Coronavirus COVID-19 has caused tremendous problems worldwide. The whole world is paying its attention on COVID-19 on how the virus is progressing from one country to another, from one person to another hoping and fighting for it to fade away.
COVID-19 and the changes in our daily routines has caught also the attention of fraudulent, malicious, and criminal actors. So far, we have already seen COVID-19 related emails containing viruses, ambiguous email requesting charitable donations, and phishing emails related to COVID-19. In Finland perpetrators managed to cheat an elderly person who lost they bank card and pin-code to the criminals. The perpetrators were disguised as maintenance workers installing new air filters capable to stop coronavirus.
Even though most of the crimes done offline or online are opportunistic by nature, the changed situation is creating new opportunities especially for criminals committing online crime.
Existing security solutions are capable to stop most of the email containing malicious attachments, phishing emails, and other types of fraudulent messages but not all. The rest of the emails and messages will be found on recipient’s Inboxes. Now it is all about recipient capability to notice which emails are valid and which are at once to be reported to IT Security department before deleting the message permanently from the Inbox.
What to do? Few Easy to Follow Ideas
Personally, I urge every company to contact all their employees and share this message. Yes, you may freely distribute this blog text within your organization or use it as bases of your own awareness message.
- Keep your employees informed on evolving threats and prevension strategies
- Also, for those people monitoring the IT security I would recommend to pay special attention on users email flow and not relying just on alerts coming from security solutions.
- Are you seeing abnormal amount of email coming in?
- Are you receiving more reports from employees than normal on fraudulent emails?
- Has number of alerts raised from what can considered to be normal level?
Now that more than ever people are working from home, you need to pay attention on where your people are logging into your services, especially if you don’t have Conditional Access and Multi-Functional Authentication in use for employees. If you need further help, we are here for you, stay safe!
Marko Mikkola
Senior Consultant, ICT & Cyber Security. Marko has been working in the field of IT in several national and international companies over 20 years in several roles. Currently he is also a researcher at Tampere University, Social Sciences, writing his doctoral dissertation on cybercrime and cybercrime victimization from social psychological viewpoint.
Marko Mikkola
Consulting & Training
Marko on tehnyt työtä asiakkaiden kyberturvan ja tietosuojan parissa parin vuosikymmenen verran. Markon vahvuuksiin kuuluu teknisen osaamisen lisäksi ymmärrys siitä, miten yritysten ihmisille tulee viestiä kyberturvasta ja tietosuojasta malleilla, joilla pyritään rakentamaan yrityksille ihmiskeskeinen kyberturvakulttuuri.