Has Q1 or Q2 2020 gone according to plan for anyone? It’s not likely. Late last year, if someone were to say people in the U.S. and globally would be self-quarantining and wearing masks when they leave the house to go grocery shop or do other essential business, or that one in five Americans would be filing for unemployment benefits in the upcoming months, many would say there’s no way that amount of upheaval could occur in such a short amount of time. Alas, thanks to COVID-19, it has. Another huge change this quarter involves the number of phishing scams. Cybercriminals are using the coronavirus pandemic to prey upon people, and the statistics are scary.
A security-awareness CBT (computer-based training) company called KnowBe4 has compiled data about phishing scams during the first quarter of the year. The data suggests coronavirus-related phishing email attacks have increased by 600%. On one hand, the percentage would be expected to be high, since coronavirus-related phishing emails wouldn’t have been too effective until the virus started causing mass disruption. On the other hand, it sheds light on something not only individuals but also employers need to be aware about: the fact that cybercriminals are taking advantage of the pandemic.
KnowBe4 points out that now is a time of “stress, distraction, urgency, curiosity, and fear,” and phishing emails succeed when they entice a person to react before they think. Unfortunately, cybercriminals don’t have to be too clever to think of subjects and topics that will tempt people who are vulnerable and afraid to react first and pay the consequences later. Some of the most-clicked phishing email subjects during Q1 2020 include key words related to password checks and resets, CDC health alerts, PTO (paid time off) and sick time policy changes, scheduled server maintenance notices, and emergency notification system test alerts. The most common “in the wild” attacks, also according to KnowBe4, include subject lines like List of Rescheduled Meetings Due to COVID-19; SharePoint: Coronavirus Tax Cut Document; Confidential Information on COVID-19; IT: Work from home – VPN connection; Microsoft: Your meeting will begin soon; and HR: New Employee Stock Purchase Plan.
For many employers, remote work has become the new norm—at least temporarily. Employers are sending updates they’ve never sent before, and employees are seeking information they’ve never sought before. This is prime real estate for phishing scams, and the key to protecting employees and employers is awareness and education. While a 600% increase in coronavirus-related phishing scams may or may not grab employers’ attention, the takeaway should be that cybercriminals are playing a whole new game during the COVID-19 pandemic, and industries must be prepared for it.
Employers can share cybersecurity statistics—either general statistics or statistics specific to their industries—with their employees as a way to get conversations started. They can make sure that even during this time of great change, their systems are secure and basic security hygiene practices are being iterated and followed by all. Employers can also educate employees about how to spot a phishing email. For instance, phishing emails often have a generic greeting, claim there’s some sort of problem, and invite the recipient to click a link, download an attachment, or provide personal information. Many of these emails appear to come from companies recipients know or trust, such as their employers.
The overarching problem isn’t a new one; in 2019, the FBI’s Internet Crime Complaint Center reported that people lost $57 million to phishing schemes. But unique circumstances right now have made Q1 2020 (and, most likely, Q2 to follow) particularly challenging. Individuals and employers must remain vigilant to avoid falling victim to cybercriminals’ dangerous, obnoxiously clever, and extremely insensitive ploys during this difficult time in history.
Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #digitaltransformation #machinelearning #cybersecurity #COVID19