Is remote working a festival of Phishing?

The world has now been four months into the coronavirus pandemic and all sectors have been hit critically with the spread of this disease. Due to the lockdown in effect, nearly 10 million people are working remotely from home in the U.S. alone. With such a staggering amount of remote connections, the IT administrator is facing a huge burden keeping every connection secure, which is often cost prohibitive.

Unfortunately, not every organization can afford to pay their employees due to the slowed business during lockdown. And those that can function digitally are also facing the challenge of a limited budget. It’s difficult to incur the extra cost with remote connections. To help such organizations and prevent them from laying off their employees, governments have eased VPN norms for a few months, even after the end of lockdown, so that organizations can provide their employees with work from home capability. This included exemptions in requirement of security deposits and agreement for WFH facility for OSPs.


The aim of Phishing attacks may range from obtaining financial gains to non governmental agendas. Currently the major sector that is being targeted is the business sector, which is already slumping due to market conditions. In many countries, due to the lock down and self-quarantine rules, employees are working remotely and are away from the organization’s security structure. These endpoints are vulnerable to Phishing emails, which were common and recurrent since long before coronavirus hit us, but the current situation is different.

There are generally many security measures against spam that an organization would normally incorporate into its security structure, but during this crisis many organization and government bodies have turned their attention towards fighting the spread of the disease. Hence, the manpower and resources committed to cybersecurity are stretched thin. Like any other business process, cybersecurity is also dependent on many other branched sources and processes to form a network of security operations; thus, the closure of even one of its verticals will decrease the entire network’s efficiency. Considering for the remote operations of employees during the lockdown: In European countries where the shutdown is very intense, and majority of IT employees work from home, the only way to carry out work is either the availability of a work program in cloud or to connect to the office network through VPN (Virtual Private Network).

What are the current Phishing threats?

The relaxed norms might imply that the liability of companies towards the protection of consumer data would lessen. This is alarming, as not every organization is capable of dealing with VPN related security issues since they never used or needed it before. This has given hackers an opportunity to target these organizations with weak security posture.

What is Virtual Private Network (VPN)

Virtual Private Network, as its name suggests, are virtually created channels that connect users to private networks. It is more like extending the private network across the public network to connect to the endpoint, such that even the ISP provider does not have any control or knowledge of its traffic. It allows employees and branch offices to directly connect to the network of the main office. VPN does not make network connections completely anonymous though. Information about the users at the home end of the VPN is plainly visible, but the data being communicated in between is private.

VPN provides robust security features using tunneling protocols or cryptography where authentication protocol of valid users is required to be satisfied for secure connection. Different VPN vendors provide different combinations of tunneling protocols such as PPTP (Point to Point Tunnelling Protocol), L2TP (Layer Two Tunnelling Protocol), IPSec (Internet Protocol Security), etc. and encryption (symmetric and asymmetric) such as AES, RSA, Blowfish, Diffie-Hellman, etc.


How common are Phishing attacks?

The year 2019 saw a sharp increase in these attacks, and reports state that 94% of malwares were delivered via email. Multiple Phishing cases and a spike in hacker activity has been noted in comparison with that of the novel coronavirus spread. Many national and international cybersecurity institutions have noted a reported spike throughout the globe. ‘Skynew’ reported the targeting of healthcare workers by cybercriminals via email scams, luring them to register for a fake survey about coronavirus, aimed at obtaining their personal information. Similarly, ‘Check Point’ reported in its research that a Mongolian public sector was targeted with Phishing emails trying to appear as coronavirus briefings published by the Mongolian Health Ministry.

Phishing emails are generally followed with ransomware attacks. For example, in Illinois, its public health agency reported a ransomware attack by a relatively new ransomware called the ‘NetWalker’ resulting in its main website being disabled. These attacks imply that the threat actors tend to exploit such situations to satisfy their financial gains or other malicious causes. The current COVID pandemic is being utilized by these attackers to cash into the fear and curiosity of people to spread false and misleading information. But regardless of security measures in place, even a well secured network could still be hacked if the user is not aware of cybersecurity threats and their prevention.

Looking at the examples above, the Phishing attacks prompted users to log into a malicious OneDrive hence siphoning the person’s username and password to access the system. Once into the credentials, both cloud and VPN could be obtained easily by dropping sniffers and decryption tools into the user’s network end. Where the sniffers try to search for logs or files, the credentials might have been stored, and decryption tools try to work on the weak symmetric ciphers. Users truly are the first line of defense to combat Phishing attacks such as these.


Phishing attacks can be mitigated by the company and its employees through anti Phishing education and awareness provided by many reputable organizations such as Ohphish. Only knowing about Phishing may not be sufficient. Even if a person knows that email Phishing is done via the distribution of malicious/spam emails, one cannot possibly differentiate between a benign and malicious email through theoretical knowledge alone. Thus, practical experience of Phishing attacks and how to tackle them will be helpful for an individual when dealing with such issues. OhPhish solutions provide virtual simulations for Phishing attacks by sending employees Phishing emails and monitoring their response to it, based on their results-tailored education and mitigation knowledge provided on an individualED basis. Training the employees on different types of Phishing modes include:

  • Spear Phishing: Customized emails/campaigns are tailor-made to match the work discipline of the target industry. In some cases, the threat actors conduct reconnaissance to obtain and uncover as much information as possible to make the Phishing template more believable. This includes using names and emails of clients of the company to trick the user into believing the validity of its origin. The solution for such attacks forms the core of anti-Phishing training vendors, where they teach upon differentiation and quarantine of such emails.
  • Vishing & Smishing: Voice Phishing and SMS Phishing respectively, conducted through phone call or message by the threat actor pretending to be your IT service/security admin. The prevention of which involves training simulations with employees to increase their sense of risk awareness.

The immediate precautions against such threats involve securing the cloud and VPN access at both remote systems and the central network, along with immediate compilation of security policies and guidelines that help in educating the remote workers on handling and mitigating such attacks. Whereas the long-term policy dictating security responsibilities in such situations in future could only be achieved through assisted education and awareness programs.


Q. What is smishing and vishing?

A. In these forms of Phishing scams, email communication is replaced with telephone calls. Smishing uses text messages to target individuals, while vishing relies on telephonic conversations.

Read more at: https://blog.eccouncil.org/5-Phishing-scams-that-keep-cybersecurity-professionals-up-at-night/

Q. What is an anti-Phishing strategy?

A. The anti-Phishing strategy should focus on an aggressive approach towards mitigating Phishing attacks so that the potential gains of an attacker are reduced to a significant level.

Read more at: https://blog.eccouncil.org/how-strong-is-your-anti-Phishing-strategy/

Q. What is the risk of Phishing?

A. Successful Phishing involves the scammer gaining unauthorized access to an organization’s private information, which they then use for personal gain.

Read more at: https://blog.eccouncil.org/the-risks-of-Phishing-to-organizations/