It’s common for phishing email and malware creators to capitalize on a current issue. After all, their job is to pique the interest of an end user enough to get them to open the email.
During times like this it’s critical you ensure your customers and their end users are aware of the types of scams going on. Make sure you have a communication plan to supply valid information to prevent your users from seeking other sources. Here’s some spam and phishing techniques for several end goals:
1. Trick a user into clicking on a malware-laden attachment to infect the system. This allows an attacker to gain a foothold in a network to perform more reconnaissance and follow-on actions within the environment.
2. Convince a user to go to a website that will execute scripts to install malware for the same reasons as above.
3. Masquerade as a charity and convince the user to donate funds or give their credit card number.
4. Impersonate the company the user works for and trick them into giving up their credentials (such as creating a look-alike Office 365 login page to give access to a document).
5. Craft the email to look like an invoice from a vendor or a message from an internal higher-up, convincing someone in accounting to pay the fraudulent invoice.
Wall Street Journal
According to an article by the Wall Street Journal, these scams started in January in heavily affected areas, and are likely to pick up as the threat of infection reaches more locales.
Here are a few methods to look out for, as discussed in the article:
- Emails from state and local authorities with purported guidance on the situation in your region with attachments or links to other documents
- Communication from HR, internal officials, or even you (as the service provider to the company) that ask users to log in to view a document or has suspicious attachments
- Fake news notifications about someone infected in your area
- Emails regarding outstanding invoices from a vendor of medical supplies
Especially now, as companies begin to institute work-from-home policies, employees who are not used to being in a home environment might be more tempted to click on an email or engage in risky behavior, because they are in a different setting.
There are a few things you can do to help ensure your users practice safer email and online habits during these times:
Seek Information From Legitimate Outlets
Recommend a few “vetted” sites or resources that can supply them with legitimate information, and supply links to them in your communications as well. Most of these also offer guidance for staying safe in public as well as online. For coronavirus, a few of these are:
- The World Health Organization
- U.S. Centers for Disease Control and Prevention
- CNN, Fox News, MSNBC, and other major new outlets have a dedicated section on the coronavirus
- A local news website
Regardless of what you supply, make sure you give this advice to your users:
- Only visit recommended sites or view the official communication emails.
- Do not click on links in other emails or open attachments from emails that reference the coronavirus outbreak, unless you can verify the sender.
- Carefully inspect the “From,” “Reply To,” and signatures or text for misspellings and errors. Hint: if you click “Reply” to an email, you can see the actual “Reply To” email address at that point.
- Hover over links in emails to view the address the link will take you to. Shortened links and jumbled URLs are a risk as they can hide the actual website you’re taken to.
- Never supply credentials to a site you accessed from an email, unless you are 100 percent sure the site is legitimate.
- Supply IT with any emails you receive that may be suspicious.
Ensure Security Across the Environment
If you’re considering allowing employees to work from home to prevent risk of additional spread of the infection, it’s doubly important that you secure the assets the users are taking home. This means ensuring your email security solution is configured with proper settings. You’ll want to prevent malicious emails from making it to inboxes and ensure all devices taken home have up-to-date endpoint security agents and definitions. Finally, make sure your technicians have the capability to remotely support these users securely, as they’ll likely need assistance getting set up in a home environment.
As the virus continues to spread, we can expect more opportunistic actors to engage in email campaigns and attempt to infiltrate or defraud users and the companies they work for.
Looking to advance your IT strategy and security or wanting to supplement your internal IT staff? ECMSI is here to help. Visit us at www.ecmsi.com