Unless you’ve been hiding under a rock recently, you will be aware that we are currently experiencing a global health scare with coronavirus (COVID-19).
As well as the potentially worrying spread of the virus, and you and or your workforce catching it, good old cyber criminals have cottoned on to the potential this outbreak could bring them.
Cyber criminals are taking the opportunity to use the outbreak to their advantage. Hackers are using various techniques, including phishing (phishing is a way that criminals get sensitive information like usernames or passwords. It is a method of social engineering) to gain sensitive information, credentials or money. Read more about phishing
A couple of frequently seen examples are people pretending to be the CDC (Centers for Disease Control and Prevention) or WHO (the World Health Organisation). These cyber criminals have been providing malicious links which, when clicked, will ask for your username and password. They may also provide a malicious PDF which could be used to distribute malware (malware is malicious software) which can include computer viruses, worms, spyware etc.
So, how can you ensure you don’t fall foul of these criminals and infect your computer system with its very own virus?
- Checking links before you browse to them - If you are not sure of origin or link destination, use Google (other search engines are available) and search for the sender company’s home page to check the validity of the link.
- Verify the sender’s email address - You can do this by checking for typos in the email addresses (you might have to hover over the sender to see this in full). If the company name is misspelt, it’s likely that it’s not a typo and it’s probably a phishing email. Whilst email addresses can be spoofed, many short-term phishing scams use a generic Gmail or mail.com accounts. Cyber Criminals will also use look-a-like domains for example faceboook.com instead of facebook.com, so keep an eye out for those too.
- Make sure your web filtering services are turned on (especially for newly registered domains)
- Never disclose passwords to anyone
If you believe you have disclosed any sensitive information, please don’t panic. Just reset your passwords where you have used that password. Don’t reuse passwords across multiple sites/accounts.
Please see https://www.who.int/about/communications/cyber-security for more information.
If you are worried about any aspect of your business’s cyber security landscape, or would like a free review, please do get in touch