Sprout IT: Phishing attacks during the Covid-19 crisis
There have been many unfortunate occurrences since the emergence of the COVID-19 crisis.
One of them, according to Peter Goodman, chief constable for the Derbyshire Constabulary and National Lead for Cyber Crime and for Serious and Organised Crime, is the recent and near wholesale migration of organised crime gangs online.
Starved of their normal money-making activities, gangs are turning to “phishing email campaigns, selling hoax protective equipment or a cure to Covid-19”, according to Mr Goodman speaking to SC Magazine.
The Law Society also updated their guidance on cybersecurity, fraud prevention and lawtech advice on 21st April no doubt to reflect growing concern among members and firms about the threat posed.
Given a near total reliance on technology to be able to function remotely at the moment, Sprout IT examines the threat from phishing attacks faced by the legal sector and business in general and how to counteract those threats.
- what phishing is,
- recent statistics emphasising the real threat to businesses,
- email subject lines you and your staff should be suspicious of, and
- training your staff to be aware of phishing when working remotely
What is phishing?
Phishing is a form of “social engineering” attack designed to take advantage of an inherent short-circuit which exists in the decision-making processes used by everyone for financial gain.
That short-circuit is our ability to place trust in a person or a message because of the method of delivery.
For example, with conveyancing fraud, a homemover receives an unexpected email asking them to transfer a very large sum of money to a bank account when completion of the transaction is near. Given that the sum of money is very large, it would not be unreasonable for the recipient of the email to check with their conveyancer that the email is legitimate, the money is needed, and that the bank account details are correct.
However, people don’t do that. Everyday life is full of distractions and complications and, in order to relieve the intellectual and emotional stress of the deluge of modern existence, we take the email at face value.
The action a phishing email asks us to take must be sufficiently removed from our normal expectations for us to question its authenticity.
It’s fair to say that what we’re experiencing as a country, as leaders, and as employees is so removed from normal expectations that people’s defences may be even lower than normal. And that’s why the danger lies.
What to look out for
Security firm KnowBe4 have published a list of the top 10 most frequently occurring subject lines for phishing emails since the imposition of the lockdown, reports TEISS.
The announcement was made at the same time the firm also reported a 600% rise in COVID-19 related attacks in Q1 2020 – doubtless, this will rise further in Q2. Security firm Zscaler have reported a 30,000% rise in coronavirus attacks since January reports InfoSecurity Magazine.
The eight most likely to trick UK companies and citizens would be:
- De-activation of [[email]] in Process
- Password Check Required Immediately
- Please Read Important from Human Resources
- PTO Policy Changes
- Revised Vacation & Sick Time Policy
- Scheduled Sever Maintenance – No Internet Access
- Test of the [[company_name]] Emergency Notification System
- You have been added to a team in Microsoft Teams
Other subject lines causing concern were:
- List of Rescheduled Meetings Due to COVID-19
- Confidential Information on COVID-19
- IT: Work from home - VPN connection
- Microsoft: Your meeting will begin soon
- Vodafone: Caller Alert: Msg Received Today
Training your staff on the precautions they should take
We’d recommend that you circulate the following information or a version thereof to staff via email.
Staff should beware of the following as you may be victim of a cybersecurity attack using the technique of phishing.
Are you being asked to re-enter or change a work-related password?
If you receive such a request, please get in touch with the head of IT for the firm to verify that the request is genuine. If it is not genuine, the head of IT may ask you to change some of your settings to prevent a further and potentially successful attack.
Have you received an email from someone within the firm but something doesn’t seem quite right?
If you receive an email from someone purporting to be from the firm but the tone of voice is different or they are asking you to do something out of the ordinary, email that person using the internal address book – please do not click reply to the email. Better still, telephone that person and ask them if they sent you the email.
Have you received an email from someone claiming that the firm is late with payment?
For all colleagues, please forward that email to the finance team to check that an invoice has been issued to us. For colleagues in the finance team, do not make payment of the invoice until you have confirmed that the bill is genuine and that the payment details on the invoice match up with the payment detail we would normally use for that supplier.
You may also receive telephone calls from cybercriminals related to these emails putting extreme pressure on you to make payment. If this happens, please hang up.
Have you received an email from a colleague demanding that a supplier is paid straight away?
Cybercriminals will use corporate social media like LinkedIn to establish the roles and responsibilities of people working for particular firms. They then send a spoof email from someone apparently within a position of authority demanding that payment is made to a particular supplier straight away. Often, there will be no purchase order on the system for the transaction and we will not have received an invoice for it.
Please report this to management immediately. You may also receive a phone call from a cybercriminal pretending to be a colleague but you may not know that person well enough to recognise if that this their voice or not. Please hang up if you receive one of those calls and contact management immediately.
Have you received an email from a client which has concerned you?
Legal firms are often targeted by cybercriminals who attempt to eavesdrop and intercept email traffic to and from clients. The goal of this activity will likely to be persuade the client to make some form of payment related to a case or transaction we’re handling on their behalf.
Please inform management of the situation without delay.
Please do not download any programs or apps onto any device which connect to the company system whether you own that device or not.
Apps and software may contain key loggers allowing cybercriminals to monitor your activity including usernames and passwords required to access both personal and work-related systems.
Please do not open attachments sent by email or download files or folders from the internet if the sender or the company is not known to you.
Also, please ensure that, at all times, your anti-virus program is open and that you connect to the company network via VPN.
Contact us for advice on combatting phishing attacks against remote workers – Sprout IT
This situation is challenging us all and, much like your firm, we’re continuing to provide services to clients working from home. We’re still answering the phones and responding to emails and we encourage you to contact us whenever is convenient for you for advice and guidance on combatting phishing attacks against remote workers.