More Phishing Through Corona And How You Can Protect Yourself

  03. September 2020
More Phishing Through Corona And How You Can Protect Yourself

The corona pandemic has given the digital transformation a great boost. Working from the home office and video meeting tools are booming. As many advantages as working from the home office offer, there are new challenges for employees and managers - not least because the changeover entails new risks for IT security.

Hackers take advantage of the new weak points that result from the switch to home office work, new communication channels, and changed processes. Cyber-attacks have increased in almost all industries this year. Phishing attacks pose a particular risk. Even before Corona, phishing emails were involved in 92% of cyber-attacks. It is estimated that the number of attacks has increased by 30-100% since the pandemic began. Our network partner Kutzner Process Optimization is very experienced in IT security and wants you to be aware of this risk. This is why we are sharing the following summary and explanation with you:

What is phishing and what types are there?
Phishing is the fraudulent collection of personal data from other people. The aim of the hackers is to gain access to login information, bank and credit card numbers or social security numbers, for example. It does this through fake emails and websites. The main reason phishing attacks are so successful is because of the use of counterfeiting, tampering, and social engineering methods to deceive potential victims.

The most common (and most efficient) types of phishing include:
1. Spray-and-Prey-Phishing
Spray-and-pray or deceptive phishing is the most primitive form of phishing. A series of emails with the subject “urgent” are sent here and the recipient is asked to change the PayPal password or enter their data in order to receive a lottery win. Usually, these emails contain links to fake login pages. As soon as a victim enters and submits the data, it is stored on a remote server to which the perpetrator has access.

2. Spear-Phishing
This type of phishing is primarily aimed at organizations and businesses. Information from network sites or hacked email entries is collected here. On this basis, emails are sent that appear to be from business partners or the like. They often contain a notice that an important document is attached, prompting the victim to open the document, which installs malware. It can then be used to spy on activities or personal information.

3. CEO-Phishing
A well-known spear phishing scam is CEO phishing. Cybercriminals pretend to be CEO or another executive of the company. The perpetrator exchanges several emails with the potential victim in order to create a basis of trust. After a while, the target person will be asked for the personal information of the employees or asked to transfer money to a specific account. This request is usually accompanied by the note that the sum is required for a new contract and that the transfer is urgent.

4. Dynamite-Phishing
Dynamite phishing has been a huge trend in recent years. Here, the malware creates massive amounts of phishing emails on the infected computer. The malware (e.g. Emotet) accesses the emails stored there and creates very authentic phishing emails in the style of the sender. The emails are then sent to the entire address book and the malware continues to spread explosively.

The key question now is how can you protect yourself against phishing attacks? A guideline would be to follow the below points:

  • use a good antivirus software
  • have good spam filter
  • raise your employees’ awareness
  • do not send any personal information through emails or instant messages
  • Pay attention to the look of websites: does your email, online banking, digital wallet, or web shopping login page look different than before? Check the page for spelling and grammatical errors, look for the prefix "https" in the address bar, and make sure that a lock is shown next to it. This is a sign that your data is safe
  • Do not open e-mails from unknown senders and do not click on the links or attachments contained therein. This could cause spyware to be installed on your device.
If you have doubts or are looking for advice, we invoice you to get in touch with our partners at Kutzner Process Optimization. They will help you to find out if your organization is well protected!

Share this article:

See all news