Cyber Attacks Amid COVID-19
To further enhance our client’s cyber defenses, we want to highlight a common cyber-attack. Given recent COVID-19 events and the increased number of work at home users, hackers are getting clever by emailing and even calling people impersonating technical support staff offering to assist people with their work at home functions.
This type of attack is known as Phishing.
“Phishing” is the most common type of cyber-attack that affects organizations like ours. These attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, bank account details, or even tricking you into granting a hacker access to you PC.
Although we maintain controls to help protect our networks and computers from cyber threats, everyone should be on the first line of defense.
We’ve outlined a few different types of phishing attacks to watch out for:
Phishing: In this type of attack, hackers impersonate a real company to obtain your login credentials or access to your PC. You may receive an e-mail asking you to verify your account details with a link that takes you to an impostor login screen that delivers your information directly to the attackers. They are even being bold enough to call you impersonating IT support staff and are requesting remote access to your PC.
Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source AKA a fake email account with an owner or coworkers name on it. They may use your name and phone number and refer to other people you work with in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
Whaling: Whaling is a popular ploy aimed at getting you to transfer money or send sensitive information to an attacker via email by impersonating a real company executive. Using a fake domain that appears like yours, they look like normal emails from a high-level official of the company, typically the CEO or CFO, and ask you for sensitive information (including usernames and passwords).
Shared Document Phishing: You may receive an e-mail that appears to come from file-sharing sites like Dropbox or Google Drive alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.
What You Can Do:
To avoid these phishing schemes, please observe the following email best practices:
1. Implemented a code word for use in remote access and support. If someone calls to assist you, they will know that code word.
2. Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
3. Do not provide sensitive personal information (like usernames and passwords) over email.
4. Watch for email senders that use suspicious or misleading domain names. your IT department should not email you from a Gmail account
5. Inspect URLs carefully to make sure they’re legitimate and not impostor sites.
6. Do not try to open any shared document that you’re not expecting to receive.
7. If you can’t tell if an email is legitimate or not, please forward it to tech support and ask for analysis. If it is a bad email, they can block the sender.
8. Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
9. If in doubt, ask your IT department!
Thanks for helping to keep our network, and our people, safe from these cyber threats.
Please let us know if you have any questions or concerns.