It's lockdown, but scammers are phishing ... and using the virus as bait
Phishing is the practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information, such as passwords and credit card numbers.
Managing director at KnowBe4, a company that promotes IT information security, Anna Collard, said as many South Africans started working from home, cybercriminals were using this opportunity because remote workers were easy targets.
“Times like these, riddled with uncertainty, make people more vulnerable to emotional phishing messages and fake websites using the guise of coronavirus updates,” said Collard.
Principal lab researcher Eric Howes for KnowBe4, said they had seen a spike in coronavirus-related phishing scams, saying the scams came in three successive waves.
Howes said the first wave brought phishing attacks offering basic information about the pandemic as well as spam/scam emails pushing questionable products and services. Many purported to come from organisations such as the World Health Organisation and the US Centres for Disease Control.
The second wave brought novel phishes that saw cybercriminals trying new approaches to trick users into clicking through to malicious content.
In the third wave, he said, researchers reported seeing repurposed standard phishing templates turned into coronavirus-related phishing scams.
Director of the IT advisory division at Mazars South Africa, Terence Govender, warned that another major target would be businesses in the medical, health and pharmaceutical industries - where cyberattackers were already claiming vaccine formulas in return for cryptocurrencies such as Bitcoin.
To guide businesses on how to minimise the risk of becoming cybercrime targets while staff are working remotely, Govender advised:
Ensure that all employee laptops have up-to-date anti-virus software and all systems, including emails and USB ports, are enabled to be scanned;
Ensure the relevant Virtual Private Network (VPN) software is enabled;
Ensure hard disk encryption with maximum password requirements;
Ensure that the remote work security policies are the same as working on the network in the office;
Remind staff not to open suspicious emails from unknown sources.The Independent on Saturday