There has been a rise in cybercrime threats taking advantage of the current COVID-19 pandemic.  Malicious actors have used healthcare-themed masking techniques for delivery of phishing and malware campaigns, including impersonation of public health officials and spoofed health advisory notifications to increase likelihood of victim engagement.

An organization should:

  • Continue (or implement) regular training to help users identify phishing attempts, simulation of spoofed communications that they may receive from malicious actors during the pandemic
  • Implement of tools that block suspected phishing emails or that allow users to report and quarantine them
  • Make users aware of social engineering tactics aimed at revealing sensitive information not only via email but also by phone calls (“Vishing”) or social media (“Smishing”)
  • Monitor, identify and suspend the access of users exhibiting unusual activity

Here is a PDF of the above information.