Due to COVID-19, SPAM, phishing, and website scams are on the rise – is your organization ready?
Google reports that its flagship email service, Gmail has received more than 18 million phishing attacks per day related to COVID-19. SPAM filtering service Nuspire has announced a 100%+ increase in quarantined emails in early 2020. Attackers frequently capitalize on current events and a sense of doom or urgency to add verisimilitude to their attempted breaches. We’ve outlined several examples below:
- Impersonating authoritative organizations such as the Centers for Disease Control and the World Health Organization to solicit fraudulent donations or to distribute malware.
- Impersonating HR or Administrative departments in an attempt to phish employees working from home.
- Impersonating state and local government organizations to solicit personal information or spread misinformation about public health orders.
- Attempts to gather personal information or lure the user into interacting with malicious documents with regards to the government stimulus package.
Additionally, there has been a dramatic increase in the registration of domains related to the ongoing outbreak. Some of these may be legitimate – many, however, are associated with one or more of the examples listed above. We recommend approaching newly registered domains with caution.
User awareness is critical to our digital security – however, there are other steps we can take. LeafTech believes in a holistic approach to security, including a strong SPAM filter, Advanced Threat Protection (ATP), DNS analysis and hardening, robust endpoint protection and response software, hardening of any cloud services, and firewall configuration to block malicious websites.