Los Angeles IT Support Company Finds Phishing Emails Expose Vulnerability

Coronavirus Phishing Emails

How IT Support Services Prevent Phishing Emails During COVID-19

As the eyes of the world turn attention to the ominous threat of the Coronavirus, cyber-attackers have used this compounding concern to send out an army of their own viruses. 

Piggy-backing on the millions of emails circling the globe concerning Covid-19, businesses are now faced with the threat of dealing with technology-related viruses. This growing trend is like salt in the wounds of a booming economy that seems to have tanked overnight.

Taking Cybersecurity measures seriously and having a disaster recovery plan in the midst of a health crisis is absolutely vital to the health, productivity, and future longevity of a business, enterprise, or government entity.

What Are Phishing Emails?

Phishing is an obvious play on “fishing”, where a cyber fisherman uses email as his bait to lure in unsuspecting users who see an email that appears to be legit but is, in fact, a trap. Often, the email comes from what appears to be a trustworthy and upstanding company – like Wells Fargo or Fidelity. 

With the appearance of legitimacy, users are asked to go to the “company’s” website and enter sensitive information about their account. Usually there’s a kind of urgency to the missive in the form that alludes to your account being exposed or overdrafted.

The link, however, literally baits and switches you to a site that may appear to be the corporate’s actual site, when in fact it is not. And the information you enter there dumps directly into the waiting hands of the hackers who set it up. 

Unlike straight-up hacking which can take a little more effort on the criminal’s part, phishing is as simple as drafting the phony email and hitting send. The rest falls on the user to let his or her guard down, open and click the email and voluntarily open up their valued security and all sorts of sensitive information. Credit card data, account info, social security numbers and addresses are among the secrets that unknowing people suddenly give up.

Phishing In The Age of COVID-19

No thanks to the paranoia brought on by the Coronavirus, Phishing has become a big business of cyberattackers ready to pounce on the confusion and uncertainty of the virus-riddled times, according to one IT service in Los Angeles.

With millions of people responding to the fear and the preparedness of the coronavirus outbreak with a heightened sense of urgency, hackers capitalize on this by also communicating urgency in their emails. If you are surrounded by a constant or chronic state of emergency, your ability to respond logically wanes by the day. The inability to filter what is truly urgent from what is perceived to be urgent becomes difficult. 

This makes it easier for the cybercriminal community to manipulate the emotions and responses to their recipients by sneaking in an email amongst an avalanche of real emails that fall under the same theme.

Think about how many emails are being sent internally and externally from hospitals, drug companies, pharmacies, and other medically-related companies in response to Covid-19. Then think about the urgency of these emails for this specific segment of the market. 

This becomes an easier target for a cyberattack just based on the sheer number of emails being exchanged every day. A wolf in sheep’s clothing is much harder to spot in a herd of sheep running around in a panic.

How Can I Protect My Computer From Coronavirus Phishing Emails?

Some of these tips seem obvious – but in a state of world pandemic and crisis, going over the basics is akin to remembering the ‘stop, drop, and roll’ drills we are taught as kids if we ever found ourselves on fire. Employing any of these tactics will help mitigate risks flowing into your inbox. The more you employ, the increased probability of your data security.

Beyond data security, prepare for an accidental breach of your internal network by making sure your data is backed up whether at home or in the office. In Los Angeles county, cloud computing resources are one strong way to make sure your personal or business network systems are thoroughly backed up in case of a disaster – be it from a hacker or a natural disaster like an earthquake outage.

Corona Virus Emails Do Not Come From A Credible Sender

Sometimes the non-credibility of a sender seems obvious – but not even this is a sure way to eliminate risk as hackers are getting smarter about posing as top-level executives in real-time by monitoring their social media accounts to start an email off with a piece of personal or privileged business information to gain instant credibility.

Not one credible email will come from a public email domain. Not even employees at Google use Gmail for their internal business emails! If you are not familiar with the domain name after the @ symbol, check the domain in a secure web browser to see if any other red flags come up. This still can be hard to spot as cyber attackers are building out fake news and website domains to legitimize their emails.

