How To Defend Your Company Against Coronavirus Cyber Scams
By Steve Cobb, CISO, One Source

If the ever-changing coronavirus didn’t put us on high alert enough, the Department of Homeland Security’s The Cybersecurity and Infrastructure Security Agency (CISA) is warning individuals across the U.S. to be on alert to defend against scammers who use the coronavirus health crisis as bait to push their scams over the Internet.

To keep your organization safe during this vulnerable time we hope that you will use this blog as a means of encouraging your employees to take precautions so that they won’t fall victim to a cybercriminal.

AWARENESS AND EDUCATION FOR YOUR EMPLOYEES

Of course, safety starts with an internal communication to your employees to exercise caution when handling any emails related to the Coronavirus. Your employees are your best line of defense when detecting phishing and cyber scams. Phishing emails steal data by tricking users into believing they are interacting with someone or a company they trust. According to phishing defense technology company Cofense, as much as one in seven emails sent to professionals contains a phishing message.

Here are some pointers to provide your employees:

Be mindful of subject lines pertaining to COVID-19 or Coronavirus – Use trusted sources such as legitimate, government websites for up-to-date, fact-based information about the Coronavirus
Do not reveal personal or financial information in email, and do not respond to email solicitations for this information
Be wary of emails received from unknown senders
Do not open unexpected attachments
Do not click on unexpected hyperlinks
Be wary of pleas requested aide or assistance – Verify a charity’s authenticity before making donations

PHISHING EXAMPLE TO SHARE WITH YOUR EMPLOYEES

The example below is a phishing email that appears to be from The Centers for Disease Control. This email is not from the CDC and contains malicious links.

Users are led to believe they are clicking a link to: hxxps://www[.]cdc[.]gov/COVID-19/newcases/feb26/your-city[.]html

However, embedded behind that link is the following malicious redirect: hxxp://healing-yui223[.]com/cd[.]php

Which in turn goes to the final landing page of the phish located at: hxxps://www[.]schooluniformtrading[.]com[.]au/cdcgov/files/

Additionally, when reviewing the header information, the email originated from IP address 193[.]105[.]188[.]10. This IP address is not associated with the CDC, as it is located within the United Kingdom.

PREPARE YOUR EMPLOYEES AHEAD OF THE THREAT

Of course, the best line of defense is advanced preparedness. These days the most forward-thinking IT teams are achieving higher awareness and changing user behavior by following some modern best practices like leveraging online learning and simulations sited in this article “Changing User Behavior Core To Averting Phishing Disaster.”

EMPLOYEE ACTION IN THE EVENT OF A PHISHING ATTEMPT

If an employee suspects an email to be a phishing attempt, it is advised to instruct them to follow current company procedures for reporting suspicious emails. For One Source customers, instruct your employees to mark the email with their Report Phishing Cofense button embedded in their email for the One Source SOC team to assess any potential threats in the email.