The coronavirus pandemic has presented cybercriminals with a crisis to exploit individuals. Phishing is a type of online scam where criminals send an email that appears to be from a legitimate company and ask you to provide sensitive information. This is usually done by including a link that will appear to take you to the company’s website to fill in your information – but the website is a clever fake and the information you provide goes straight to the crooks behind the scam. These emails are a form of fraud that aims to steal personal information.
U.S agencies like NASA and the Department of Defense are seeing a surge of phishing attempts exploiting the coronavirus pandemic.
Generally, agencies receive thousands, or sometimes tens of thousands, of phishing attempts each day, and IT leaders across the federal government are broadly seeing the same number of phishing attacks. But according to a survey conducted by Fifth Domain, more hackers are trying to use the COVID-19 pandemic to trick their way in through the front door.
In an interview with Fifth Domain, Guidehouse's Marianne Bailey, head of the cybersecurity practice explained that "you can talk to any cybersecurity professional and they’ll tell you all of the technical countermeasures they put in place cannot really do anything to negate an employee doing the wrong thing, mostly unknowingly doing the wrong thing because they just don’t understand what they’re doing. And phishing is the perfect way to deliver a malware or package. It’s the perfect way because oftentimes it is directed toward a specific individual.”
This article further discusses anti-phishing efforts that are being implemented by government agencies.