Google indicates that during the height of the pandemic there has been a massive increase of phishing attacks. Here criminals are attempting to trick users into revealing personal data. Google is blocking more than 100 million phishing emails per day, and it is estimated that around one fifth of these are scam emails related to COVID-19.
This means that the virus now being classed as the biggest phishing related topic ever, showing that cyber criminals will take advantage of any and every opportunity they can.
There are risks to consumers and businesses from such threats. Changes to working conditions have enhanced the risks to businesses. This means that employees need to remain especially vigilant during these times. Remote working has resulted in many employees finding themselves within their own isolation bubbles, which makes it easier for criminals to exploit businesses practices.
One of the techniques deployed by the hackers is with the adding if malicious macros in Microsoft Office documents in an effort to compromise systems. Such macro-based Office documents are then attached to phishing emails or downloaded from URLs embedded within phishing emails, triggering an exploitive attack.
Commenting on the rise in malicious emails for Digital Journal is Will LaSala, Senior Director of Global Solutions at OneSpan. The analyst notes: “We’re unfortunately continuing to see attackers exploit the ongoing pandemic to try and bait victims into opening malicious attachments or sharing sensitive information. That the virus may now be the biggest phishing topic ever speaks volumes about the threats consumers are facing right now.”
LaSala notes that technology companies are attempting to take action: It’s encouraging to see Google thwarting a large proportion of these attacks, consumers need to be cautious of any suspicious emails or links they receive, and make sure not to give out any personal or sensitive information by phone or email.”
Businesses need to play their part, according to LaSala: It’s imperative that organisations implement a multi-layered approach to security in order to safeguard their customers against phishing attacks. This includes implementing multi-factor authentication methods that requires people to prove their identity using two or more verification methods before gaining log-in access. So even if one factor is compromised in a phishing attack, hackers would still need at least one more barrier before breaking into the target.”