Phishing Awareness While Working Remotely
As businesses scramble to overcome the obstacles caused by the SARS-CoV-2 virus and the incidence of COVID-19 (COVID-19), cybercriminals also are ramping up efforts to take advantage of fear and uncertainty. Within a week of the pandemic, BKD clients reported phishing emails targeting their organizations. Various BKD employees were sent examples of some of these emails, and one included a trojan attachment masquerading as a map of areas most affected during the pandemic. Another email was an attempt to steal passwords by asking the recipient to participate in a COVID-19 wellness survey. With many employees working from home during this time, it is imperative people remain cautious of the emails they open.
Employees often are the first and last line of defense in the security chain. Email spam filters and web content filters cannot be trusted implicitly because they eventually will miss something. Depending on your organization’s setup, the web content filters may not be in effect on devices in use while they are not on your organization’s network. If that is the case, you are at a higher risk for cyber activity and must remain cautious so as not to click a link that infects your computer with ransomware or visit a website asking you to divulge your password.
Working from home presents another dynamic in the fight against ransomware. While malware is not new, and neither is the threat of being infected by malware while on your home network, the risk of infection may become greater with more people being forced to work remotely during the global health crisis. Not all malware propagates using networked drives; some malware has the potential to spread to employee laptops on home networks as the malware searches for other devices. Therefore, it is essential to educate anyone with access to the internet via their home Wi-Fi against the dangers of opening emails, clicking URLs and downloading attachments from people whom they are not familiar with.
Social engineering attacks typically rely on either gaining a person’s sympathy so they are more willing to help or instilling the person with just enough fear that they act. With the public in an increasingly heightened state of fear, it seems likely that email phishing attacks will not just continue but worsen over time. Here are three tips to consider for employees working remotely:
- Do not open emails from people you do not know.
- Do not download or open attachments without verifying the legitimacy of the sender.
- Do not click links without first inspecting the URL after verifying the legitimacy of the sender.
Reach out to your BKD Trusted Advisor™ or submit the Contact Us form below if you have questions.