Note: To help combat the increased risk from phishing, GreatHorn is offering a Workforce Protection Program – giving organizations full access to the GreatHorn Email Security platform for free for 60 days without restriction on functionality.
For many of us – GreatHorn included – this week represents the first of what will likely be many weeks of working remotely. And while certainly pockets of the novel Coronavirus began to appear outside of China in February (Italy for example), for much of the US, COVID-19 didn’t rise in public prominence until late February as the first domestic deaths were reported.
Cybercriminals have long taken advantage of times of crisis, capitalizing on public attention and fears. The coronavirus / COVID-19 pandemic represents for them a perfect storm for exploitation – fear, personal interest, worldwide attention, disruptions to daily life and work habits, and unusual business practices and communication patterns.
With 10 weeks of data behind us, we can see how these threats have evolved as growing concern over the global health crisis spiked:
The dramatic increase is even more astonishing when you look at it month over month. As you see below, the number of attacks increase by 7x in February as compared to January.With just two weeks of data in March, the frequency of attacks more than doubled again. In the first two weeks in March (March 1-14), we saw 15 times as many phish as we did for the entire month of January – making up more than 1.5% of all mail.
In analyzing the threats, we’ve seen malicious actors rely heavily on impersonation tactics (“official” CDC announcements and HR / executive communications, for example) and either masked or lookalike URLs (CDC, WHO, OneDrive, etc.), typically seeking credentials or either confidential or financial information.
Here are just a couple of the examples that we’ve seen:
Over the coming days, we’ll continue to post advice, examples, and information to help you better manage the increased risk COVID-19 represents. If you want to be sure to receive these updates, sign up for our Coronavirus/COVID-19 communications here.
Be sure also to check out our other resources:
- Workforce Protection Program – 60 days free of protection through GreatHorn Email Security – no strings attached
- Managing COVID-19 Phishing Risks with a Remote Workforce – our upcoming webinar to help new and existing users of the GreatHorn Email Security platform combat the threat of Coronavirus phishing attacks
- Keeping each other safe (from phishing) in the era of COVID-19 – a recent blog outlining the Workforce Protection Program and how it can help