The Coronavirus pandemic has unleashed a wave of cyber attacks – here’s how to protect yourself

While most of the world is trying to deal with the COVID-19 pandemic, it seems hackers are not on lockdown. Cyber criminals are trying to leverage the emergency by sending out “phishing” attacks that lure internet users to click on malicious links or files.

This can allow the hackers to steal sensitive data or even take control of a user’s device and use it to direct further attacks.

To further enhance our cyber defences, we want to highlight this all too common cyber-attack – phishing.

"Phishing" is the most common type of cyber-attack targeted at organisations like ours. Phishing attacks can take many forms, but they all share a common goal – getting you to share sensitive information such as login credentials, credit card information, or bank account details. Although we maintain controls to help protect our networks and computers from cyber threats, we rely on you to be our first line of defence.

During these difficult times, the prevalence of these type of attacks has soared around 350% in the last 10 days. As such I wanted to highlight the risk and to provide some support as to how to identify and handle the type of phishing attacks.

HOW TO IDENTIFY PHISHING ATTACKS

Below are outlined a few different types of phishing attacks to watch out for:

  • Phishing: In this type of attack, hackers impersonate a real company to obtain your login credentials. You may receive an e-mail asking you to verify your account details with a link that takes you to an imposter login screen that delivers your information directly to the attackers.
  • Spear Phishing: Spear phishing is a more sophisticated phishing attack that includes customized information that makes the attacker seem like a legitimate source. They may use your name and phone number and refer to [COMPANY NAME] in the e-mail to trick you into thinking they have a connection to you, making you more likely to click a link or attachment that they provide.
  • Shared Document Phishing: You may receive an e-mail that appears to come from file-sharing site like SharePoint alerting you that a document has been shared with you. The link provided in these e-mails will take you to a fake login page that mimics the real login page and will steal your account credentials.

HOW TO DEFEND AGAINST PHISHING

What You Can Do To avoid these phishing schemes, please observe the following email best practices:

  • Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types. Be especially wary of links or attachments referring to the current Coronavirus / Covid-19 issues.
  • Do not provide sensitive personal information (like usernames and passwords) over email.
  • Watch for email senders that use suspicious or misleading domain names.
  • Do not try to open any shared document that you’re not expecting to receive.
  • If you can’t tell if an email is legitimate or not, please contact the IT Service Desk for further advice on the numbers below
  • Be especially cautious when opening attachments or clicking links if you receive an email containing the Red BE ADVISED - This email originated outside EMCOR banner.

WHERE TO GO FOR SUPPORT

If you need any further support or advice please contact EMCOR UK’s IT Service Desk team on 0345 045 0269 or email IT@emcoruk.com.

James Dunnett

IT Director