#Inside
November 15, 2024
The ENL and Rogers groups release a cautionary announcement on the possible amalgamation of their holdings
The COVID-19 pandemic has created fertile ground for cyber-attacks, tricking employees into parting with sensitive data and into compromising corporate information systems. This week, Vikas Sharma, ENL’s Chief Information Security Officer, puts the spotlight on phishing.
Cyber-attacks have increased with the rapid worldwide spread of the COVID-19 pandemic. Cyber criminals are targeting employees as soft targets, knowing they are the organisation’s first line of defense. In an on-going endeavour to equip ENL teams with information and best practice to ward off cyber-attacks, this week we are taking a closer look at phishing. The end objective is to protect ourselves by being suspicious of emails from unfamiliar sources.
What is phishing? It is a cyber-attack where criminals disguise malicious emails and websites to trick people in clicking links, opening files or giving sensitive data.
What are the cybercriminals after?
Business email compromise (BEC) scams are designed to trick victims into transferring sensitive data or funds — personal or corporate — to the cybercriminal’s accounts. They also aim to steal credentials so they can infiltrate organisations and compromise information systems, especially corporate payment systems, as well as the quality of services. If successful, the attacks can open the doors to more fraud.
Malicious actors typically pose as a trusted organisation (banks, merchants) or individual (co-worker, manager, IT administrator) to target employees.
Beware of the following cyber-attack techniques:
Social engineering scams proliferate in the wake of natural disasters, terror attacks and request for payment transfer. Here are some COVID-19-related tactics that have emerged.
Threat actors are sending phishing and BEC emails disguised as government announcements. Fraudulent emails have included logos and other imagery associated with the World Health Organization (WHO) or Ministry of Health (MoH). Emails include links to items of interest, such as "updated cases of the coronavirus near you." Landing pages for these false links may look legitimate, but the sites are often malicious and may be designed to steal email credentials.
We have seen a rise in malicious emails directing recipients to educational and health-related websites riddled with malware or deceiving the identity of corporate employee to perform business related activity. Such e.g. may read:
Such email entices users to click and run malware in the background or to steal the personal and financial information of the victim.
Another phishing campaign involves emails designed to mimic the genuine website, soliciting donations to fight the spread of the virus. The emails appeal to recipients’ altruism, urging victims to donate into a Bitcoin wallet or to make other types of payments. Other malicious actors may create fraudulent charities.
Helping our employees fight cyber attacks
Threat-aware employees are the first line of defense against cyber intrusions. As has been proven time and time again, it only takes one. One click, one missing endpoint agent, one failed alert, one unsuspecting employee, and the adversary can proclaim victory over your network.
Assure your employees that heightened awareness can be a powerful antidote. To protect from phishing attacks, all ENL employees MUST take these precautions:
