive on chaos, whether it’s real or perceived. Your team will experience an uptick in phishing attacks as a result of the global Coronavirus pandemic.
Your employees may be very distracted in their new work surroundings, with kids home from school, a new schedule, new surroundings… In my opinion — it’s really the perfect time to ensure diligence and precaution in the remote work environment.
You may want to start or continue a phishing simulation to keep employees on their toes. Either way — keep in mind that while the health and safety of your teams is paramount, cyber hygiene should never take a back seat.
To Your Success,
Originally posted on cybersecurityceo.com