In the News:
Cybercriminals have had a field day with all the new opportunities provided to them from the COVID-19 pandemic. One of the prime opportunities for cybercriminals to target people is the different work environments most of us face during this unusual time. As a huge portion of the workforce has transitioned to remote work, potentially for the first time, tools such as videoconferencing, SharePoint or other document sharing sites, and chat applications have become an everyday need.
Cybercriminals are aware of the shift to dependence on these communication tools and have not failed to take advantage of the situation. From the annoying (zoom bombing) to the malicious (ransomware) and everywhere in between, Cybercriminals have not stopped targeting people using technology.
One of the most recent ways these cybercriminals have been targeting people is through phishing emails relating to videoconferencing applications. The attacker will send an email that looks legitimate from a videoconferencing site (like Zoom or WebEx). Often these emails are in the form of calendar invites with a link to the meeting. When the user clicks on the link they are taken to a fake login page that will ask for their credentials, which the attacker can then use to access the user’s account. (For more on this, read the Infosecurity May 11th article and the ZDNet April 2nd article)
Another common phishing attack taking advantage of COVID-19 sends emails claiming to be from the CDC or other government or medical authority and includes malicious attachments claiming to contain “infection-prevention measures” that, when opened, infect a user’s machine. Other emails sent to users claimed that the recipient had come into contact with someone infected by COVID-19 and instructed the user to download and print a spreadsheet to bring with them to a testing site. When the recipients enabled the content of the spreadsheet, they unwittingly infected their computers with malware. David Bisson goes into further detail on these and several other COVID-19 scams in his April 6th article for Tripwire and the CDC put out a page dedicated to COVID-19 scams.
Our Take:
Cybercriminals will always find a way to take advantage of the current environment, using people’s vulnerabilities to take advantage of them. During COVID-19, they are banking on people’s busyness while working from home and lack of experience with videoconferencing tools in order to trick them into clicking links and typing in credentials for meetings that the user hasn’t taken the time to verify.
Cybercriminals play on people’s fear by sending them emails claiming to come from some medical authority, working to scare recipients into actions they may not take in a less stressful environment. Phishing emails will continue to target people based on current events and have become, in some cases, more sophisticated and difficult to detect.
Recommendations:
- Don’t click on any links that haven’t been double-checked, especially shortened links that don’t allow you to see the entire hyperlink.
- Only accept meeting invites that you were expecting or that you have verified to be legitimate.
- Rather than trusting a “COVID-19” email, go to the CDC’s website for the latest news and guidance.
- Do not download any attachments from untrusted senders and avoid enabling content of unknown attachments.
- Take your time. We make mistakes when we rush, so if an email seems to be pressuring you to click a link or download an attachment, take a moment to think about whether the email seems legitimate based on what you now know about phishing.
For more information on recognizing phishing attempts, check out:
https://www.it.northwestern.edu/security/phishing/index.html