by Anusha Parisutham, Product Manager
What laid the foundation for the first big phishing campaign of 2020? So far this year, people around the world have been glued to their computers and mobile devices for updates on coronavirus infection and fatality statistics. A quick Google Trends search for the term coronavirus tells the story. Each time a major incident or update is reported, the term’s search volume spikes.
Given this heightened level of interest, fear, and cyber activity, it’s unsurprising that cyber attackers and email scammers have found an opportunity to strike gold by hatching creative and large credential phishing schemes. In January, SilverSky’s threat intel report warned customers of potential coronavirus-themed email attacks. The report also provided assurance that SilverSky’s Email Protection Suite is well-positioned to thwart such attacks.
Exploiting the fear and confusion around the coronavirus outbreak, attackers have unleashed phishing campaigns posing as authorities from the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO) offering information about infection prevention and attempting to lure recipients into providing login credentials and personal information.
The email itself is simple and appears to come from CDC or WHO look-alike domains whose differences from the legitimate sites are undetectable to the human eye. The phishing campaigns have ranged from credential phishing links to emails with links asking for donations to help virus victims, to malware URLs. The alarming success of these campaigns led the WHO to release a cybersecurity advisory urging people to be cautious and authenticate emails that appear to come from the WHO.
With the coronavirus phishing scams becoming the first big phishing campaign of 2020, it’s important for organizations to evaluate their email security solutions because email continues to be the leading threat vector. Although training employees and creating more awareness definitely help, these efforts are not failsafe. A more automated, multilayered technical solution will be required to analyze and detect such email attacks. The solution should be sophisticated enough to profile and predict attacks to proactively stop suspicious emails from reaching your employees.
Are you concerned about phishing attacks? Do you see such emails being sent to your employees? Contact SilverSky to learn about our Email Protection Solutions.