These Clever Government Phishing Scams Can Quickly Ensnare Employees
Cybercriminals are constantly evolving their phishing techniques, but that doesn’t mean that they don’t like to turn to their old favorites sometimes and a classic scam is enjoying a new life right now: fake messages from supposed government entities. From unemployment-related sham emails to bogus health department surveys, cybercriminals are taking advantage of high email volumes, employee confusion and economic uncertainty to unleash a blizzard of phishing scams that mimic communications from government entities.
Help your clients stay off of cybercriminal hooks with the expert tips and strategies that we share to combat phishing in our webinar The Phish Files. LISTEN NOW>>
Pandemic Pressures Amped Up Risk
Phishing exploded during the pandemic and it hasn’t slowed down. More than 70% of organizations around the world experienced a phishing attack in 2020. That’s an overall increase of 42% over 2019. Some categories like ransomware experienced triple-digit growth. The advent of the pandemic marked an unprecedented increase in phishing risk in Q2 2020, with phishing threats exploding by an estimated 660% according to Google, which also reported uncovering 18 million daily malware and phishing emails in 2020.
That epic flood of emails was launched with a wave of messages that claimed to contain important information about the virus and lockdowns, many carrying ransomware. One infamous scam involved spoofing emails from the World Health Organization. Cybercriminals were using pandemic stress and uncertainty to persuade the targets to download a map of COVID-19 transmission in their area. A similar scam used the popularity of John’s Hopkins University’s live Coronavirus COVID-19 Global Cases map to lure in victims with purported updates – but those updates were actually ransomware. The chaotic rollout of federal COVID-19 relief checks in the US also created a rich hunting ground for bad actors.
Third party and supply chain risk are a menace to every business. Learn how to detect and mitigate it fast. GET THIS BOOK >>
New Variants on Old Tricks Snare Employees
Tax scams abounded this year too. The US IRS (Internal Revenue Service) released an official warning in early to alert tax professionals about spoofing emails supposedly sent from “IRS Tax E-Filing” with the subject line “Verifying your EFIN before e-filing.” The U.S. Financial Industry Regulatory Authority (FINRA) was also forced to issue a regulatory notice in March 2021 warning brokers of an ongoing phishing campaign. Attackers using carefully faked messages based on FINRA templates with bogus but believable URLs were sending out fake compliance audit notices, spurring companies to react – and get their credentials stolen.
Fake unemployment and benefit scams have been a cybercriminal go-to throughout the pandemic, and they’re not slowing down. With millions of Americans out of work and claiming unemployment benefits, cybercriminals have a rare opportunity to profit from the constant communication between those displaced workers and state workforce agencies. The US Department of Justice released a warning in March 2021 to warn people claiming unemployment that cybercriminals have been busy sending out bogus emails claiming to be from state and federal authorities that direct unsuspecting victims to apply for benefits or update information at phishing sites.
Another government impersonation scam is stealing personally identifiable information (PII) by telling targets that they’ve been chosen to participate in a sham survey about the COVID-19 vaccine by their state or local government. The scammers sweeten the deal by telling the victim that there’s an array of cash and prizes available for survey takers, and they need to fill in some information on a website form to prove their eligibility. Cybercriminals have churned out emails related to COVID-19 that direct people to counterfeit government landing pages throughout the global pandemic. An estimated 4,300 malicious web domains related to COVID-19 relief were registered in March 2020 alone.
Stop phishing from impacting your business by stopping 40% more email from hitting your employees’ inboxes with Graphus. LEARN MORE>>
Protect Your Business in Just 2 Moves
How does this flurry of faux government communication threaten your business? Employees have been increasingly interchangeably using personal and company devices to conduct business like checking email or reading a report throughout the pandemic. Approximately 70% of employees use a mix of their own personal devices and company-provided devices while working every day. Many companies adopted permissive bring-your-own-device policies with little oversight in the scramble to get everyone back to work as pandemic lockdowns shut down their offices – and that translates into employees opening personal email on devices connected to company systems, increasing risk.
BullPhish ID is the perfect fix for increased phishing risk. Through memorable phishing simulations, employees will become more aware of potential phishing scams landing in their inboxes. Trainers can choose from a library of video lessons and ready-to-use premade phishing simulation kits. Or they can craft customized content to reflect unique industry threats including URLs and attachments with online quizzes that measure retention.
Passly prevents stolen passwords from packing a lethal punch. Dynamic secure identity and access management tools like multifactor authentication and single sign-on blunt the impact of a phished password when cybercriminals try to use it to sneak into business systems and snatch important data.
The ID Agent digital risk protection platform has the strong solutions that every business needs to protect their systems and data from phishing. Contact our solutions experts today for your personalized demonstration.
Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!
Is your password compromised? Find out in seconds!
Book your demo of Dark Web ID, BullPhish ID and Passly now!