September 4, 2020
As businesses scrambled to adapt to a remote work environment, scammers took advantage of the COVID-19 spread to spoof informational sites and steal unsuspecting users' private information. At the height of pandemic coverage, Google reported a 350% phishing increase from February 2020 to March 2020.
This attack vector poses a huge risk to businesses everywhere, as data from Verizon shows that 80% of security incidents are caused by phishing attacks and that email is the top way malware is delivered. Not only do businesses need to be able to quickly adapt to become fully accessible virtually, they need to ensure their employees are aware of the threats coming into their inbox every day.
Phishing is a way for malicious actors to trick you into giving over sensitive data or implanting malware through a link or an email attachment.
The most common type of phishing emails used, these emails impersonate well known institutions and businesses. Common attacks of this type are email notifications about billing problems, suspicious account activity, giveaways, company tech support, and financial activity updates.
These emails are meticulously designed to look identical to whoever they are impersonating and can cross over into spear phishing by including personal information to appear legitimate. Often these emails will ask you to download an attachment or redirect you to a spoofed website to steal sensitive personal data. The majority of these emails create a sense of urgency to have you respond promptly.
A targeted email campaign, spear phishing includes personal information to appear legitimate. The personal information included could be your first or last name, place of employment, job title, or specific job information. The attacker uses data collected from the internet and social media to create a customized email that comes across as believable to extort information. According to Barracuda, the most impersonated companies for spear phishing attacks are Apple and Microsoft.
Instead of impersonating a company, this spear phishing email type impersonates a trusted business associate or an executive position to target a specific high-profile executive. They then attempt to steal high level account access to financial resources.
Inspect the email sender for suspicious domain names & look over URLs for anomalies before clicking.
Disable email images to avoid accidently clicking a malicious link.
Never open attachments from unknown senders.
Use an email filtering service to filter out low-level attacks and educate employees on proper email hygiene practices to prevent falling prey to targeted phishing emails.
Enable multi-factor authentication whenever possible.
Keep your software up to date.
Deploy your own mock phishing emails for employee education and help your team become familiar with the types of attacks in circulation.
Follow the 3-2-1 backup rule (3 copies of your data across 2 media types with 1 copy offsite) to ensure if your data is compromised you can easily restore anything lost.
In case a phishing attack deploys ransomware, ensure your backup can mitigate the attack and that your offsite copy is safe. Retrospect Backup has the ability to restore your system to a point in time before the attack through snapshots. The entire system can be customized to create an automated backup schedule that fits your needs and easily integrates with over 20 cloud storage providers for an affordable offsite option.
Trusted by over 500,000 homes and businesses in over 100 countries, Retrospect protects every part of your computer environment, on-site and in the cloud. During these difficult times, your businesses first 90-days of backups is on us. Use code ‘COVID’ when checking out and start your first backup with one click. Learn more here.
Jana Kurita is Marketing Communication Coordinator at Retrospect and Drobo.