Cybersecurity might not be the first thing on your mind as you navigate your business through the current COVID-19 situation, but unfortunately, cybersecurity threats aren’t slowing down.
Cyberattackers have long been taking advantage of uncertain times to craft convincing (and dangerous) phishing emails, and predictably, we’ve started to see an increase in Coronavirus-related phishing attacks targeting small businesses. Here are some tips on how to avoid them.
A Pandemic of Phishing
Since the Novel Coronavirus (and the COVID-19 illness it causes) have been declared a global pandemic, there’s a lot of information being pushed online, on social media, and to your email inbox. We’re all on the lookout for the latest updates and resources, so it can be tempting to click through when you see something that might help you learn more about the situation at hand.
The important thing to keep in mind is that a “successful” phishing attack often feeds on urgency—encouraging the recipient to click first and think later. What could be more urgent than a global emergency event?
What do Coronavirus Phishing Attacks Look Like?
Learning the key ways to recognize and avoid phishing attacks is an important part of a strong cybersecurity posture. As with most phishing attacks, coronavirus-targeted phishing emails typically encourage you to complete an action, such as:
- Click a link to a news story, safety resource, or infection map
- Open an attachment, such as an official communication or update
- Make a payment, including a charitable donation
Phishing attacks focused around hot-button current events are often particularly dangerous as they hide among a slew of legitimate emails. The malicious emails may use email domains that at a quick glance, appear to be from reputable sources. Like other phishing emails, these attacks can spread ransomware and other malware, steal sensitive information, or ask you to make a payment to a fake source.
Avoiding Coronavirus Phishing Emails
Emergency and pandemic phishing attacks can be identified and avoided using the same steps as most other phishing emails, but there are a few specific recommendations for the current state of affairs:
- Slow down when reading and reacting to emails, and if you’d like to view a story or resource, find it directly on the sender’s website rather than clicking a link in an email
- Be on the lookout for threat alerts with information and examples of trending phishing attacks
- Send your team a COVID-19 phishing simulation to help them learn what to avoid—it’s important to test for real and relevant threats, especially in times of crisis
- Visit reputable websites, such as the WHO and the CDC, for up-to-date information on the COVID-19 pandemic
In uncertain times, it’s as important as ever to prioritize cybersecurity. Cyberattackers prey on fear, anxiety, and urgency, but a little prevention goes a long way towards protecting your business.
Stay safe and healthy out there!