How hackers are taking advantage of COVID-19 with phishing attacks
There's no arguing that the current coronavirus pandemic has drastically changed the world we once knew. With so many new norms, we have witnessed how the internet is helping people and businesses sustain and manage their survival throughout the pandemic.
Think back to the early 2000's... the haunting sound of dial up internet followed by painfully slow page loading. It's only in the past decade that technology has risen to the challenge and made it possible for people to continue their job or education using the internet. However, for cybercriminals, this new era presents a more sinister opportunity which manifests itself in the form of cyber attacks which are designed to target and defraud countless using malicious techniques such as phishing.
We have seen hackers using the internet to misguide people and damage organisations financially long before the pandemic, however, statistics have proven that the number of attacks has risen significantly during the pandemic. Spear-phishing and phishing makes up the majority of the attacks, but the reports suggest that there has also been an increase in all kinds of cyberattacks since March 2020.
One of the main reasons for aforementioned increase of phishing attacks is the usage of video conferencing tools. People have shifted their meetings, classes, and workshops to video conferencing tools, and thus we have seen a considerable number of people registering their accounts on these platforms. A recent report has found 1700 zoom related domains registered in the last three weeks. At least 4% of them are suspicious and possibly malicious. This is because people have been working remotely and telecommuting through these platforms, including skype, zoom, google meet, and similar other platforms.
In recent times, the most common delivery method of phishing attacks is in the form of fake zoom invites using privately registered domains resembling similar spellings to legitimate brands. The aim of sending out these fraudulent invites is to trick a user into opening a malware designed to compromise sensitive data stored on the users operating system in an attempt to financially defraud and steal from the victim.
Here is a template we offer which can be used to simulate a phishing attack amongst users within your business. This harmless "fire drill" simulation is designed to empower and equip your staff on how to combat attacks by familiarising them with the very latest tools and techniques used by real cyber criminals.
If you're interested in training the employees inside your organisation on how to detect these sorts of emails, sign up for our free trial.