Misinformation is one of the most essential tools of a hacker, and capitalizing on mass fear or hysteria is a typical form of attack. This is because using current, headline-grabbing events can camouflage their attacks as more credible – which is why with the COVID-19 outbreak, these attacks are becoming more and more common.
This article will help you to understand how your online business can fight malware and phishing scams, and show you the techniques bad agents are using to take advantage of the COVID-19 situation to deceive and infect vulnerable targets.
How to avoid a phishing and malware attack
If an email sounds too good to be true, it probably is. It’s also a good sign that it might be a phishing email. This is when a hacker sends you an email that while appearing innocent or even helpful, is actually malicious in intent.
Good protocols you can use to detect phishing emails include always checking whether the email is unusually enticing, has an extremely short window of opportunity, or is sent from someone you’ve never interacted with before.
If an email is sent from “The US Government” and contains a “COVID-19 vaccine application form” with only “limited vaccines left”… It’s probably untrue and malicious. This goes for any COVID-19 related email. Always slow down and consider just how likely the legitimacy of this message is. Genuine sources of government or health information probably wouldn’t send out random emails to people they’ve never contacted before.
The reason you want to do this is that these messages almost always contain an attachment that is infected with malware. Once you download it, your computer (or business network) can become infected and compromised. And while you might be tempted into thinking big companies will be the sole target (and indeed, they often are), it’s important to remember that small businesses are increasingly being targeted due to their weak security.
In the case of COVID-19, phishing emails prey upon your fears about the virus, and typically offer a way to set your anxieties at ease. According to small business payments provider Freshbooks, 54% of their SMB customers have cut demand for their services as a result of the pandemic, lowering their guard against email scams as they desperately look for any kind of relief they can get. Phishing emails will always be sent from someone impersonating an authority so you will be more inclined to trust them, and they will often try to suggest that there is only a limited amount of time before the “offer” expires.
Types of malware to watch out for
With over 4.5 billion internet users worldwide, there are more and more people finding themselves the targets of malicious attacks. In the current climate, many of these people are going to find themselves victim to common forms of attack. Amongst these are ransomware and trojans, which are used extensively by hackers looking to take advantage of the COVID-19 panic.
Trojans are downloaded malware that tend to operate like a legitimate application or file. However, in the background, the Trojan will be performing malicious operations – such as slowing doing systems or stealing information. In other words, it’s an aptly named Trojan horse. One example of this that has been used in COVID-19 phishing scams is the AzorUlt Trojan.
Ransomware is a much more obvious but malicious form of malware, as well as one of the most malicious forms of cyberattack around. Once downloaded, ransomware shuts down your entire network (company or individual) and holds your functionality to ransom. If you don’t pay, your network is locked down for good.
Key prevention steps:
Here are a few simple prevention steps that anyone can take to avoid phishing scams. Almost all of them fall under the rule that you should never assume an email’s authenticity.
1) Always check the sender’s email address.
This is one of the simplest but most foolproof ways to check who the sender is who they claim to be. If a sender is claiming to be the government, double-check it with other government emails you’ve received, or google to check what actual government email addresses look like. Phishing emails will often be very similar but have extra words or full stops. Once you’ve identified the email is not from the government, don’t open it and delete it immediately.
2) If there are links, don’t click them. Hover over them instead.
Links in phishing emails will lead you to fake web pages, or worse, to pages that can infect your computer when interacted with. These pages will be disguised as in-text links pretending to send you to an official website. One of the best techniques for avoiding these malicious links is to hover your mouse over them rather than click. When you do, your browser or email client should show you where the link leads. If it isn’t where it is supposed to be sending you, do not click.
3) When in doubt, do not download files.
If you are unsure about any email that you’ve received – whether that’s because of a false link or an email address that looks illegitimate – do not download any files that are attached. While they are not necessarily infected with malware, it is always better to be on the safe side.
After all, a data breach would be far more damaging than not downloading an email attachment. It is also worth mentioning that in any scenario where you’re unsure, take the time to get a second opinion, even if it’s just from a coworker.
4) Always backup your data
In the event that your computer or business network is infected by malware, you need to ensure you have complete backups available on the cloud so that you can get back to full functionality as soon as possible. If you don’t have this in place, you can suffer operational slowdown or complete hardware failure and be unable to get your systems back in place.
5) Invest in effective cybersecurity training and software
Lastly, you want to make sure that your organizational cybersecurity knowledge and software is up to date and effective. Effective training will avoid human error as much as possible, which is frequently a hacker’s point of entry, and strong cybersecurity software will detect malware files and quarantine them before they can cause extensive damage.
Bad agents are using COVID-19 to panic to undertake phishing campaigns and spread malware. If you receive emails that are supposedly from official sources but have suspect emails or attachments, you can keep your data secure from attack by following the tips listed above.