Whilst we start to wrestle with the “when and how do we restart” post Covid19 the malicious actors are unfortunately ahead of us all.
Over the past week or so there has been robust debate in Australia and keeping a cautious approach is the best approach with some nations already cautiously lifting some of the social restrictions imposed to control and suppress the spread of COVID-19.
The exaggerated growth and development of Coronavirus-themed phishing emails over the past few months is of course disheartening but these same malicious actors have their own plan for re-opening businesses as well.
They’re starting to share it with your employees, most of whom will be keenly interested to know when they can resume something approaching a normal life after weeks of lockdown and finally return to the office.
Emails spoofing an organisations domain suggesting “we are committed to listening to experts … we have schedule to reopening the business … find the complete outline here” … there is hyperlink on the word “here” which is bogus and allows the cybercriminal access to you and your files.
As phishing emails go, it is absolutely pitch-perfect which is something even the most talented of malicious groups often struggle with when crafting social engineering schemes such as this one. The tone and language are familiar and hopeful, yet appropriately cautious and measured.
There are very few red flags here, the payload is the bad actors pushing dodgy HR announcements and the link can also ask for your email login details … while most of us will not for “that ole trick” the link makes it look like you have been logged out of the company email and need to log back in … thus capturing your login credentials.
Coronavirus-themed social engineering schemes have become a natural part of the threat landscape these days and whilst we are past the initial surge of malicious emails that defined the month of March, they remain a very real threat because the bad guys are proving themselves all too capable of exploiting the very latest news to bait email users.
To discuss successful partnerships and how engaging Consulting IT to maintain your IT infrastructure will reduce your Staff downtime/ Expenditure/ Stress/ Exposure and Risk all the while increasing your Awareness/ Business Continuity Plans/ Backup and Disaster Recovery Systems/ Auditing and Compliance procedures.
Corey Hill (firstname.lastname@example.org) / National Sales and Marketing Manager
#emailsecurity #informationsecurityawareness #informationsecuritymanagement #consultingit #antivirusandmalwares #phishing #scams #malware #ransomware #cybersecurity #informationtechnology #security #cyberattack #informationsecurity #cybercrime #computersecurity #cyberattacks #phishingattacks #phishingattack #ransomwareattack #scammers #cybercriminals #scamalert #cyberfraud #databreach #dataprotection