According to a survey conducted by F5 Labs in 2020, phishing scams have increased by 220% since the onset of the Covid-19 pandemic. A recent example was a COVID-19 health survey conducted among the staff members of the UBC (University of British Columbia), which later turned out to be fake and was instead a ransomware delivery campaign. Examples like these show how malicious actors have used the COVID-19 pandemic to target everyone, from individuals merely browsing the internet for leisure to employees who deal with confidential organizational information. The CSA reported a sharp rise in ransomware, phishing, and cybercrimes in 2020 after the onset of the pandemic.
Although the phishing and ransomware scams initially used the COVID-19 virus as the bait, they later shifted to more relatable topics like job offers to lure their victims. Quite recently, the threat actors in the UK have started using the context of the new coronavirus variant, Omicron, to trick people into clicking on fraudulent emails. They generally use the trusted name of the National Health Service to carry out their attacks. Hence, users are required to be aware of the kind of emails adversaries send to trick them and how they can manage to prevent themselves from becoming their targets.
Modus Operandi Behind The Latest Omicron Phishing Scheme(s)
The new Coronavirus variant Omicron was discovered recently in November 2021, and adversaries have already started using the fear of the variant and the escape from the new regulations and restrictions issued by the Government as bait to trick people into giving away sensitive information. This trick helps them gain money and steal the identity of the victims. Below is an example of how they go about their work:
- The malicious actors send you a phishing email under the guise of a trusted organization like the National Health Service (NHS).
- Clicking on a fake link in the email takes you to a spurious site that pretends to belong to the NHS.
- You are advised to purchase a new Covid 19 test kit. Although the package is purchasable free of charge, the so-called delivery will charge you some amount.
- Apart from the payment, you may also be asked to provide other details such as your mother’s maiden name and additional personal information in the guise of a security question. Since most email and bank accounts are verified using such basic questions, a breach of sensitive information may lead to various repercussions, such as losing money or identity thefts in the worst-case scenarios.
Who Are Most Vulnerable To These Phishing Scams?
Malicious actors generally target specific sections of people who are likely to be affected by the Covid 19 pandemic. They include a considerable number of people such as the ones mentioned below:
- It becomes easy for adversaries to target such people with fake information and advice for those who tend to panic in such situations.
- They are on the lookout for new jobs for those who lost jobs due to the pandemic. Such people are more likely to click on job offers without wondering if they might be clicking on phishing emails.
- Students and staff of institutions and organizations that require data regarding studies, work, and other official business.
Securing Your Information Assets: Ensuring You Or Your Employees Do Not End Up Being A Phishing Victim
Numerous anti-phishing solutions are available in the market if you wish to implement them for your organization’s safety. The following are how you can protect yourself and your employees from phishing emails and other phishing attempts:
Training The Employees
Remember that adequate awareness and training are inevitable as far as phishing emails and ransomware are concerned. You must educate all the stakeholders involved, including employees, on detecting phishing attempts and avoiding clicking on suspicious emails.
Anti-phishing Solutions And Anti Ransomware Solutions
You can deploy software and solutions that can prevent malware and ransomware attacks. Merely installing antivirus software solutions is not enough in today’s evolving threat landscape, wherein threat actors are getting smarter by the day.
Keep Your Data Backed Up
Malware and ransomware attacks can target your information systems and lock or destroy your valuable information assets. Hence, you can no longer retrieve the data you stored there once you have become a victim. Automatic backup software or services can help you keep your data protected in the event of a major data breach.
Warning The Customers
You may try to remind your customers that the addresses and logos used by malicious actors often resemble the original ones and warrant adequate caution. You must also inform them not to give away sensitive data over SMS and phone calls. You can explain that your organization would never ask for any such data via such modes of communication.
Malicious actors leave no stone unturned to take advantage of a panic situation – even that of a pandemic. Most individuals and even many organizations (especially SMEs) are not adequately prepared to protect themselves from phishing attacks. Therefore, it is essential to use the best phishing protection apart from learning how to stop phishing emails from becoming a threat to you and your organization.