It's a recurring theme. During the holiday season, people receive more phishing emails linked to online purchases and during tax season, there suddenly seems to be a proliferation of tax auditors. However, major (inter)national events cause an even larger influx of phishing emails and online scams. Unfortunately, the Brexit or the new corona virus are very profitable for (cyber) criminals.
It therefore did not take long before the first phishing emails and online scams linked to the new corona virus (actually the COVID-19 disease or the SARS-CoV-2 virus) surfaced. For example, emails are sent with links to websites that supposedly contain information about the corona measures or online resources are sold that would supposedly protect you from disease.
Phishers know all too well that during uncertain times people become desperate for information and reassurance. By playing on this, they try to convince their victims to click on links and/or open attachments. In this way, they try to obtain login details (e.g. your e-mail account), spread malware (computer viruses), or obtain personal data (name, address, telephone number, national register number, bank account number, ...) from their victims.
For example, Red Cross Flanders already warned about phishing via SMS messages (smishing).
How can you recognize phishing emails?
- Be careful when reading an email.
Do you recognize the sender? Does the context match? What is the purpose of the email?
- Don't click on links right away.
Find out where the link actually goes by hovering your mouse pointer over the link.
- Pay attention with attachments.
In general, it is not necessary to allow macros or other scripts to view a document.
- Trust your instincts.
Has the mail been set up to elicit a strong emotional response? If so, take a break and review the e-mail from a distance.
Phishing mails are, of course, designed to deceive and lure people into a trap. It's no disgrace to fall prey to a well-designed phishing email. At such a moment, however, it is important to immediately take the necessary actions together with your IT manager/supplier.
Would you like more advice?
Would you like to organise an awareness campaign within your organisation or would you like to test the internal processes and the reaction of your employees by means of a phishing simulation? Then contact one of our specialists via firstname.lastname@example.org.
By Stijn Crevits, March 13, 2020