Cybercrime is on a continual upward trend. One of the most popular methods that cybercriminals use to gain access to company systems and data is through email phishing. This is where they use spoof emails to lure the reader into clicking a link onto a malicious site or page posing as a trustworthy one. They then attempt to obtain your sensitive information such as usernames, passwords and credit card details.
Using emails with links related to the coronavirus outbreak that started in Wuhan, China is the latest tactic cybercrimnals are using to attempt to spread malware and gain access. Currently, there are emails going around, stating that information about the coronavirus outbreak or how it started, or where it is spreading, are included in the link. Which some readers are finding difficult to resist!
The emails usually include false information about the coronavirus but more importantly are a risk to your organisation if a user clicks the link.
“The practice of leveraging worldwide events by basing malicious emails on current important topics has become common among cyber criminals. Such a strategy is able to trick more victims into clicking malicious links or opening malicious files, ultimately increasing the effectiveness of a malware campaign,” IBM researchers wrote in a report on Wednesday.
“What makes these attacks rather special, is the fact that they deliver the Emotet trojan, which has shown increased activity recently. It achieves this by urging its victims into opening an attached Word document, described as a supposed notice regarding infection prevention measures,” the report added.
How to protect against evolving email phishing threats and cyber attacks
The aim of the cybercriminal is often to gain access to company data and sell to other criminals on the dark web – leading to a significant data breach, diminishing trust from customers and possibly resulting in a loss of revenue.
To help protect against email phishing threats organisations should use employee email phishing training.
Email phishing training is an important part of defending your organisation from phishing attacks. The National Cyber Security Centre, part of GHCQ, in the UK have identified phishing training as the second layer of defence after email filtering.
Training typically starts with an interactive learning introduction of phishing and how to spot phishing email. The software sends false phishing emails randomly to employees to see who clicks on these false phishing attacks. It can identify who needs further help and training and provide additional self-learning videos to improve their ability to spot and delete these emails in future.
To learn more about email phishing training software and how to deploy it in your organisation, contact our team today.