How low will they go? Hackers and cybercriminals prey on human vulnerabilities to spread malware and steal essential data. So we shouldn’t be surprised to learn that they are using the coronavirus outbreak to attack businesses and individuals. When the outbreak first made global headlines in January 2020, after starting in Wuhan, China, hackers were caught trying to spread malware through emails that contained links about safety and security matters regarding the virus. Now phishing emails have been discovered that attempt to steal email credentials and other critical information by posing as contacts from the Centers for Disease Control (CDC) and the World Health Organization (WHO) regarding the coronavirus outbreak. It seems as though there is no end to the depths that these cybercriminals will go to achieve their goals.
How Does This Phishing Scam Work?
Currently, the emails that have been identified by Kaspersky and Sophos are coming from an email address that is cdc-gov.org instead of the legitimate cdc.gov email address used by the Centers for Disease Control. That makes it easy to spot out some of the fakes, but as we know, cybercriminals evolve their approach and find new ways to scam users. Industry experts state that this particular phishing attack includes a claim that the CDC has “established a management system to coordinate a domestic and international public health response,” and it urges the individual who receives the email to open a page that will have details about new cases of infection in their local area.
When the link is clicked, the page that is seen looks very much like a Microsoft Outlook software prompt that asks for login information to proceed. However, instead of taking the individual to a page with information about the deadly virus outbreak, it takes the login information and passes it directly to hackers who will use it immediately to access the person’s email account. This can be dangerous for individuals, but even more complicated and severe for businesses. Other related scams involve a donation request purportedly from the CDC that needs financial support to “help find a cure for the coronavirus” and stop the outbreak. However, the CDC does not take donations, and, if it did, it would be highly unlikely that they would demand contributions in the form of Bitcoin, as these emails claim.
Spelling Mistakes and Other Indications
Similar to other types of phishing attacks, these coronavirus phishing emails are full of spelling mistakes, inaccuracies about the entity they claim to represent, and prey on human concerns about an urgent situation. All three are clear markers of a phishing attack, something that you and your employees need to be aware of to protect essential company data and finances. Boston security solutions can only go so far if your staff is not made aware of these vulnerabilities and learns how to identify them quickly and refrain from clicking or further spreading them to other team members. Most of these scams are extremely simple and are not sophisticated at all. Education is key to thwarting most types of phishing attacks.
Cybercriminals tend to use situations, issues, and popular concerns to their advantage. Significant events, such as the Oscars, the death of Kobe Bryant, and the recent attempt to impeach President Trump, have all been used in phishing attacks. Tragedies, such as school shootings, viral outbreaks, plane crashes, acts of terrorism, and other situations, have all been the target of these criminals as well. A solid back-up and recovery program, employee education, and comprehensive Greater Boston security solutions can go a long way toward protecting your business prevent an attack and recovery after an attack has occurred. Synivate specializes in creating custom solutions for our clients based on their unique needs and industry requirements. We can help you prepare and protect your business from cybercriminals and other situations that can result in data loss or dangerous amounts of downtime.
How to Reduce Vulnerabilities
The best way to overcome this serious threat to business is to prepare and plan for attack. Synivate can work with you and your team to establish a comprehensive approach to back-up and recovery to ensure that your business can get back up and running after an attack or any other type of situation. Cybercriminals are not the only threat to today’s tech-based businesses. Fires, floods, hurricanes, tornadoes, storms, and power outages can result in lost data and other challenges that can make it difficult for an unprepared business ever to recover. From phishing to ransomware, a natural disaster to power grid failure, and everything in between, Synivate and our team of highly trained and experienced Boston managed service providers and technicians can help you be ready to overcome.
Even if you are already using anti-virus and anti-malware security software applications, it is not enough. You need to make sure that you have Boston security solutions that are appropriate for the type of business that you run, including a wide array of options for detecting and blocking viruses, malware, ransomware, and other frequent attacks. Employee education is also essential to prevent clicks on suspicious emails or visits to infected websites that could bring down your entire operation with a single attack. It is critical for all businesses to take the steps necessary to protect their essential data and records. The best way to achieve this goal is by working with a team of experienced network security experts who can provide a comprehensive evaluation of your current situation and provide you with the tools, training, and support necessary to protect it all. Contact Synivate by calling 617-517-0704 to get a FREE evaluation or speak with one of our team members about your needs for Boston security solutions.