Corporate phishing and malware scams from hackers masquerading as companies reaching out about the COVID-19 epidemic have dramatically increased as the virus continues to spread. These hackers are leveraging the widespread uncertainty by sending employees official looking messages from authority figures within their company. These emails may detail company plans to close locations, begin remote work, and even include tips for keeping the employee and their family safe by using credible information from the World Health Organization (WHO) and Center for Disease Control (CDC) among others.
In the legitimate looking email, there will be a request for an immediate action to be taken by the email recipient – either downloading a file or following a link and entering their login credentials.
Downloadable files will typically appear to be a PDF of a critical piece of information like an updated company policy, alert from a health organization, or announcement from an executive. After downloading these files, a variety of malicious software or malware may be installed that can track your keystrokes, access personal and financial information, and even take control over your computer.
Phishing links will appear to be legitimate and often direct you to an official looking password login form from Microsoft, Google, or others. The goal of these types of scams are to obtain your work login credentials so the hackers can access private company documents, emails, customer data, and confidential information. Below is an example of a fraudulent phishing email that could be sent to you:
Like traditional email scams, there are a few distinct ways to determine if the email you were sent is an attempt to steal your login credentials or install malware. Use these tips below to avoid these malicious emails:
Of course, these tips are helpful at a small-scale. On a larger scale, DTonomy’s AI-assisted Security Incident Response Platform with Orchestration and Automation can be your long-term solution. With DTonomy, you can:
DTonomy AIR (Assisted Incident Response) is an Intelligent Security Orchestration, Automation & Response platform that provides intelligent diagnostics & automated response. Built by Security Analysts for Security Analysts, it is the best assistant you can have as it learns from context continuously & makes smart recommendations that matter most.
If you’d like to learn more about DTonomy & how it can help you navigate & protect against ongoing COVID-19 themed cyber attacks, please visit www.dtonomy.com/covid19 or submit this form to request free access to DTonomy tools & services.