The best scam emails are those that entice the user to open. Those that work best are the ones that appear the most plausible, coinciding with a certain situation, a new item, or likely to connect with what someone has been thinking. The era of the COVID-19 pandemic has led a series of email scams on different subjects, including promises of medical treatments.
Now is the turn of business C-suite executives to be targeted, with the lead focus being money. According to Microsoft, a pair of hackers have been using the term ‘Covid-19 bonus’ to manipulate business employees into handing over access to their email accounts. The remit of the hackers is an attempt to control of a business user’s Microsoft Office 365 account. The attacks so far have been aimed at some 62 countries.
Microsoft corporate vice president Tom Burt writes: “Once victims clicked on the deceptive links, they were ultimately prompted to grant access permissions to a malicious web application.”
Looking into the issue for Digital Journal, Ed Macnair, CEO of Censornet says “It is unfortunate but unsurprising that cyber criminals continue to exploit the pandemic and manipulate vulnerable employees. ”
With the specific email fraud case, Macnair sees this as only the tip of the iceberg: “What starts as an email attack becomes a web security issue when the victim is prompted to grant permissions to a malicious web application, and then a cloud security issue when that application gives access to an Office 365. What the criminals are trying to do here is exploit gaps between security systems.”
In terms of remediation activities, Macnair recommends: “There should always be a level of caution around third party apps and any email asking for credentials or authorisation, or for money to be sent. It is crucial that organisations educate employees on best practice so that they treat emails of this nature with caution.”
In addition to his point about culture and worker education, Macnair says: Security measures need to evolve to keep pace with these techniques. This means integrating and sharing threat information between email, web, and cloud security to make sure threats do not slip through the gaps. In addition multi-factor authentication can help protect compromised user accounts from being used for business email compromise or account takeover attacks.”
