This blog on the importance of staying vigilant online is reposted with permission from the Global Cyber Alliance (GCA). GCA is an international, cross-sector effort dedicated to reducing cyber risk and improving our connected world and we are delighted to be able to work with them as one of our CTA partners. With disinformation and COVID-19 cyber threats still an imminent threat, we believe that working together with our members and partners to ensure a safer internet has never been more important.
Spidey sense: a vague but strong sense of something being wrong, dangerous, suspicious, or a security situation.
Due to the COVID-19 pandemic, most of the global workforce has been working from home. This is creating an enticing environment for hackers and scammers to leverage and exploit vulnerabilities and human weaknesses. Those bad actors are working at full steam. According to Scam Spotter, sponsored by the Cybercrime Support Network, a Cyber Threat Alliance (CTA) partner, scammers are estimated to steal over $2 billion this year.
The COVID-19 pandemic is an attractive target for scammers and spammers and our CTA members have been publishing research on various malicious campaigns associated with the pandemic. Bad actors are leveraging COVID-19-related phishing lures and text-based campaigns to lure victims. One thing is common throughout — these malicious campaigns play on people’s fears both around the virus itself and their financial insecurity due to the economic uncertainty. Hackers leverage fear and uncertainty to their advantage. It works. When you couple this disquietude with the exposure of people working from home using personal computers, without the level of sophisticated security software available to them in a corporate network, you are creating an appealing environment for bad actors to exploit.
In order to effectively protect yourself against this malicious activity, you have to be hyper alert, even suspicious, when reviewing emails and texts. Have that ‘spidey sense’ that something might not be legitimate. The tactics and techniques the bad actors use today are good. They know what is compelling so that people open the email, the attachment, or click on the link. The phishing lures and text messages are specifically designed to fool you. They are also geared for wide distribution to allow for successful exploitation, so you might get various plays on the same themes. Many will fall victim to these malicious campaigns as they don’t sense something isn’t right, or they want to believe the message to be legitimate.
Be wary of any pandemic-related messages, whether coming via email or SMS messaging. To better help you educate yourself on some of the tactics and techniques that bad actors are leveraging, you can read how some of our CTA members have described this activity in more detail on this resource site. We have also compiled a list of working from home tips and resources from many of our members here. You must provide the same high level of scrutiny to any email, text, or website that you would have before the pandemic started.
The best advice we can give you in this circumstance is to be leery of any email or text message related to the virus or to today’s economic uncertainty. Get your ‘spidey sense’ on and be suspicious and be cautious; you won’t be disappointed.
Author: Jeannette Jarvis
CTA Webinar – The Cyber Threat Landscape: 2021 Was a Hell of a Ride – 2022 Isn’t Shaping Up Any Better
Join CTA and Radware as Neil, Daniel, and Pascal discuss the most [...]
Cultivating a Diverse Cybersecurity Workforce
Cyberattacks continue to increase in prevalence and impact and recent cyber incidents have brought a wake-up call that we must invest in training and hiring in the cybersecurity field. Because nearly every aspect of society depends on the digital infrastructure, cyberattacks are costly and extremely disruptive. We continue to rely on an inherently insecure internet […]
Incident Response Blog: Cyber Incidents in Ukraine
As Russian forces take military action in Ukraine, cybersecurity companies are reporting various cyber attacks targeting organizations within Ukraine, such as government agencies and critical infrastructure companies, and organizations outside of the country that provide services to Ukraine. Additionally, the U.S. [...]