The COVID-19 crisis came with cyber challenges as it has already been said that cyber threats and attacks are on the rise. The UK Club informs that email scammers follow specific steps prior to their attack.
The UK Club notes that remote working, that resulted from the social distancing restrictions, came with cyber challenges.
A survey that was conducted last year revealed that about four million cases of fraud were reported in England and Wales. These types of fraud are often orchestrated by organised crime groups who operate much like successful businesses. Their activities are planned, coordinated and collaborative, they have special functions and their structures are multi-layered, internationally extended and highly adaptive. As such, their very existence depends on successful avoidance by law-enforcement and they employ a range of techniques to do this such as untraceable proxy servers, false identities and spoofed email addresses.
The attackers aim to acquire credential information through phishing methods, which often begin by random spamming – millions of emails sent to millions of recipients around the world. These messages do not usually contain any malware or threat, the aim is to see if yours is a live email account and if you are likely to respond with a click. Once you have been identified, your email is shared amongst hackers and fraudsters on the net.
The next step is the cyber fraudster sending a message to your email address containing malicious code hidden in a link or word document, which is designed to spider their way onto your machine to steal information.
It is highlighted that some scammers may do some research around your email address, using work websites and social media to see what they can discover. You may then receive a spear-phishing email is an email designed especially for you.
Research for the first part of 2020 reveals that the threat level from online fraudulent remains broadly the same as it was in the pre COVID19 era.
Yet, statistics show that since the beginning of the lockdown, about 80% of every threat is COVID-19 related. This means that almost every cyber threat actor has switched to using COVID-19 lures.
Some of the scams include:
- Fake bills re COVID
- WHO directives
- Charter flights for PPE
- Fake bank statements
- Hospital visit information
- Facemask / thermometer offers
- Covid19 spread maps
Moreover, frauds are proving successful with a reported 200% rise in success, meaning that twice as many people click on fake COVID emails. Most (90-95%) of these threats are via a phishing email.
In the meantime, email account compromise – fraudsters pretending to be or authenticating as an individual in an organisation to gain access to their office 356 account etc. This is partly driven by credential phishing emails and partly by ‘brute force’ password attacks and reports indicate that the increase may be the result of so many people working from home and not sitting behind the usual layers of security found in the normal workplace.
The attackers use multi-stage threats, in the first place in the form of an email to start a conversation followed by further messages with attachments, and perhaps a direction to a log in page. Embedded within each message are malware codes, which are then incrementally downloaded to form a complete virus payload.
The Club highlights that business email compromise, also known as ‘mandate or payment fraud’, is a favourite method of the online thief. This is a specific type of cyber-enabled fraud that targets businesses intending to get them to transfer money to a bank account operated by the criminal. Remember that amendments to a name, for example changing the word ‘Maritime’ to ‘Maritine’ is all that’s needed. If in doubt, hover your cursor over the email address and see if the email resolves to a completely different email address.
As the lockdown continues in some countries and slowly begins to ease in others, we are expecting to see new phishing email lures used along the lines of:
- Company policy on lockdown easing
- Coming back to the office/workplace regulations
- Travelling for work notifications
- PPE / facemask related
- Furlough Payments ending
- Bankruptcy relief
- Travel repayment claims
- Delayed payment notifications