In April 2020 alone, internet search giant Google’s Threat Analysis Group (TAG) has sent 1,755 different warnings to users that were targeted with COVID-19 phishing attacks.
Google’s TAG regularly sends warnings to its users regarding various online threats, they watch and track over 270 attacker groups across more than 50 countries. The recent spike in government-backed COVID-19 phishing attacks is drawing some concern among the group.
The predominant attacks came from “hack-for-hire” organisations based mainly in India which lure victims to a fake WHO website with “COVID-19 notification” phishing emails.
“We continue to see attacks from groups like Charming Kitten on medical and healthcare professionals, including World Health Organization (WHO) employees. And as others have reported, we’re seeing a resurgence in COVID-related hacking and phishing attempts from numerous commercial and government-backed attackers.”Google’s Threat Analysis Group
Example of fake WHO Newsletter sign-up form. Credit: Google.com
The attacks focus predominantly on business leaders in financial services, consulting and healthcare organisations based in the UK, US, Canada, Slovenia, Bahrain and Cyprus. Google has enabled their Advanced Protection Program (APP) which provides their highest level of available protection. Traditionally this service is reserved purely for high-risk accounts.
While security hardware protection enables higher protection from phishing emails, there is still no way to block 100% of malicious emails that are sent each day. This means when a phishing email gets through, the entire security of the organisation is dependent on the recipient’s ability to spot these threats. The requirement for user knowledge and cyber awareness has never been higher.
The shift from brute force attacks to subtle social engineering emails has been evident in recent years. Hackers have realised that in order to break into a bank vault (metaphorically speaking), rather than try to cut their way in with complex tools it can often be much more rewarding to simply ask an unwitting member of staff for the key. This is how phishing emails are still so effective.
Regular Security awareness training coupled with effective phishing simulation exercises are by far the most cost effective way to shrink an organisation’s threat attack surface.
At Phishing Tackle, we understand that taking the first step can be complicated and daunting, which is why we created several free tools in order to help you better understand your own security needs.
Our Free Click-Prone® Test reveals how many of your users are susceptible to falling for a modern day phishing attack.
Try it out today and learn how secure your organisation really is.