18 May 2020
By Justin Gibbs – firstname.lastname@example.org
Email continues to be one of the easiest ways for hackers to gain access to your business. One source reports that 90 percent of cyberattacks originate via email. And all it takes is one incident or bad email to bring your operations to a halt and put your business at risk.
One of the most common ways for cyber criminals to steal sensitive data via email is through phishing scams. Phishing is an illegal attempt by cyber criminals to manipulate users into giving up private or sensitive data by posing as trustworthy people or organisations. These emails often look just like those from well-known companies and can easily lure unsuspecting users into providing personal or financial information on fake websites.
Though phishing scams have long been a favourite tactic among cyber criminals, nefarious actors are now leveraging the COVID-19 pandemic to launch an array of new phishing attacks. According to a recent report, phishing emails have spiked 600 percent since the end of February, as cyber criminals look to capitalise on pandemic-related fear and uncertainty. At the same time, cyber criminals also have begun to exploit the rapid transition to remote work and the growing usage of collaboration tools.
Just recently, a new phishing campaign was uncovered that takes advantage of the popularity of Zoom to capture account credentials of unsuspecting users. Impersonating a real Zoom notification, the email alerts recipients that they’ve missed a scheduled meeting and invites them to click on a link to access more details and a recording of the meeting. Clicking on the link takes users to a malicious landing page where they’re lured into revealing their Microsoft account credentials to access the Zoom meeting information. If users do indeed sign in, their Microsoft account credentials are stolen by the attacker, giving them access to a bevy of sensitive information.
As more organisations and people embrace remote work, the question becomes: how can employees protect themselves from phishing emails? Here, we share our Smarter Awareness tips on how to spot a scam email.