The Covid-19 pandemic has been on the news non-stop for nearly two years now, and cybercriminals have been using the vulnerability Covid has created in society to their advantage. In March 2020, the number of phishing attacks related to Covid-19 increased to 667%, and when the vaccination program kicked off, vaccination-related email threats increased too. Even with the latest Covid variant, we’ve not only seen another increase in Covid cases, but Covid-related phishing attacks too.
The shortage of Covid tests over the last few weeks has caused an increase of Covid test-related phishing scams. From October to January, these scams have increased by a staggering 512%.
Covid test-related email scams
As we’ve seen a shortage of Covid tests caused by the new Covid variant, cyber-criminals have used this opportunity to target end-users with phishing attacks.
They’re trying to trick people into clicking malicious links or downloading malicious files using different techniques. Here are a few examples of the most common email scam tactics:
- Scammers sending emails to recipients offering Covid tests, masks, or plastic gloves. Some of these are fake products and not authorised to be sold on the market.
- Victims receiving email notifications with warnings for unpaid Covid tests. Cyber criminals will add fake PayPal accounts in the emails, asking them to make a transaction.
- Scammers will impersonate test providers, covid testing labs, or different individuals sharing fake Covid-19 test results.
At the beginning of January, the U.S. Department of Health and Human Services Office of Inspector General released a fraud alert, warning the public of email scams related to the Covid-19 pandemic and, in particular, Covid tests. They made people aware that cyber-criminals are trying to sell fake home tests via phishing scams to get people’s personal or medical information.
These types of email scams target both individuals and businesses. With businesses returning to the offices, many have sent updated policies or requests on vaccination statuses to their employees. Hackers will seize this opportunity and hijack these email exchanges to get to valuable business data. In one incidence, cyber-criminals pretending to be a business’ HR team sent a file hosted on a fake website to employees, trying to trick them into revealing their account details. They tried to make it seem as authentic as possible by forging the Microsoft 365 logo and stating that the file is virus- and spam-free.
How to protect your business against Covid-19-related phishing scams
The first step to protecting yourself is keeping an eye out for any emails mentioning Covid-19 testing. That might be emails asking you to buy tests, asking you to insert personal information on websites offering available tests, or even emails with information on test results. Most importantly, don’t click on any links or download attachments or files in emails that seem suspicious or that you didn’t expect to end up in your inbox. However, there are some additional precautions you can take to protect your business data from phishing scams:
As the techniques of phishers are getting more sophisticated, businesses need to constantly adapt their security measures. Hackers even find ways to loop through gateways or spam filters. That’s why it’s important to invest in cybersecurity solutions that detect phishing attacks. They should also protect from brand impersonation, business email compromise and email accounts takeover. It’s not enough to use solutions that scan your emails for malicious links or files; deploying AI that analyses conversations and communication between your employees can help detect signs that could indicate a phishing scam.
Use account-takeover protection
When it comes to protecting your business from phishing scams, it’s important to be wary of both external and internal threats. If one of your internal accounts gets compromised and used to launch a phishing attack, this could have very damaging consequences for your business. Again, AI solutions detect compromised accounts, alert end-users and remove malicious emails originating from the compromised account.
Train your employees
A very effective method to protect your business from Covid-19 related scams is to make your employees aware of them and train them on how to spot potential scams. Update them on the latest scams and how to report them accordingly. With phishing simulation, you can test your employees and discover if they could actually identify these kinds of attacks; if your cybersecurity training is strong enough, or which end-users might need some more training.
Review existing policies
Best practise would be to review and update your company security policies on a regular basis to ensure that critical data is handled properly by your employees. Set up comprehensive security guidelines and processes that need to be followed when making bank transfers or any financial changes. Have your employees confirm any transaction requests coming through emails via telephone call, or via approval from several key people.
Since the pandemic is still going and its state remains unpredictable, hackers will continue to take advantage of it to trick the most vulnerable businesses into exposing confidential data. With the attacks getting more sophisticated, you need to ensure you invest in the right cybersecurity solutions to protect your data.
Want to know how to make your business cyber secure? Speak to one of our cybersecurity experts today and find out which solutions best fit your business.
Get in touch