How to Avoid Phishing Attacks - COVID-19
With the spread of novel Covid-19 across the globe, there’s been a growing spike in digital scams including Phishing and malware activity. Threat actors are ramping up their efforts and leveraging public fear and interest in the disease for financial gain.
How are online scammers taking advantage of Covid-19?
There are currently over 40,000 domain names using the word Covid-19, many of which are fake websites disguised as dedicated healthcare reporting sites, according to domain security research groups. Many threat actors claiming to be associated with the World Health Organization (WHO) and other reputable medical and Health care agencies are providing communications and news stories that appear valid, but include malicious links and downloadable apps that install malware. People’s panic and curiosity to know more enables attackers to use their malicious motives under the cover of catchy news bytes.
The Federal Trade Commission has reported the loss of $13.4 million due to Covid-19 related scams so far in 2020. Everyday Google blocks about 18 million Covid-19 related spam emails. Scam calls (also known as Vishing) are getting more convincing with the help of artificial intelligence. Reports state that nearly $19.7 billion was lost to Vishing attacks in the year 2019, and experts believe this number will only increase during the pandemic.
What Covid-19 scams are being reported?
The attacks that hackers are using related to Covid-19 take advantage of a wide range of psychologies during the pandemic and lockdown:
The attempt to prey on the altruistic nature of people is causing real damage. Incidences like the Phishing email reported by ‘The Sydney Morning Herald’ requesting bitcoin donations from hackers disguised as CDC volunteers, is one key example.
In the wake of such attacks, the World Health Organization (WHO) has released a notice regarding phishing and other online scams:
What is Phishing?
Phishing attacks are the foundation for a majority of advanced and potent malware attacks. Though follow up attacks form the important part of any cyberattack, their ability to cause damage to a system depends upon the success of the Phishing scam. Every day Google blocks more than 100 million Phishing emails (related to Coronavirus and other topics) as hackers try to steal money and personal information.
How is Phishing typically done?
How to mitigate Phishing attacks?
The prevention of Phishing for a non-technical person is improved with anti Phishing education and awareness provided by many reputable organizations such as OhPhish, which provides education and training for an organization’s employees against Phishing attacks. Only understanding Phishing theoretically is not sufficient because, even if a person knows Phishing is done via malicious/spam emails, one cannot possibly differentiate between a benign and malicious email. Thus, practical experience of Phishing attacks and how to tackle them is very helpful. OhPhish solutions provide virtual simulations for Phishing attacks by sending employees Phishing emails and monitoring their response to it, based on their result-tailored education and mitigation knowledge.
As the user her/himself is the first line of defense against any cyberattack, the knowhow to tackle Phishing attacks is highly important. Anti-Phishing education organizations could not only help to educate the employees of any organization, on ways to recognize and tackle Phishing emails, but offer the advice and training of security experts along the way. The training the of IT people regarding different types of Phishing modes can be done as:
How to avoid Phishing attacks?
Q. What is spear Phishing?
A. Spear Phishing emails are a targeted approach, where the attacker targets either a single recipient or a bulk of recipients based on the same characteristics.
Q. How to avoid Phishing scams?
A. There exists many tools and applications that could help in avoiding Phishing. Also, being skeptical of requests for personal information, whether you receive them via email, messenger, text or phone call, is a must.
Q. What is smishing and Vishing?
A. In these forms of Phishing scams, email communication is replaced with telephone calls. Smishing uses text messages to target individuals, while Vishing relies on telephonic conversations.