The COVID-19 pandemic, like other catastrophes, brings out the best and worst in humanity. I’ll get to the heroes before I wrap up, but I must start with the bad guys. Today I want to remind you to remember some basic phishing protections.
I’ve noted before that any event that draws widespread interest (sporting events, disasters, etc.) gets weaponized by threat actors. And so it is with this pandemic. Here’s one example. As I cleaned out spam comments on our blog site, I noticed that many of the comments were now advertisements for hydroxychloroquine. With the FBI’s IC3 (Internet Crime Complaint Center) reporting increases in cyber crime activity, it’s time to remember some basic phishing protections.
Topical Cyber Crime Activity
The FBI highlighted some specific activities happening that are tied to the COVID-19 pandemic.
- Emails purporting to be from the Centers for Disease Control that contain phishing links or malware attachments.
- Malicious websites claiming to track worldwide coronavirus cases that can hijack computers.
- Phishing emails attempting to intercept relief checks.
- Phishing emails with subjects designed to generate clicks, such as airline travel refunds, fake COVID-19 cures or test kits.
- Counterfeit offers of Personal Protective Equipment, ventilators, etc.
Remember Some Basic Phishing Protections
In these times as we work from home, it’s easy to let our guard down. So, let’s remember some basic phishing protections.
- Watch for emails appealing to your emotions. Curiosity, desire for acceptance, fear of missing out and desire to help are all emotions that attackers will exploit to make you click.
- Don’t click on links or attachments contained in emails from people you don’t recognize.
- Don’t provide your username or password, social security number, banking information, or other sensitive personal information unless you’re confident that this is a legitimate request from a legitimate site.
- If you receive a phone call or an email requesting personal information, and you think it may be a legitimate request, look up the party’s phone number or website URL and call them or go to their website to respond .Don’t simply respond over the phone or follow a link in the email. Both phone numbers and URL’s can be spoofed.
- Check the “mail from” address (an actual email address, vs. a display name) to see if the message is legitimate. One of our customers received a phishing email this morning from “Mail Service Delivery” that had some random email domain. (It didn’t help that the message was signed “from the <org> quarantine team. This customer is far too small to have such a team.)
On to Some Good News
Dealing with disruption, illness and death, political chaos and the like can be depressing. (I find that listening to the blues helps. Here’s one song for you.) So, I wanted to wrap up this reminder to remember some basic phishing protections with a few good news items.
- The California Community Foundation has made almost $12 million in grants through its COVID-19 LA County Response Fund. Some of this funding came from grants by other customers, such as the California Wellness Foundation.
- The Marin Community Foundation has partnered with the State of California and other foundations to create the California Immigrant Relief Fund. This fund helps provide food and health assistance to essential workers in California who might otherwise not have access to such resources.
- The Dyson corporation is working with The Technology Partnership to produce 10,000 ventilators for the UK. It expects to reduce the design and production time from years to weeks.
- MIT has established the COVID-19 Challenge, a hackathon with multiple tracks to generate solutions to problems being encountered in addressing the pandemic.
- Medtronic has made its ventilator design specifications available for free to any manufacturer who registers with the company. They’ve received over 90,000 applications.
- Apparel makers, not to mention armies of home-based seamstresses, have committed to producing face masks.
- Andrea Bocelli streamed a concert live from the Duomo in Milan. Many other musicians and singers have likewiise live-streamed concerts.
- Tony Bennett and San Franciscans sang the iconic “I Left My Heart in San Francisco”. And New Yorkers applaud health care workers.
Be safe, be smart, be kind. And smile.
Well written. We use Knowbe4 and love the results. Last week I Phished a 200 man company (client) and got 200 clicks on a spoofed WHO… 71 of the employees went on to enter sensitive data.
The training programs (videos) they produce are fantastic… Cheers