Attempts by malicious actors to infiltrate organizations and individuals’ personal space through a wide variety of phishing exercises are widespread. From crude attempts at garnering the unwitting user’s confidence to overcoming large organizations’ anti-phishing filters, malicious actors have been at the top of their game. There has been a surge in data breach attempts, as pointed out by numerous cyber intelligence units worldwide.
Most of these have been through social engineering, wherein the phishing agent tries to gain the user’s attention and gather information about them or their organization. With several Covid-19 Vaccines already in distribution and the scope of its reproduction in large numbers, phishing attempts’ severity and sophistication have risen too.
Types Of Covid-19 Phishing Attempts
Malicious actors have been deploying all sorts of phishing methods in the wake of the Covid-19 pandemic to unleash attacks on unsuspecting users. Here are some of them.
Fraudulent Vaccine Advertisements
The FBI has been warning people from falling prey to fraudulent ads, which have suddenly popped up across the digital and virtual space. There were indications that a whole lot of ad space was being bought in bulk. The ads talked about vaccines as well as other cures like snakeskin oil. Most of these ads preferred credit card payments. The advertisements, no matter how ludicrous, played on the fear of the larger public. This phenomenon may have led to quite a few attempting to buy the suggested cures or book for a vaccine.
Websites For Fake Donation Campaign
While the advertisements made for good visuals, it was the websites that were making a killing. These sites impersonated genuine organizations, like the WHO, the UN Pandemic Fund, or the Swiss Pandemic Fund. They talked about donations or pre-booking for vaccination. The phishing exercise went so viral that the WHO had to issue a statement alerting people about the non-genuineness of these websites. It also stated the correct method of contributing to the benevolent fund.
Fraudulent Emails Asking For Covid-19 Help
Phishing emails have been the most observed malicious attempt during this period. There have been numerous emails, in almost all formats, stating the obvious: save yourself from the virus; buy the vaccine now. This recurring premise, in some form or the other, has been circulating across the globe continually. These emails, like fake websites, urge the reader to make a payment and transfer them to another page where their financial details are recorded.
Misinformation Through Social Media Spaces
Social media have not been spared from the menace, either. Misinformation regarding the Covid-19 vaccine has been widespread. The impact has led to confusion amongst the larger mass of people. Many posts talked about vaccine registration and instant cures. They were taken down or blocked by social media platforms. Most of these posts asked for donations and personal information.
As per the WHO guidelines, WHO officials will not make any calls or send emails soliciting the purchase of Covid-19 vaccines; there shall also be no lotteries, prizes, or bonanzas related to the vaccines. The vaccination drive is to be supervised by the national governments and any other body authorized by the central or the local governments.
It had been observed that there were numerous phishing attempts made in the name of the Covid-19 Solidarity Response Fund, originally set up by the WHO to combat the pandemic. In a press release, the organization has warned netizens worldwide to be wary of such communication. A FAQ put up on the WHO website illustrates the steps one has to take to transfer money to the organization legitimately. The UN Foundation and the Swiss Philanthropy Foundation are the other organizations that have released similar press notes.
There are a few things that organizations must do immediately to counter any phishing attempt.
Set Up Anti-Phishing Solutions
The tech market is awash with anti-phishing software that filters phishing emails. Email security is of prime concern and needs to be taken seriously. Any loophole that may arise while dealing with official emails may have dire consequences. Many MSPs and VARs provide email security management tools and anti-phishing services, and organizations need to use them.
Access Control To Prevent Malicious Forces
Access to official emails and networks needs to be limited and controlled. It can reduce the number of open nodes or recipients. Organizations must only provide sensitive information regarding networks and financial dealings on a need-to-know basis. It goes a long way in countering any phishing attempts. One of the main characteristics of spear phishing is its bulk form. It is sent to a whole lot of people in the top management. The probability of success increases that way.
Two-step authentication makes it difficult for malicious actors to penetrate the system of any individual. Such authentication needs to be the benchmark for any security system, and it is the responsibility of IT Security teams to oversee such arrangements.
Training And Awareness Programs
Every organization is vulnerable at the employee level since phishing is a social engineering activity. Con artists play on the psyche of their victims and break them emotionally to extract the necessary information. Organizations can counter it through regular awareness training sessions and awareness-creation drives, an essential part of any anti-phishing campaign.
It is pertinent to know that every organization’s employees are not just its strength but also its weakness. Fortifying them through anti-phishing training and awareness programs at regular intervals is a necessity. They need to be aware of such exercises’ dangers and stay updated about the latest phishing mechanisms.
Phishing is an evil that has been tormenting the virtual world for a long time. With recent developments in technology, the sophistication of phishing has also gone up. The pandemic has been a god-sent for phishing agents, and they have taken full advantage of it. Most of them have been posing as health officials or medical organizations seeking funds or information. While international agencies have warned the world of such malicious endeavors, it is up to the individual to be alert and not fall prey to such attempts.