With people hungry for news and information about the Coronavirus (COVID-19) pandemic, cybercriminals are ready to take advantage of everyone’s anxiety and seize this opportunity to steal data and compromise systems through phishing attacks that use especially devious Coronavirus-themed tricks. Here's the top three ways they're cashing in.
1. Fake maps
Fake maps are one of the newest ways that bad actors are trying to use to lure in unsuspecting users. According to reporting from cybersecurity researcher Shai Alfasi at Reason Cybersecurity Ltd., fake “Coronavirus Impact” maps are circulating with the goal of infecting the systems of the victims with the AZORult malware.
2. Bogus “official” messages
Fake messages from the CDC, WHO, government agencies, and other seemingly trustworthy sources have become the new favorite way for cybercriminals to collect personal information. These emails may contain links that invite users to see the “cases in their area” to determine if they’ve been exposed to Coronavirus – but the only thing they’re getting exposed to is malware from clicking that link.
3. Infectious attachments
These are a perennial favorite, and bad actors are using them in new and creative ways. Faux-official forms, policy updates, checklists, pamphlets and more that claim to have important Coronavirus information for users are flooding inboxes. But instead of useful information, users are really downloading remote access Trojans and other nasty surprises.
The best way to prevent a data breach from a phishing attack is to stop it before it starts. At Gulf South Technology Solutions, we use cutting-edge cybersecurity tools so that staffers can be rapidly trained and tested on how to handle a wide range of phishing attacks, protecting company systems and data from opportunistic cyberattacks.