Phishing & COVID-19

Posted By: Helen Tuesday 11th August 2020Tags:

With many of us entering lockdown on 26th March of this year, it was only a matter of time before the hackers got to work. With masses of the UK (and the world) now working from home, security barriers were not necessarily as steadfast as they were in the office. Did you consider cyber security?

Phishing Refresher

In case you’ve not read our previous phishing blog, allow us to remind you of the basics. Usually in the form of an email, phishing uses clever ‘confidence tricking’ techniques in order to gain financial details from its prey. A good ‘phisher’ will have access to usernames, passwords and bank details in the blink of an eye.

“What is every hacker’s weekend getaway? They go phishing”

Through emails, internet thieves use a variety of tactics in order to gain credentials:

  • Deception by impersonating a legitimate company via email
  • Addressing you by name in an email; just as if you know them
  • Impersonating your CEO (believe it or not)

And these are just a handful of examples. Playing a game of cat and mouse, whilst IT boffins spend their days further building secure systems, the hackers find ways of knocking them down.

So how do you stay secure?

There really is only one way and that’s by keeping the right systems up to date whilst educating team members accordingly.

What happened during lockdown?

As the country was handed laptops and sent on their way to enjoy zoom sessions ‘a plenty’, the majority of companies didn’t pause to think about network security. Significantly more secure in the office than at home, businesses tend to have relevant cyber security feature in place. At home of course, we’re much more relaxed.

Here’s some numbers;

A recent survey by Opinion Matters, discovered 99% of organisations experienced some form of security breach over the last twelve months. Attack volumes significantly increased during the lockdown period. These responses were gathered from 251 CIOs, CTOs and CISOs from UK organisations and stated the following:

  • 98% agreed attack volumes had increased across twelve months
  • 99% admitted their company had suffered a breach
  • Average number of breaches per company was 63
  • 96% recognised cyber attacks as more sophisticated

High numbers wouldn’t you agree?

With percentages in the high 90’s, would it shock you to discover that just 6% of those surveyed stated their cyber defence budget would be increased the following year?

COVID Phishing Examples

The world of networking will never be the same again and whilst using Zoom, teams or both, this in turn lends itself to a potential attack.

“Your CEO is waiting for you. Join Zoom Meeting http://tessian.com..zoom.meeting.17262133630, this message is from your IT company”.

New to Zoom? Potentially missed a meeting with the boss? Clicking in a panic?

Results = Hacked

Top subject lines;

The following subject lines made up 56% of all phishing emails during Q2 of 2020:

  • COVID-19 Awareness
  • Coronavirus Stimulus Checks
  • List of Rescheduled Meetings Due to COVID-19
  • COVID-19 Now Airborne
  • Confidential Information on COVID-19

And adding insult to injury;

During the pandemic over 10,000 emails, text messages, social media correspondence and phone scams were delivered by hackers on behalf of HMRC. With government funding available to help companies this was a great opportunity for scammers to retrieve information. Cyber security has never been so important. 

With much of the country continuing to work from home and another potential lockdown on the horizon, it’s important to stay secure. Keep wearing your masks and just as you protect your health, do the same for your company.