COVID-19: phishing attacks on the rise as coronavirus leaves firms exposed

Phishing activity is on the rise as coronavirus takes hold. CUBE examines the gaps that leave firms vulnerable to cyber attack.

It is now well established that the coronavirus pandemic is having serious implications for everyone the world over – from big business to individual workers. However, as society comes together in an attempt to stem the spread of the virus, not all are working in unity. Cybercrime – particularly phishing – has risen dramatically since the coronavirus first took hold. Despite the spiralling situation, there are still individuals looking to profit.

Most countries have now implemented ‘lock down’ situations, in which people are discouraged from leaving the house unless for certain, essential reasons. As such, working from home has become the new normal – fostering the perfect breeding ground for cyber-criminals to strike.

For instance, Cybersecurity firm, RedMarlin, has reported a 72% increase in instances of hackers trying to penetrate company networks and steal corporate data, from January to March.  Security firm, Barracuda, has recorded 9,116 global phishing attacks since the beginning of March – a 667% rise from the 1,188 attacks in February. A website, CheckPhish, has even been developed in an attempt to inform the cybersecurity community about developing scams – at the time of writing there were a total of 59,292 reported.

The fraudsters’ success, it seems, has been buoyed by the fact that, for many, this is their first ‘WFH’ experience. This is unchartered territory as huge swathes of the world’s workforce is pushed online – people are nervous and distracted.  Why wouldn’t you click a link from your employer or a government agency asking for personal details in the wake of the virus?

Attackers are sending emails disguised as legitimate communications from established organisations such as the World Health Organisation or National Health Service. In some instances, attackers are disguising themselves as the Department for Education, asking unsuspecting parents (no doubt juggling work, childcare, etc.) for their card details in order to provide free school meals.

Such attacks don’t only leave individuals at risk – they pose a real danger to firms too. Perhaps you receive an email from a direct-report asking for you to transfer money to cover a budgetary anomaly – they can’t get to the bank. Where usually you might turn to ask that person for more information – remote working removes this face-face element. If firms fail to be vigilant, or have been lapse in training their employees, they may find themselves exposed.

Cyber security has been a high priority for the regulators for some time now, it remains to be seen whether the COVID-19 pandemic will re-focus or bolster the existing regulatory regime. Watch this space…

COVID-19: How are global financial regulators responding to the pandemic?