Phishing Attacks on the Rise

According to Keepnet, 85% of all U.S. organizations have experienced an attempted or successful phishing attack. If dealing with a phishing attack on regular days is nerve-wracking, how much worse can it be in the middle of a crisis?

Bad cyber actors tend to weaponize global events, and the COVID-19 pandemic is no exception. There’s a widespread surge in cybercrimes, with cyber attackers creating more than 1.5 million phishing sites every month. In this read, we look at how phishing attacks have evolved over the years, common COVID-19 phishing tricks, and how you can keep your Chicago business safe.

Outsource IT Solutions Group has been providing top-tier IT services to Chicago businesses since 1998. We have well-trained and certified technicians with years of professional experience in IT support.

How Have Phishing Attacks Evolved in the Wake of Recent Events?

Initially, phishers only targeted individuals with PCs or telephone devices and demanded a few bucks as ransom. Even when they started targeting corporate networks, they’d launch attacks on several organizations and spread the ransom fees across many firms.

Things got worse when the cyber actors began concentrating on attacking individual businesses. This means that they have more time to learn your systems and communication patterns to gain a firmer grip on your network before launching an attack. The attackers no longer just threaten to destroy your files. They know how much you wouldn’t want your sensitive data to be exposed to the public; hence promise to do just that if you don’t pay up.

However, the present-day phishing attacker doesn’t only seek to manipulate you into giving them a few bucks; they will first try to get the money by themselves. Let’s look at a few common examples to put things into a better perspective.

What Are the Common COVID-19 Phishing Tricks?

1. Fake Online Meeting Invites: Levitas Capital, a successful Sydney-based hedge fund, is the latest big company forced to close down after a ransomware attack. According to the AFR, the attack was launched through a fake Zoom meeting invite that was opened by one of the firm’s co-founders. The cyber actors then mined credentials that enabled them to install malicious software programs to access the fund’s email system and send fake invoices. By the time the company realized that something was amiss, the attackers had already sent invoices worth $8.7 million, transferred $1.2 million, and withdrawn over $800,000. As with any data breach, the ransomware attack gravely tainted the fund’s reputation and cost them their biggest client, Australian Catholic Super.
2. Fake Return To Work Internal Memos: As the government is gradually lifting COVID-19 restrictions, most organizations have begun recalling their workers to the office. It turns out it is not only HR departments that are eager to send ‘back-to-work’ memos; the bad guys are too. And this tactic is working pretty well, especially given that most firms have been relying on emails to communicate remote work policy changes.

Closely tied to fake internal memos are ‘booby-trapped’ HR compliance forms. Most of these come with customized HTML attachments, complete with the worker’s full names. The attacker may even include phrases like “do not give your passwords to unknown people” to further win the employee’s trust. On clicking the attachment, users are redirected to a Sharepoint document with the purported policy changes and an acknowledgment link below. When the worker opens the link, they’re taken to a landing page where they will key in their emails and passwords. And just like that, the cyber attackers get to spoof the credentials they need to launch a phishing attack.

What Can You Do to Protect Your Chicago Business Against Phishing Attacks?

As you must have noticed, phishing attacks heavily rely on malicious emails.

• Therefore, the first step is investing in effective email spam filtering solutions that appraise users if emails are from unknown sources.
• Also, implement DNS filters to bar your devices from accessing threat sites.
• Finally, conduct regular cybersecurity awareness training and simulated phishing attacks. If your users can identify and avoid opening malicious links, your network is as good as safe.

Moving into 2021 and beyond, we can only expect that phishing attacks will aggravate. Our advice — you should enhance cybersecurity efforts around keeping off malicious emails from your inbox.

Outsource IT Solutions Group is here to help you whenever you feel lost or need an extra hand. You can always give us a call at (855) 651-1418.