momius - stock.adobe.com

Security resellers urged to help users counter Covid-19 phishing scams

Security specialists have been alerted to a significant rise in scams that aim to trick users into sharing passwords and financial information

Security resellers face a busy time as more customers get caught up in the emerging scams exploiting coronavirus.

Users are already facing a challenge trying to secure their businesses as staff work from home, and now cyber criminals are adding to the problems.

Research from Barracuda Networks has revealed that since the start of March, email phishing attacks have risen by 667%.

Criminals have been using Covid-19 to grab users’ attention and the sophistication of the attacks has increased in recent days.

Barracuda has identified three main types of attack using coronavirus themes – scamming, brand impersonation and business email compromise.

The largest problem is scams, accounting for 54% of the attacks, followed by brand 34%, 11% blackmail and 1% email compromise.

The scams include emails claiming they are offering masks and virus cures, as well as others appearing to be from a charity asking for donations.

“Our research shows that cyber criminals are exploiting the Covid-19 crisis by launching thousands of sophisticated email phishing attacks designed to trick unsuspecting workers into handing over passwords, log-in details and financial data," said Chris Ross, SVP, Barracuda Networks. “Many of these attacks are disguised as legitimate correspondence from organisations such as the World Health Organization (WHO) and the National Health Service (NHS), offering help and advice, selling face mask protection and charitable payments to help victims.

“It is absolutely vital that all employees are trained and supported to spot these scams, particularly at a time when they will be less vigilant and distracted due to working from home. All it takes is one mistake for the hackers to gain access to the company systems, allowing them to trigger a massive data breach and cause chaos.”

The idea that some of the attacks have exploited bodies such as the WHO demonstrates to some in the industry the depths to which the criminals are prepared to sink.

“Cyber criminals act outside the boundaries of morality, and will not stop to exploit weaknesses in IT systems,” said Terry Greer-King, vice-president EMEA at SonicWall. “The cyber landscape, with its non-existent borders and limitless boundaries, demands that organisations take a more complete approach to protecting their systems. Real-time defence mechanisms are a crucial component, but the first line of defence is always the workforce.”

ProPrivacy is one of a number of firms that have reacted to the current problems, launching an online tool to help identify malicious websites.

“In these unprecedented times, people are understandably concerned,” said Pete Zaborszky, founder of ProPrivacy. “They are frightened and they are desperately searching for more information that might be able to help them better protect their families and their communities.

“Unfortunately, hackers and other malicious actors are exploiting these raw emotions and taking advantage of the knowledge vacuum that is occurring in so many countries around the world.”

Security awareness training firm KnowBe4 has also shared research that underlines the work resellers need to do, with 38% of untrained users failing a phishing test.

Stu Sjouwerman, CEO at KnowBe4, said the industry has an ongoing need to educate users about the risks they are facing. “As security professionals, we have a call to action to educate our end-users so they are the most prepared and have the knowledge they need to remain vigilant against evolving cyber threats,” he said.

Next Steps

3 key phishing prevention strategies for MSPs

Read more on Threat Management Solutions and Services