Cyber Attack Red Flags To Watch For
Hackers are sending emails with links – or posting false articles from websites on social media – that appear to be alerted about the pandemic. Links will often point to infection maps or supposed government news updates. When a link is clicked, a site is visited, or a video is watched, hackers gain access and infect systems. Instead of the helpful information, the clicker is hoping for, they’re instead unknowingly downloading malware that opens a backdoor to personal information.
1. Fake Infection Maps
The number of coronavirus-themed domain registrations has spiked and security experts believe that more than 50% are by malicious actors. There are many sites that are designed to look exactly like the Johns Hopkins infection map but are actually fake sites that prompt to download and run the software in order to view the map. The real Johns Hopkins infection map does not require an installation.
2. Emails from the CDC or WHO
Hackers are sending very convincing emails that appear to be sent by the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO) with links to learn more about the virus that in actuality lead to malicious websites.
3. Emails from government officials
Attackers are sending emails that appear to show legitimate statements by political leaders with advice taken from public sources with links to malicious websites.
4. Emails with RTF attachments
These are files that, when opened in MS-Word, run a series of macros that infect and/or steal information from your computer. Many have been sent that appear to come from the WHO, or promise coronavirus cures.
Cyber Threat Protection Measures
In order to stay protected against these attacks, it’s important to adhere to the following best practices:
Do not open emails or attachments from unknown sources. Be wary of emails from “known” sources that ask you to download attachments or click links where the writing tone is odd, or strangely generic.
Check the URL
If unsure about a link, hover your mouse over it to see the full URL. Make sure it is spelled correctly and points to a legitimate source. You can right click on the link to copy it, then paste it into a search engine (not your address bar), to confirm results.
Look for the Lock
Steer clear of links that point to website with an unsecure connection. If the URL starts with HTTP instead of HTTPS you are likely being led to a phishing site.
Be Weary of Poor Design and Click Bait
Be skeptical of unprofessional visuals that are meant to scare you, such as all caps headlines claiming that “YOU ARE IN DANGER.”
Keep your software updated. Check that your operating system, office software, anti-virus, email client and web-browsers are updated with the latest patches and upgrades.
Connect the Right Way
If working from home and accessing company resources, your company should be requiring the use of a VPN to connect remotely.
Change your passwords regularly. If working from home, now may be a good time to change your wifi password and make sure you’re not using outdated WEP or WPA encryption. It is best to use something like WPA2 with TKIP or AES encryption.
To read the full article, please click here.