COVID-19 is certainly grabbing the majority share of the headlines today. And why not? Afterall, it is a worldwide pandemic.
If you’ve been paying attention, you’ll also notice COVID-19 is responsible for a majority of the phishing email headlines. And why not? Afterall, hackers tend to “follow the news,” so it’s not surprising the dramatic increase in coronavirus-themed phishing emails.
In fact, you could get the idea that coronavirus-themed phishing emails are the only phishing email attacks happening today, or at least the majority of them. Nothing could be further from the truth.
Despite Microsoft claiming to see 60,000 phishing emails each day that carry COVID-19 related malicious attachments or malicious URLs, such emails represent only a small fraction of the total number of daily phishing emails. According to Microsoft, “given the millions of malicious emails observed on a daily basis to target hundreds of thousands of users, that [COVID-19] number amounts to less than two percent of the total volume of threats.”
FireEye agrees. According to the company, “COVID-19 content is still only used in two percent of malicious emails.“
According to Microsoft, the overall volume of phishing emails is remaining relatively constant. What’s changing is the number leveraging the fear over COVID-19. How are they capitalizing on the fear? “Attackers are impersonating established entities like the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC), and the Department of Health to get into inboxes.”
Interestingly, the technology behind these coronavirus-themed phishing emails hasn’t changed at all. According to Microsoft, “COVID-19-themed threats are, in fact, retreads of existing attacks, altered to fit the current trend. Basically, the attackers only changed the lures, but did not increase the number of attacks. Trickbot and Emotet operators are highly active, rebranding their lures to take advantage of the coronavirus outbreak.” Same gift, new wrapper.
The good news, if there is any, is that the same technology that can protect you from the “old” phishing emails can also protect you from the new coronavirus-themed phishing emails. Technology like that available from Phish Protection.
Phish Protection works to protect you and your employees because it doesn’t care about the lure. So, whether the email is based on COVID-19 or something else doesn’t matter, because Phish Protection technology ignores all that and looks “under the hood” of the email. It investigates attachments and links, and if they’re malicious, it blocks the email from ever reaching your inbox, no matter what the message in the email is.
Phish Protection works with all major email providers, takes 10 minutes to set up and only costs pennies per employee per month. Protect your employees from COVID-19 emails while they protect themselves from the real thing.