How To Defend Your Company Against Coronavirus Cyber Scams
By Steve Cobb, CISO, One Source
If the ever-changing coronavirus didn’t put us on high alert enough, the Department of Homeland Security’s The Cybersecurity and Infrastructure Security Agency (CISA) is warning individuals across the U.S. to be on alert to defend against scammers who use the coronavirus health crisis as bait to push their scams over the Internet.
To keep your organization safe during this vulnerable time we hope that you will use this blog as a means of encouraging your employees to take precautions so that they won’t fall victim to a cybercriminal.
AWARENESS AND EDUCATION FOR YOUR EMPLOYEES
Of course, safety starts with an internal communication to your employees to exercise caution when handling any emails related to the Coronavirus. Your employees are your best line of defense when detecting phishing and cyber scams. Phishing emails steal data by tricking users into believing they are interacting with someone or a company they trust. According to phishing defense technology company Cofense, as much as one in seven emails sent to professionals contains a phishing message.
Here are some pointers to provide your employees:
- Be mindful of subject lines pertaining to COVID-19 or Coronavirus – Use trusted sources such as legitimate, government websites for up-to-date, fact-based information about the Coronavirus
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information
- Be wary of emails received from unknown senders
- Do not open unexpected attachments
- Do not click on unexpected hyperlinks
- Be wary of pleas requested aide or assistance – Verify a charity’s authenticity before making donations
PHISHING EXAMPLE TO SHARE WITH YOUR EMPLOYEES
The example below is a phishing email that appears to be from The Centers for Disease Control. This email is not from the CDC and contains malicious links.
Users are led to believe they are clicking a link to: hxxps://www[.]cdc[.]gov/COVID-19/newcases/feb26/your-city[.]html
However, embedded behind that link is the following malicious redirect: hxxp://healing-yui223[.]com/cd[.]php
Which in turn goes to the final landing page of the phish located at: hxxps://www[.]schooluniformtrading[.]com[.]au/cdcgov/files/
Additionally, when reviewing the header information, the email originated from IP address 193[.]105[.]188[.]10. This IP address is not associated with the CDC, as it is located within the United Kingdom.
PREPARE YOUR EMPLOYEES AHEAD OF THE THREAT
Of course, the best line of defense is advanced preparedness. These days the most forward-thinking IT teams are achieving higher awareness and changing user behavior by following some modern best practices like leveraging online learning and simulations sited in this article “Changing User Behavior Core To Averting Phishing Disaster.”
EMPLOYEE ACTION IN THE EVENT OF A PHISHING ATTEMPT
If an employee suspects an email to be a phishing attempt, it is advised to instruct them to follow current company procedures for reporting suspicious emails. For One Source customers, instruct your employees to mark the email with their Report Phishing Cofense button embedded in their email for the One Source SOC team to assess any potential threats in the email.
Should your organization benefit from consultation and best-practices, please don’t hesitate to contact us at One Source (877) 651-1650.
Latest blogs
What is Shadow IT?Oct 7, 2021
POTS Replacement – Waiting Is No Longer An OptionSep 9, 2021
The three phases of a successful cloud migrationAug 16, 2021
SD-WAN FAQs: Avoid the Top Security Mistakes When Implementing SD-WANAug 4, 2021
Your Mobile Devices Are Under Attack…Uncover the Top 4 Mobile Cyber Scams and How to Prevent ThemJul 20, 2021
Enterprise Mobility Strategy: 3 Things You Need to Consider in 2021Apr 13, 2021
Why Mobile Device Inventory Is Critical To Your COVID-19 Enterprise Mobile Management StrategyMar 19, 2021
3 Factors IT Leaders Need To Include In A Business Continuity Plan That Goes Beyond Just Disaster RecoveryMar 9, 2021
3 Proven IT Tips for No-Risk Technology UpgradesJan 5, 2021
4 Strategies IT Leaders Can Use To Support IT Upgrades On A BudgetDec 18, 2020
Year in Review: 3 Technology Trends of 2020Dec 15, 2020
How To Recover Telecom Costs And Fuel 2021 IT BudgetNov 16, 2020
How To Uncover Cost Savings In Your Telecom ContractsOct 26, 2020
Beating the Cybersecurity Staffing Shortage: 3 Advantages to Using a MSSPOct 16, 2020
3 Critical Strategies that Extend your IT BudgetSep 23, 2020
Sign up
Have Questions?
We'd love to help. Whether you have a question about our services, pricing, best practices, or anything else, our team is happy to answer your questions.