Coronavirus as the main theme for phishing campaigns
The coronavirus today is the news of all the news.
It is impossible to turn on a television, a radio or even connect to the Internet today without at any time being challenged by any publication, or pandemic announcement. This media coverage of the disease is a boon for hackers. Indeed, they will use it to carry out their phishing companions. As a reminder, phishing is a technique used by cyber-prisoners to extract personal information from web users.
This article will also interest you: Cybersecurity in the test of telework in times of coronavirus
How does he do it? It's simple, in fact it is all content to send to their targets, often randomly to a group of people, information or messages related to a particular topic. Of course, these themes are something that are topical and that they will be able to attract the attention of the targeted people. In our case, we have coronavirus. A theme today that is on everyone's lips. After sending the messages, which usually is done via e-mails, but in some particular cases by text message or message via messaging app such as WhatsApp, people who have received this correspondence, are usually asked to click on a link in order to have more information or to perform a particular action. If, unfortunately, an individual clicks on the relevant link, it is automatically redirected to a website controlled by hackers. Of course, this website will look like an official website. Often, under these conditions, hackers duplicate the websites of social networks or companies with strong digital affinities. The unwary user will then be asked to fill out information fields often, where he will be asked for passwords of the login credentials exetera. In this way, cyber-prisoners will simply collect information that they will use for their own purposes.
In a situation like the one we are going through today, this method is likely to do a lot of damage. Indeed, it has been shown that internet traffic has literally exploded since different countries introduced systems of containment of their population. Not to mention the increasing number of teleworks. Added all this with the concern about the spread of coronavirus that does not seem to stop, we are then in a situation where cyber-prisoners will also be able to take advantage of the naivety of web users about the pandemic.
Joseph Blankenship, vice president and director of research at Forrester Research, wrote: "Cybercriminals take full advantage of this and launch pandemic-specific phishing attacks. In the first quarter of 2020, we saw an increase of more than 600% in Covid-19-related phishing attacks and, last week, more than 18 million daily phishing and coronavirus-specific malware attacks. ». He later noted: "A favourable context for their effectiveness. These attacks are very effective for two reasons. First, people are afraid. Everyone's daily routine has changed and we have no idea when it will return to normal. So when you see an email promising news on the Covid-19, you may be tempted to click to get some answers. ».
So how do you protect yourself from it? Especially for companies that are generally the most vulnerable, due to the introduction of telework a little hasty.
First, it should be noted that awareness will be the basis in such a context. People who are assigned to telework as well as individuals should be aware that it is very unwise to click on links from unsung correspondence. On the other hand, cyber-prisoners sometimes impersonate official institutions in order to deceive. That's why you should always be careful and never click on a link you receive by email, regardless of the recipient until you have an official confirmation of that person's identity. Instead, it is advisable to always check the reference to be sure of the correct syntax for email addresses or other credentials. In addition, the use of a security protocol or protection software is required. Forrester's vice-president advised: "Protection requires a layered approach that starts with email authentication. The DMARC, or Domain-based Message Authentication, Reporting, and Conformance, is an email authentication process that manages and monitors your inbox to ensure that only verified contacts reach a user's inbox. ».
In addition, it should be noted that this type of cyberattack is predictable. The most important thing to protect against it is discipline. Because, whether you like it or not, you'll be targeted. It's just a matter of time if you haven't already been.
Now access an unlimited number of passwords: