Cyber attacks and phishing scams are nothing new — organizations all across the globe collectively invest billions of dollars into cyber security solutions to protect their systems, employees and customers against social engineering and phishing attacks. As hackers become increasingly more clever and find new ways to target their victims, cyber security solutions must adapt in tandem.
Most recently, hackers are using COVID-19 to find new phishing victims, taking advantage of the new landscape in which many companies operate remotely. As such, companies must ensure that their systems are protected and that their employees are prepared in response to this rise of phishing attacks.
What is a phishing attack?
Before we dive into phishing, it’s helpful to understand the difference between a phishing attack (or a phishing scam) and a social engineering attack.
A social engineering attack is used to define a broad spectrum of hacking activities that are accomplished through real (actual or perceived) human interaction. There are varying types that all use manipulation in order to pry information from customers or end users. This kind of digital trickery is all too commonplace, leading to a wave of identity and other types of data theft. A phone call from someone claiming to be from your bank of choice, requesting updated social security information or account details, is a common example of a social engineering attack. The hacker’s aim is to gather background information on a company or person’s weaknesses before moving forward. Once trust is gained, it’s only a matter of time before a hacker attempts to reveal more sensitive or resource-critical information.
A phishing attack is the most common type of social engineering attack. Mostly used to fraudulently collect private data, this type of attack directs you to click on a link (usually within a message) that will unleash malicious software and viruses onto the computer in use. In many cases, the software is so sophisticated that it can steal user credentials and other key information in mere seconds.
Recent COVID-19 phishing attacks
Hackers will always exploit a crisis, and sadly the global COVID-19 pandemic is no different. Since January, hackers have leveraged the pandemic to undertake a slew of cyberattacks, everything from ransomware take-overs of hospital systems to private network hacking. Recent phishing attacks are targeting users logged into video conferencing platforms to steal personal information and even harm lives. In the current landscape of remote work, organizations who rely on these platforms to conduct their daily business are especially vulnerable to these attacks.
Since the start of the COVID-19 outbreak, the majority of phishing attacks involve hackers impersonating health organizations and delivering fake coronavirus-related news, which pry on the fear many have regarding the virus. Hackers have registered domains posing as Zoom, Microsoft Teams, and Google Meet-related URLs, according to a new report from Check Point Research. Between mid-April and mid-May, they found that nearly 20,000 new coronavirus-related domains were registered, with 17% of those as malicious or suspicious. Hackers encourage users to click what look like official coronavirus sources, potentially tricking them into downloading malware or accidentally giving access to personal information.
As remote workplaces are decentralized by virtue of how they are set up and function, many of these phishing attacks have unfortunately been successful. While hackers are becoming more clever in the way that they target their victims, there are a number of things that your remote organization can do to stay protected.
How to Protect Yourself From Phishing Attacks
Our IT security consultants are experts when it comes to protection, and will build a completely customized plan of defense that includes all of the most powerful anti-phishing technology and apps, as well as other anti-phishing tools. In terms of more general tips for employees and department heads, here are some of the most important things to do to avoid social engineering attacks:
- Increase employee security awareness by providing training on the common forms of cyber attack and how to detect them.
- Never open emails or instant messages from untrusted sources.
- Watch out for questions or offers with a questionable pretext.
- Don’t entertain special and “too-good-to-be-true” offers from strangers.
- Require mandatory security software and antivirus protection.
- Perform regular security checks on company computers, network systems, and other tech.
We're in the business of helping organizations of all sizes to reach their goals with innovative technology solutions that are tailor-made for each specific need. Today, more than ever before,, we know that security is a top priority. Our highly-trained, experienced, and dedicated team of IT experts is on-call and ready to take on any technical challenge, strategic roadmap, or IT security questions that you might have.
Contact our team to learn more about our cybersecurity solutions and how we can help you get started today!