As people across the country and world try to figure out how to protect themselves against the spread of coronavirus, hackers are working hard to spread their own viruses. Indeed, various cybersecurity firms have reported that the amount of malicious emails containing the word “coronavirus” has significantly increased since the end of January.
Many of these phishing schemes involve emails that purport to be from a reputable health-related organization, such as the World Health Organization (WHO) or the Center for Disease Control (CDC), providing safety information through an attachment or link. Although the emails may look legitimate, in reality, they are simply means to steal personal information:
In another common scheme, hackers spoof emails from business partners or employers, requesting payment of invoices for coronavirus-related purchases (e.g., facemasks or hand sanitizer) or personal information related to remote work programs.
While many businesses have taken significant efforts to help employees identify phishing scams—such as tags to identify external emails—they should consider reminding employees of the increased potential for phishing emails in the wake of coronavirus. Companies that have not yet implemented technical controls to thwart phishing emails at the firewall or to alert employees about suspicious emails may want to consider doing so now.