An explosion of extremely believable COVID-19 phishing scams, especially precisely targeted spear phishing, shows how cybercriminals exploit Dark Web information and the online rumor mill for profit.
Months into the global pandemic, cybercriminals are still using COVID-19 messaging to take advantage of the worldwide fear and uncertainty around the disease, what causes it, and relief efforts for those affected by it. Scams have grown more imaginative and more believable as bad actors fashion bait that capitalizes on the rumor mill to create COVID-19 phishing scams that look more genuine than ever.
COVID-19 phishing scams are everywhere
Phishing scams are by far the biggest type of attack threat based on exploitation that businesses face. With phishing up more than 600% since the start of the pandemic, this perennial favorite of cybercriminals has surged in popularity and creativity with disastrous results for unwary organizations. Scam emails from the World Health Organization (WHO) have been a particular problem, and many organizations are instructing users to simply delete any email from WHO, even if it appears safe or is expected, just to avoid potential problems.
Scammers are also milking their opportunity to get people’s payment information for all it’s worth. As the US rolls out pandemic relief and business aid checks, scammers have imitated government and official-looking correspondence to trick people into providing them with bank information. Scammers are also using information about getting charitable help or government relief to steal login credentials.
Dark Web information adds to executive threats
C-suite executives and privileged users have been especially juicy targets for bad actors. Many organizations limit phishing awareness training to the rank-and-file, leaving executives more vulnerable to well-crafted spear phishing attacks. Many companies don’t consider the risk of giving executive users high-level access to systems and data. That privileged access makes them incredibly valuable targets for scammers and creates cascading, nightmarish problems if their logins are compromised.
Every user at every level in every organization needs to be regularly trained and tested on phishing awareness. Phishing attacks can land in any corner of an organization. A drastic increase in phishing attack dangers across the board means that all companies need to drastically increase phishing resistance training to compensate.
BullPhish ID is the ideal solution to mitigate these threats.
We update BullPhish ID with 4 – 6 new testing and training tools every week. That’s on top of the more than 80 phishing training and testing kits and 50 security video campaigns that are already included. We’ve even got 27 of the videos now available in 8 languages, because phishing is a universal menace. ID Agent has also added COVID-19 scam testing and training content, and we’ll keep updating our training and testing tools in BullPhish ID as new threats emerge.
Contact ID Agent for an expert assessment of your digital risk protection needs and we’ll get you started with BullPhish ID. We’re ready to put our expertise to work for you to help you create the strongest possible defense against phishing – a well-trained staff that’s ready to fight back.