There has been a rise in cybercrime threats taking advantage of the current COVID-19 pandemic. Malicious actors have used healthcare-themed masking techniques for delivery of phishing and malware campaigns, including impersonation of public health officials and spoofed health advisory notifications to increase likelihood of victim engagement.
An organization should:
- Continue (or implement) regular training to help users identify phishing attempts, simulation of spoofed communications that they may receive from malicious actors during the pandemic
- Implement of tools that block suspected phishing emails or that allow users to report and quarantine them
- Make users aware of social engineering tactics aimed at revealing sensitive information not only via email but also by phone calls (“Vishing”) or social media (“Smishing”)
- Monitor, identify and suspend the access of users exhibiting unusual activity