{"id":120479,"date":"2021-09-11T11:17:40","date_gmt":"2021-09-11T15:17:40","guid":{"rendered":"https:\/\/rbach.net\/?p=120479"},"modified":"2022-03-19T17:09:59","modified_gmt":"2022-03-19T21:09:59","slug":"10-ways-to-catch-a-covid-phish","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/10-ways-to-catch-a-covid-phish\/","title":{"rendered":"10 Ways To Catch A COVID Phish"},"content":{"rendered":"\r\n

\"10<\/a><\/p>\r\n

Cybercriminals, like to take advantage of fear<\/strong>. They are taking advantage of the ignorance-fueled<\/a>\u00a0COVID-19 Delta variant<\/a><\/strong> surge<\/a>. Attackers are increasingly using business-looking COVID phish emails to do their dastardly deeds.<\/p>\r\n

\"return<\/a>More than half<\/a> of employers are forcing a to return to the office<\/strong>. Employers are requiring<\/a> the\u00a0submission of paperwork<\/a> such as COVID test<\/a> results and proof of vaccination<\/a> to keep your job.\u00a0Hackers know that communication from employers about COVID can spark an emotional reaction<\/strong> and compel people to click. Researchers at Proofpoint<\/a> found that business looking COVID phish<\/a> attempts have increased by 33%.<\/p>\r\n

Cybercriminals are taking advantage of these requirements. The demands for COVID paperwork<\/a> give the attackers more ways to disguising their phishing attempts. Sherrod DeGrippo, Vice-President of Threat Research and Detection at Proofpoint, told The Washington Post<\/a>. \u201cThat almost makes it easier for the bad actors because people are getting used to: \u2018Upload your negative test he<\/em>re, go download this COVID form, fill it out.\u2019<\/em>\u201d\u00a0<\/p>\r\n

Fake O365 COVID phish attempts<\/h3>\r\n

\"Proofpoint<\/a><\/p>\r\n

Proofpoint has detected fake Microsoft Office 365 phishing emails from cybercriminals posing as human resource <\/strong>departments<\/strong>. The attackers ask the recipients to submit proof of vaccination. The attacker’s goal is to steal your Microsoft 365 sign-in credentials. If you receive such an email, be sure to take the time to verify that it\u2019s come directly from the organization you work for. One\u2019s vaccination card contains useful information such as birthdates or full names, which hackers could target.<\/p>\r\n

Proofpoint\u2019s research has found emails telling employees they\u2019ve lost their jobs due to COVID-19 are also on the rise. And what better way to<\/a> do that than tell someone they\u2019ve been fired? Mr. DeGrippo explains \u201cIt quite literally is clickbait. They need you to click on them, so in order to get the\u00a0<\/em>person to take the action, you\u2019ve got to escalate their emotional state to one that has them emotional, instead of intellectual \u2014 thinking with the smart part of the brain.\u201d<\/em><\/p>\r\n

What if you suspect a phishing email<\/h3>\r\n
    \r\n
  1. \"Fake<\/a>Breathe<\/strong> – If an email seems to make you particularly angry, worried, or curious \u2013 it\u2019s best to pause for a moment before you click.<\/li>\r\n
  2. Altered domain names are a giveaway. Did\u00a0 \u201chumanresources@widgit.com\u201d suddenly become \u201cHR@widgit.com\u201d – verify these requests<\/strong> through a second channel \u2014\u00a0 get someone from HR on the phone before opening it.<\/li>\r\n
  3. Be skeptical of emails from familiar people (like the CEO) who do not usually communicate directly with you. Don’t click on links or open attachments from those senders. Always get someone on the phone<\/strong> before opening it.<\/li>\r\n
  4. Hover over the link<\/strong> to expose the associated web addresses in the \u201cto\u201d and \u201cfrom\u201d fields. Your company’s email is probably not gmail.com.<\/li>\r\n
  5. \"\"<\/strong>Note grammatical errors<\/strong> in the text of the email; they\u2019re usually a sure sign of fraud.<\/li>\r\n
  6. Use different passwords for your work and personal email<\/strong>. That way, if one gets compromised, hackers can\u2019t break into the other and use it to compromise more accounts. A good password manager tool should help.<\/li>\r\n
  7. Don’t forward <\/strong>suspicious emails to co-workers.<\/li>\r\n
  8. Report suspicious emails<\/strong> to the IT security department.<\/li>\r\n
  9. Install and keep up-to-date anti-malware software<\/strong> on all your devices to scan web sessions and emails.<\/li>\r\n
  10. Never donate to charities via links<\/strong> included in an email; instead, go directly to the charity website to donate.<\/li>\r\n<\/ol>\r\n

    Stay safe out there!<\/a><\/strong><\/em><\/p>\r\n

    Related article<\/strong><\/p>\r\n