Interviews Opinion Security News

Awareness on New Coronavirus Phishing and Ransomware Attacks

“Cybercriminals continue to exploit public fear of rising coronavirus cases through malware and phishing emails in the disguise of content coming from the Centers for Disease Control and Prevention (CDC) in the US and World Health Organisation (WHO), says cybersecurity firm Kaspersky.”

 

According to recent findings by Proofpoint, cybercriminals are seizing on coronavirus fears by using online scams to extract internet users’ personal and financial information. These scams – sent through email, texts or social media – claim to provide coronavirus awareness, sell virus prevention products and/or may ask for donations to a charity. They can often appear to be from a legitimate organization or individual, including a business partner or friend.

 

To help individuals and organizations, we have reached out to cybersecurity experts who have shared their views need to be followed vigilantly.

 

Here are a few pieces of advice from Dr. Aditya Mukherjee, Vice President at Synchrony.

Problem –  

  1. There are several Threat actors, who are actively engaged in leveraging the COVID19 situation to lure their victims to traps. This includes Phishing campaigns, Social engineering attacks impersonating WHO, National/Govt. Health Org’s and IT service organizations such as Microsoft, Google, Apple, Etc. 
  2. Threat actors are also, leveraging attachments via email and uploading malicious files and applications to disperse Ransomware.   
Solution – 
  1. Organizations should enforce technical controls in place to restrict web browsing to low confidence/bad reputation sites, download & upload service. 
  2. Organizations should also actively inform employees regarding the new threat campaigns and coach them on the best practices and cyber hygiene. 
  3. Also since the current threat campaigns are focusing on COVID, initiate an Official Channel of communication with employees keeping them aware of the latest developments and clarify questions and queries that they may have. 
Best Practices – 
  1. Ensure employees are adequately conscious when clicking on the email links and attachments. They should ensure that they are not downloading applications or files from the internet. 
  2. Employees should also be wary of Calls, Sms, email received which may ask for personal/professional information, credentials, etc. Always validate the identity of the person on the other side.
Vandana Verma, a cybersecurity expert suggests these best practices:
  1. Don’t share your personal or confidential information with anyone pretending to be from a healthcare department. Always remember sharing your Personally identifiable information (PII) with anyone is not recommended unless you are aware about the authorities and people involved.
  2. Highly recommended to use only work-issued devices for your work. Do not use your personal emails or messaging apps on the same system. Use a VPN to connect with your company’s network.
  3. Don’t click on any forwarded link on your work-issued laptop, and be aware of phishing scams and attacks.Keep a check on the pictures which you are sharing about the team meetings: no confidential or client data is being exposed.

So we urge everyone to be extra vigilant against online scams, including phishing and malware, that are more prevalent in times like these.

Image credit: Pixabay.com

Leave a Comment

Your email address will not be published.

You may also like