A recent bout of phishing campaigns sees hackers masquerading as government websites in order to steal victims’ personal information.
Social engineers often hide behind guises of authoritative organisations, and in a recent spate of global phishing campaigns, numerous large government organisations and trusted NGOs find themselves with duplicated domains leading to fake websites.
This increase in phishing efforts during the COVID-19 lockdown has led to a marked rise in the necessity for effective security awareness training. As we explored in a previous post, user knowledge is still the most potent defence against phishing emails and should be strengthened as much as possible.
The focus is currently on credential theft, with hackers creating multiple fake landing pages mimicking trusted sites such as the WHO, CDC, and the UK’s HMRC, along with other sections of GOV.UK (the last two pictured below).
Fake HMRC landing page
Fake GOV.UK page, mimicking a Westminster council billing page
Without a strong knowledge and understanding of how to spot phishing attacks, users face an unprecedented cyber security threat during lockdown and we urge all readers to educate their staff to the dangers of online threats.
At Phishing Tackle, we have created several free tools to start your journey into cyber awareness. The most popular tool is our Free Click-Prone® Test, which reveals your organisation’s susceptibility to falling for a phishing attack.
Take the initiative, educate your users, don’t become a victim to cyber criminals.