In a time of confusion around the globe, some criminals are taking advantage of the current COVID-19 pandemic and are using the opportunity to attack people and businesses. With the large number of people working from home, cyber-attacks pose an extra layer of risk than under the usual circumstances.

This article was originally authored by Aaron Duncan and Kris Wasserman.


Fake websites appearing to show infection maps and emails with links to news articles about the coronavirus pandemic are being used by cyber criminals to initiate cyber attacks. If users aren’t vigilant, professionals working from their own unprotected networks and engaging with seemingly urgent messages can have severe consequences.


Here, we review some key warnings signs, cyber security best practices, and services offered by Special Counsel to help ensure that your cyber-hygiene is up-to-date.

Photo by engin akyurt on Unsplash

Cyber Attack Red Flags To Watch For


Hackers are sending emails with links – or posting false articles from websites on social media – that appear to be alerted about the pandemic. Links will often point to infection maps or supposed government news updates. When a link is clicked, a site is visited, or a video is watched, hackers gain access and infect systems. Instead of the helpful information, the clicker is hoping for, they’re instead unknowingly downloading malware that opens a backdoor to personal information.


1. Fake Infection Maps


The number of coronavirus-themed domain registrations has spiked and security experts believe that more than 50% are by malicious actors. There are many sites that are designed to look exactly like the Johns Hopkins infection map but are actually fake sites that prompt to download and run the software in order to view the map. The real Johns Hopkins infection map does not require an installation.


2. Emails from the CDC or WHO


Hackers are sending very convincing emails that appear to be sent by the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO) with links to learn more about the virus that in actuality lead to malicious websites.


3. Emails from government officials


Attackers are sending emails that appear to show legitimate statements by political leaders with advice taken from public sources with links to malicious websites.


4. Emails with RTF attachments


These are files that, when opened in MS-Word, run a series of macros that infect and/or steal information from your computer. Many have been sent that appear to come from the WHO, or promise coronavirus cures.


Cyber Threat Protection Measures


In order to stay protected against these attacks, it’s important to adhere to the following best practices:


Stranger Danger


Do not open emails or attachments from unknown sources. Be wary of emails from “known” sources that ask you to download attachments or click links where the writing tone is odd, or strangely generic.


Check the URL


If unsure about a link, hover your mouse over it to see the full URL. Make sure it is spelled correctly and points to a legitimate source. You can right click on the link to copy it, then paste it into a search engine (not your address bar), to confirm results.


Look for the Lock


Steer clear of links that point to website with an unsecure connection. If the URL starts with HTTP instead of HTTPS you are likely being led to a phishing site.


Be Weary of Poor Design and Click Bait


Be skeptical of unprofessional visuals that are meant to scare you, such as all caps headlines claiming that “YOU ARE IN DANGER.”


Stay Up-to-Date


Keep your software updated. Check that your operating system, office software, anti-virus, email client and web-browsers are updated with the latest patches and upgrades.


Connect the Right Way


If working from home and accessing company resources, your company should be requiring the use of a VPN to connect remotely.


Be Agile


Change your passwords regularly. If working from home, now may be a good time to change your wifi password and make sure you’re not using outdated WEP or WPA encryption. It is best to use something like WPA2 with TKIP or AES encryption.


To read the full article, please click here.


News and Research


Most Jobs We Will Do In 2030 Have Not Been Invented Yet. Here’s How Your Business And Workers Can Prepare For The Reskilling Revolution

On Thursday 28 January, our CEO Alain Dehaze spoke at the World Economic Forum’s ‘Skilling the Global Workforce’ panel. He called continued up- and reskilling of “crucial importance,” given that people are losing some 40% of skills every 3-4 years.

04 February 2021


The World Economic Forum: Why We Need A New Social Contract And Reskilling Revolution To Recover From COVID

The World Economic Forum’s Davos Agenda that took place on 25-29 January focused on how to rebuild trust and recover from the pandemic. Here are some conclusions from global leaders on what awaits the world of work.

27 January 2021


CEO Voice: We Need More Emotionally Intelligent Leaders As Workers' Mental Health Declines

Our CEO Alain Dehaze joined CNBC on 19 January to share the latest insights on how the COVID-19 pandemic will change the future of work.

21 January 2021