The year 2020 has not started with sunshine and rainbows. In fact, this year has possibly been the worst in the past 15 years or so in terms of the diverse set of challenges we've faced as a global society. The ongoing COVID-19 pandemic has not only increased the incidence of life-threatening disease, it has also increased the risk of cyber threats as more of us work remotely. These threats include not only cyber criminal activity such as scams, extortion, and data theft, but also industrial and nation state espionage.
The business world felt the sting of COVID-19 and addressed concerns by encouraging their employees to stay and work from home. This has caused a massive shift in almost every industry. Some restaurants closed, others offered drive-thru service only, major organizations are working from home, and so many other changes were made in a short amount of time. However, some industries, especially technology focused industries, have not been impacted in the same way.
Many industries adapted to a new remote work reality by using more electronic communication tools. Although there has certainly been a surge in the usage of virtual conferencing programs, such as Zoom or RingCentral, the primary communication tool to conduct the daily business or an organization is still largely email. Email is such a familiar and frequent form of organizational communication that we may forget how vulnerable users can be to the sophisticated email campaigns used for cybercrime.
For industries that are not as familiar with computers or using them for work-related tasks, it can be more difficult to adapt. Unfortunately, the individuals and organizations behind the cyber threats we mentioned earlier have quickly adapted to this new norm of having inexperienced users behind their phone and computer screens around the world. Emails are an advantageous way for cyber criminals to send out phishing attacks as they are easy to create and change depending on the firewalls and spam filters between them and their targets.
The email above shows a phishing template that has most likely been created and used for a phishing attack. This one has been adapted to capitalize on the coronavirus pandemic and take advantage of users unfamiliar with these types of attacks. For example, this one would target those qualified to receive the federal stimulus checks distributed to individuals earlier this year.
Gray Leaf offers an Automated Security Awareness Program that trains employees on what to look for in a phishing email and how to avoid becoming a victim in one of these campaigns. We do this by sending out simulated phishing emails with life-like red flags that any user can learn from and utilize in their daily work with email. Check out our Cyber Threat Training page to find out more!