Cyber espionage attacks COVID supply chain with phishing emails

How can you make sure staff don’t fall for email scams?

Phishing scams aren’t new to the scene.

In fact, we’ve become so used to the headlines about businesses paying out fortunes to get their data after some unsuspecting employee clicked a dodgy link in an email.

Even today’s (03 December 2020) news from IBM of a targeted global hacking campaign aimed at the COVID-19 vaccine supply chain hasn’t surprised us – it’s something governments and businesses have been warning against for months.

IBM believes the campaign began in September 2020, with phishing emails sent to six countries linked to the delivery ‘cold chain’ used to keep the vaccine at the right temperature when it’s transported.

Attackers reportedly impersonated a business executive from a Chinese company involved in the cold supply chain to trick targets into opening emails, as well as targeting transport organisations with malicious phishing emails asking for log in details.

If successful, hackers could have procured sensitive and confidential information about the distribution of a high value and high priority.

According to IBM’s security researchers, targets included the European Commission, companies involved in solar energy, a software development company in South Korea, and a German web development company.

It’s not just bigger organisations being hit by more phishing scams, smaller businesses can easily could become exposed to scammers purely by the fact that your good-natured employee didn’t think to message or phone their colleague about a slightly odd or unusual email they received.

Covid-19 has created the perfect environment for phishing, with remote working, digital appointments and a rise in health and medical information, hackers are finding it easier to take advantage of people, reaping in the stolen benefits.

From the beginning of the pandemic, fraudsters changed their tune and started using sophisticated methods of exploiting innocent victims and companies – from fake government emails and support schemes to business relief funds, hackers are now more creative than ever.

In February phishing attacks related to HM Revenue and Customs (HMRC) impersonations averaged at 26,100 per month, a figure that by March increased to 40,184 attacks, roughly 73% rise within a month. The number of attacks has steadily been increasing between March and September with recent figures suggesting 57,801 attacks per month.

In August, the HMRC declared it was investigating more than 10,000 email, SMS, social media and phone scams specifically exploiting the pandemic.

These attacks are on the rise, and are becoming more and more convincing. We’ve outlined some vital steps you and your business can take to prevent these attacks and identify the scam before it’s too late.

How to recognise phishing

  1. Emails usually look identical to messages from reputable organizations
  2. The content sounds urgent
  3. The content tries to stir fear
  4. Claims to enclose breaking news or important information
  5. Asks you to download a link or attachment
  6. Email address does not match organisation

How to protect against phishing

  1. Train your staff

It may sound a little boring but it is so important to understand the threat and be able to identify spam emails and webpages as a collective unit.

As harsh as it sounds, staff are often the biggest weak point when it comes to phishing – so it’s vital to train your staff in recognising risky spam emails.

This includes understanding URLs and being able to recognize the ones that are safe and legitimate versus those that are fraudulent.

We offer phishing simulations as a service to help identify and train you and your staff to make your business less vulnerable.

  1. Triple check everything

If uncertain of an email a website or a company, visit the website or google the address. If the site comes up with an error or details are not matched, this should be considered a warning.

If you ever receive any suspect emails, always refer to your colleagues and your IT support team – it’s always better to be safe than sorry!

  1. Invest in your security

Installing and updating anti-spam, anti-virus, and anti-spyware software. Deploying a spam filter that detects unidentifiable senders, webpages, or downloads will prevent any further interaction with spammers and keep your business safe.

It’s all about balance, right? At Consider IT, we can help support your digital and cyber security needs, with our proven cyber security solutions.

Our team of experts can help support your business by securing both technical and operational measures from implementing software to designing new security policies and strategies that work.

With complete protection, we can become the first point of contact for every area of security, directing potential attacks to our expert team who can react sooner and faster.

As a Cyber Essentials Plus-accredited team, we can guide you through security processes to better protect your businesses and employees, helping your business achieve your own Cyber Essentials plus accreditation.

We’re a full CREST-accredited body with CREST-accredited staff, including CREST Practitioner Security Analysts and CREST Registered Penetration Testers.

So, we can help give you peace of mind, as well as helping you protect your business. Becoming accredited is an incredibly powerful way to gain trust and confidence from your customers and workforce.

If you’re interested in how you can improve your business security, please get in touch with our friendly team of IT experts – who will run through everything cyber-related with you.

You can find out about all of our different services here