6 Best Practices for Protecting Yourself from Coronavirus (and Other) Phishing Scams
Phishing is a danger all the time, but especially so during time of uncertainty and stress. It’s often when people’s minds are elsewhere that they get caught with their defences down and fall for a phishing scam.
Cybercriminals have wasted no time coming up with ploys taking advantage of the COVID-19 crisis. This makes it vitally important for companies to make their employees aware and stay on their toes when it comes to cybersecurity.
Between January and February 2020, monetary losses from phishing and other scams increased by over 95%.
A single antivirus program is not enough to protect your network. Sydney area businesses need to take a multi-layered approach to IT security.
The best practices for coronavirus scams and other types of phishing scams are the same. This includes employee awareness of exactly what to watch out for as well as reliable software tools.
We’ll go through some examples of the types of scams related to COVID-19 to watch out for first. Then, we’ll go through best practices to protect your network and data.
Coronavirus Phishing Scams to Watch For
New iterations of coronavirus scams are popping up every day. This is coupled with the fact that many organisations are sending their own legitimate pandemic updates. With so many pandemic-related emails coming in, it’s easy to miss the dangerous ones.
Those factors make it vital to stay on high alert and be wary of any unsolicited emails related to the outbreak.
Here are some of the new phishing scams to watch out for. What these all have in common is the use of a URL to send the user to a malicious website that can download malware onto their system or steal login credentials.
- Map Scam: This email claims to be from the World Health Organisation or other government entity and contains a false link to a “map of the outbreaks in your city.”
- Company Policy Scam: Employees receive an email purporting to be from the HR department about a new company coronavirus policy with instructions to read the linked file by a certain deadline.
- Medical Information Scam: This phishing email targets a person’s fears and desire to get updated information. It will promise guidelines on “how to protect yourself,” but links to a malicious site.
- Charitable Donation Scam: These types of scams are prevalent after typhoons and other natural disasters. They’ll purport to be collecting charitable donations and might even mention masks or gloves for medical personnel.
Avoid Becoming a Phishing Victim with These Best Practices
There are several best practices that you and your team can employ to avoid falling victim to a coronavirus (or any other) phishing attack.
1. Check Email Links & Headers
One of the best tactics to reveal a phishing scam is to hover over a link without clicking on it. This will reveal the true URL, which is often very different from the one displayed in the email.
Viewing the header source of the email in your mail application can also reveal a sender’s email which may be completely different from the one used on the “from” line.
2. Visit Websites Directly, Not Through an Email Link
If you receive an email that claims to be from the World Health Organisation and you’re wondering if it’s legitimate, don’t click the link. Instead, visit their website by typing the address in your browser or doing a Google search to find updated outbreak information.
3. Use a DNS Filter (Web Protection)
A DNS filter, also called “web protection,” stops the download of dangerous malware onto a device even if a user clicks a malicious link. The DNS filter checks the URL before directing the user to that website. If it’s found to be malicious, the user is redirected to a warning page instead of the site.
4. Conduct Ongoing Cybersecurity Awareness Training
New phishing threats emerge all the time. If your users only get training once a year, it’s going to be hard for them to keep up.
Conduct training regularly, especially during times like these when their attention may be elsewhere and not on detecting phishing email in their inbox.
5. Use a Next Generation Antivirus/Anti-Ransomware Program
If you’re using a basic signature-based antivirus, that’s not enough to protect you against today’s sophisticated threats. You want to be using a behavior-based antivirus that quarantines threats before they make it to your user inboxes. These types of programs can also prevent zero-day attacks that haven’t been seen before.
6. Use Two-Factor Authentication
Many phishing emails are designed to steal user login credentials. They send recipients to a fake form that requests their Office 365 account details, or another account login.
Enabling two-factor authentication (2FA) on your logins prevents data breaches due to credential compromise. Even if a hacker has an employee password, they can’t get past the 2FA code input requirement.
Get Several Phishing Protections in One Plan
A managed services plan from GKM2 includes web protection, advanced antivirus, patch management, and much more. It’s an easy and affordable option when it comes to protecting your network.
Contact us today to learn more. Call +61 2 9161 7171 or reach out online.