Email phishing campaigns and malware through emails are nothing new, but when combined with something like a global coronavirus spread, the risk can be even higher—adding significant digital risk on top of the physical risk of infection.
It’s common for phishing email and malware creators to capitalize on a current issue. After all, their job is to pique the interest of an end user enough to get them to open the email.
At that point they might use a few different angles, depending on the campaign. During times like this it’s critical you ensure your customers and their end users are aware of the types of scams going on. Make sure you have a communication plan to supply valid information to prevent your users from seeking other sources.
For many years bad actors have employed spam, phishing, and spear phishing techniques for several end goals:
Something as front and center as the coronavirus spread presents opportunities for widespread attacks anywhere in the world. As the actual virus spreads to more countries and cities, the population will be looking for up-to-date information, and a well-timed email might be all it takes for someone to fall for a scam and put their information (or the business they work for) at risk.
According to an article by the Wall Street Journal, these scams started in January in heavily affected areas, and are likely to pick up as the threat of infection reaches more locales.
Here are a few methods to look out for, as discussed in the article:
Especially now, as companies begin to institute work-from-home policies, employees who are not used to being in a home environment might be more tempted to click on an email or engage in risky behavior, because they are in a different setting.
There are a few things you can do to help ensure your users practice safer email and online habits during these times:
Early on, when an event or issue arises that affects the entire organization or one or more regions your users are in, send out an email stating you’re monitoring the situation and will send regular updates to the organization. State the timing of these notifications, and then ensure you follow that schedule so users aren’t tempted to seek information elsewhere.
Recommend a few “vetted” sites or resources that can supply them with legitimate information, and supply links to them in your communications as well. Most of these also offer guidance for staying safe in public as well as online. For coronavirus, a few of these are:
Regardless of what you supply, make sure you give this advice to your users:
Supplying a mechanism to allow users to forward emails to you will help you train them on what is legitimate and what isn’t. It may add a little overhead to your time during events like this, but it will also help you spot trends in your customers’ environments. If you see the same email delivered to multiple users and they report it, you can then send out a screenshot with examples to tell other users to avoid that type of email, since it’s likely bad actors are targeting your domain. Additionally, if a user feels like they may have made a mistake, they can report this to you immediately so you can assess the risk based on their actions and give the proper advice—like changing supplied credentials or looking for suspicious behavior on their laptop or device.
If you’re considering allowing employees to work from home to prevent risk of additional spread of the infection, it’s doubly important that you secure the assets the users are taking home. This means ensuring your email security solution is configured with proper settings. You’ll want to prevent malicious emails from making it to inboxes and ensure all devices taken home have up-to-date endpoint security agents and definitions. It’s also important to ensure users can access the work environment safely with VPNs or other remote access tools that are protected with two-factor authentication (2FA).
Finally, make sure your technicians have the capability to remotely support these users securely, as they’ll likely need assistance getting set up in a home environment.
As the virus continues to spread, we can expect more opportunistic actors to engage in email campaigns and attempt to infiltrate or defraud users and the companies they work for.
Taking just a few minutes to keep your teams, customers, and end users updated from a trusted advisor can make a big difference and demonstrate your value as a service provider.
Gill Langston is head security nerd for SolarWinds MSP. You can follow Gill on Twitter at @cybersec_nerd
Get the latest MSP tips, tricks, and ideas sent to your inbox each week.