Coronavirus – be careful where you click

Cybercrime is on a continual upward trend.

Email phishing is one of the most popular methods cybercriminals use to gain access to company systems and data. In this method, they use spoof emails to lure the reader into clicking a link onto a malicious site or page, posing as trustworthy. They then attempt to obtain your sensitive information, such as usernames, passwords, and credit card details.

Cybercriminals are using emails with links related to the coronavirus outbreak that started in Wuhan, China, as a tactic to spread malware and gain access. Currently, there are emails going around stating that information about the coronavirus outbreak, how it started, or where it is spreading is included in the link, which some readers are finding difficult to resist!

The emails usually include false information about the coronavirus but, more importantly, are a risk to your organisation if a user clicks the link.

“The practice of leveraging worldwide events by basing malicious emails on current important topics has become common among cybercriminals. Such a strategy can trick more victims into clicking malicious links or opening malicious files, ultimately increasing the effectiveness of a malware campaign,” IBM researchers wrote in a report on Wednesday.

“What makes these attacks rather special is the fact that they deliver the Emotet trojan, which has shown increased activity recently. It achieves this by urging its victims to open an attached Word document, described as a supposed notice regarding infection prevention measures,” the report added.

How to protect against evolving email phishing threats and cyber attacks

The cyber criminal's aim is often to gain access to company data and sell it to other criminals on the dark web, leading to a significant data breach, diminishing customer trust, and possibly resulting in a loss of revenue.

Organisations should use employee email phishing training to help protect against email phishing threats.

Email phishing training is important in defending your organisation from phishing attacks. The National Cyber Security Centre, part of GHCQ in the UK, have identified phishing training as the second layer of defence after email filtering.

Training typically starts with an interactive learning introduction to phishing and how to spot phishing emails. The software sends false phishing emails randomly to employees to see who clicks on these false phishing attacks. It can identify who needs further help and training and provide additional self-learning videos to improve their ability to spot and delete these emails in future.

Contact our team today to learn more about email phishing training software and how to deploy it in your organisation.