by ID Agent

 A full suite of dynamic cybersecurity tools offers protection from cyberattacks, but human error can undermine even the best-laid cybersecurity plans – especially in the case of phishing attacks. With people hungry for news and information about the Coronavirus (COVID-19) pandemic, cybercriminals are ready to take advantage of everyone’s anxiety and seize this opportunity to steal data and compromise systems through phishing attacks that use especially devious Coronavirus-themed tricks.

  • Fake maps are one of the newest ways that bad actors are trying to use to lure in unsuspecting users. According to reporting from cybersecurity researcher Shai Alfasi at Reason Cybersecurity Ltd., fake “Coronavirus Impact” maps are circulating with the goal of infecting the systems of the victims with the AZORult malware.  
  • Bogus “official” messages from the CDC, WHO, government agencies, and other seemingly trustworthy sources have become the new favorite way for cybercriminals to collect personal information. These emails may contain links that invite users to see the “cases in their area” to determine if they’ve been exposed to Coronavirus – but the only thing they’re getting exposed to is malware from clicking that link.  
  • Infectious attachments are a perennial favorite, and bad actors are using them in new and creative ways. Faux-official forms, policy updates, checklists, pamphlets and more that claim to have important Coronavirus information for users are flooding inboxes. But instead of useful information, users are really downloading remote access Trojans and other nasty surprises.  

Check Point reports that since January 2020 there have been over 4,000 Coronavirus-related domains registered globally. A significant number of those domains are only intended for one thing – cyberattacks.

The best way to prevent a data breach from a phishing attack is to stop it before it starts. By using cutting-edge cybersecurity tools like BullPhish ID, staffers can be rapidly trained and tested on how to handle a wide range of phishing attacks, protecting company systems and data from opportunistic cyberattacks.