Common Phishing Attacks During COVID-19

You are currently viewing Common Phishing Attacks During COVID-19

Remote working is the new norm of many businesses. Thousands of employees working from home has increased the cybersecurity risks for the company operations and employees. Cybercriminals are leveraging the pandemic with COVID-19 theme attacks. 

Here is a list of commonly seen cyber attacks. 

1. COVID-19 theme emails – Emails seeking donations where you are asked to enter personal details along with bank account detail. This is a very commonly seen fraud to make money. Attackers have created and continue to create websites similar to the World Health Organisation, NRW Ministry of Economic Affairs, the New York Times, etc. 

2. Free COVID-19 tests– Emails offering free COVID-19 test is a new scam. You receive an email about free testing, asking to fill out an attachment which is a fake document embedded with malicious script. When you open this document or ‘enable content’ of this document is when the execution of malicious script begins.

3. Microsoft 365 attacks– Phishing emails are sent with a missed voicemail message as an attachment. This attachment leads you to a phishing website that mimics the login page of Microsoft 365. 

4. Emails Mimicking IT or HR – Emails with a link and subject line such as ‘Company Update’ and ‘COVID-19 relief’. When you click is the link, it takes you to a fake website and asks you for login credentials. 

As a company and an employee, you can follow a set of guidelines to address these kinds of emails. Repetitively reminding the employees about what to do and what not can help. 

  1. Employees should be advised on double-checking by calling the concerned person when important information has to be shared.
  2. Not using social media for communicating with colleagues but using a trusted communication link is a good practice.
  3. Working only from office computers and not letting kids or others use office computers can help in many ways. 
  4. Using remote call back option when someone calls in for a password reset to make sure information is not shared with a cybercriminal.
  5. Not downloading attachments or not clicking the links which come from an unrecognisable source can reduce the chances of downloading malicious scripts. 

As an employee, you can only do a few things. Companies should take responsibilities for properly setting up a sustainable remote working environment with a security system in place. Encrypted communication, firewall, desktop infrastructure and endpoint detection are important for a secure remote working. Acronis Cyber Security offers a wide range of security applications and software to protect your company data. To learn more about it, visit here or write to us at