When the government said to stay home, it didn't mean take up phishing indoors. There has been an increase in phishing attacks which are praying on the vulnerabilities of working from home and individuals heightened anxiety around Covid-19. Phishing attacks can come in many different forms, generally, they are e-mails impersonating a formal body or organisation where the cybercriminal, through the use of an email attachment or link, distributes a malware or a computer virus or gains access to your systems and sensitive information.
The government and businesses are directing citizens and staff to the World Health Organisation (WHO) for credible updates on the Covid-19 pandemic. As a result, cyber criminals are capitalising on these uncertain times and pretending to be WHO by sending fraudulent e-mails or text messages. WHO have published a warning for citizens to 'beware of criminals pretending to be WHO' trying to steal money or sensitive information. WHO have confirmed that they will never ask for username or passwords, send e-mail attachments not expressly asked for, ask you to visit any outside links, charge money to apply, register or reserve anything with WHO or conduct lotteries, prizes, grants or funding via e-mail.
Over the last year, businesses have reported an increase in phishing attacks of 14% and a decrease in virus or malware attacks of 17% according to the Department for Digital, Culture, Media & Sport's recently released Cyber Security Breaches Survey 2020. While phishing has increased, organisations ability to recover from any security breach has also increased with organisations implementing awareness campaigns across workforces and an uptake on board engagement in cyber security leading to increased action to identify and manage cyber risks.
These improvements in organisational resilience to cyber attacks will be put to the test during the current lockdown. With many working from home, employees may become less vigilant to the threat of cyber attacks while becoming increasingly susceptible to the media hysteria that prompts you to 'click on the attachment'. Don't let the phisherman catch you or your employees, stay alert.
...the threat has evolved, with fewer businesses identifying viruses or ransomware and more phishing attacks. It has not diminished.