As people around the world are faced with fears and concerns over the COVID-19 virus, criminals are also taking note. And unfortunately, they are using this as an opportunity to try and steal money and personal information by generating social engineering scams via email, text, and phone calls.
Over the past few weeks, there has been an increase in attempts to lure unsuspecting victims into going to malicious sites, clicking on malicious links, or providing personal information over the phone under the auspices of COVID-19. Many of these scams attempt to impersonate legitimate organizations, such as the Center for Disease Control or the World Health Organization, by offering fake informational updates and even promises of access to vaccines – all for a price, of course!
Moreover, nobody is safe from these efforts – from administrative employees, contractors, and interns on up to the C-Suite and even business partners can be targets to obtain access to our networks and sensitive information. And for those of us now connecting to the office through our home networks, even our children are potential targets. It is a perpetual bombardment, every day, every minute of the day, 24/7/365.
Threat actors prefer the path of least resistance. They hack the psyche of targets (who rarely realize the disguises) as well as rely on publically available intelligence and interactions to generate victim profiles. Cybercriminals are experts in the art of masquerading, manipulating, influencing, and devising lures to trick targets into divulging sensitive data, and/or giving them access to our networks and/or facilities.
Understanding the primary attack vectors used by the adversary is key when it comes to deterrence; examples of social engineering based attacks include the following.
While our goal is to stay ahead of attacks, even the most advanced technology cannot always provide sufficient blockades against the constant barrage of cyberattacks, especially social engineering. The problem is, human error is involved in 95% of all security breaches. That is why it is imperative to ensure you and your fellow employees become the first line of defense, and that requires becoming security aware.
We have all been practicing social distancing over the last few weeks to protect against viruses and illness. Likewise, we should consider cyber distancing ourselves from our attackers. Keep your cyber distance by staying wary of suspicious requests, unknown attempts at contact, and unsolicited information and be the protector of your information, your networks, and your health.
Interested in cybersecurity education or training? Find out more about Fortinet’s NSE Institute programs, including the Network Security Expert program, Network Security Academy program and FortiVet program, which provide critical education to help solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow. Basic levels are open to the public.