You’re also advised not to take the link in the actual email. If the email appears to have come from a company that you do happen to engage in business with – like a bank or credit card company – then you probably already have this institution’s website bookmarked, cached or saved in a password vault like Last Pass

Then go to the site using your link and see if there is any indication on the trusted site that what was being alluded to in the email is legit. If the email had asked you to verify your social security number, for example, but the actual corporate site mentions nothing about then you’ve avoided the phishing scam.

Now go back to that original email and flag it as spam in your email service. 

Also take note of the prefix in a URL to see whether the hypertext transfer protocol contains an “S” after the http:domain.com in the thread. The “S” in the https://domain.com refers to an encryption level of security and the presence of an SSL (secure sockets layer) certificate meaning that the information you pass on that site will be protected. 

Coronavirus Hacking Emails Have Misspelled Domain Names

Have you ever been so busy that you didn’t notice you typed 2 letters in the wrong sequence or have read a word that had two letters that looked similar? Exchanging an M for an R and an N to mimic the letter in the desired word like in this email address [email protected] may seem obvious when viewing on this blog. However, if your inbox is anything like the average American’s inbox with 100-200 emails pouring into any given day – it’s much easier for your mind to miss it. Add stress and exhaustion to the mix and watch the vulnerability of your inbox skyrocket.

Check through your emails and scan with a detailed eye for these clever mistakes. Cybercriminals love to use this tactic especially when they are trying to mimic a c-level executive giving instructions to an employee in their organization. These emails command the authority of the owner in which they mimic and can be more effective in their false financial directives.

One Los Angeles network structured support service even goes so far as to recommend the proper installation of a robust and secure network hardware support system from the beginning of starting a business. Cyber security is the first line of defense in preventing breaches and cyber attacks down the road. 

Coronavirus Phishing Emails Are Repetitive

Cybercriminals are looking for weaknesses. Oftentimes they can determine vulnerabilities in an organization based on user actions. Opening a phishing email multiple times around the office can translate to who is going to be easier to target. Hackers will send a series of emails to weed out people who are starting to catch on to their email campaign and will then focus on people who have a higher open rate.

Even if they do nothing that the email instructs, it’s still enough for the cybercriminal to analyze the effectiveness in his campaign and then create a bigger hacking tactic or plant ransomware based on the organization’s weaknesses. The best way to avoid this is to slow down, check your sender information, and also equip your nearest IT support company in Los Angeles with phishing email education and regular testing by planting safe phishing emails in their inbox.

Unsafe Emails Are Poorly Written

Poorly written emails are a sure sign that the sender is up to no good. Although poorly written emails are more associated with direct email scams and less with phishing attacks- we can all learn from this one fact: People who open and respond to poorly written emails are more likely to fall victim to a scam. If an email is written in broken English and full of spelling errors and it doesn’t raise a red flag in the recipient’s mind, that translates to gullibility and puts digital crosshairs right into your inbox.

Check For Grammar in Phishing Emails

Phishing attacks are more associated with poor grammar. Scanning through the email for grammatical errors is a basic red flag. A majority of these emails are coming from cyber attackers who do not speak English as their native language. If you find yourself consciously or even subconsciously noticing errors in the way the content flows because of simple grammatical errors- raise your flag of concern.

With so much technology at our fingertips – both spelling and grammatical errors are automatically brought to our attention through red, blue, and green lines as we type. There is no excuse for poorly written emails full of spelling errors coming from someone within our organization, client, or vendor databases.

Coronavirus Phishing Emails Have Suspicious Attachments Or Links

Malware comes packaged so beautifully. Cybercriminals are getting better and better on the delivery of their payload by packaging it to look real. They will label attachments as invoices, embed logos of major companies within their email to make it seem legitimate. 

If your business is in Los Angeles county, consulting with a managed service provider can help advise your staff what to look for in assaulting emails and can also set up certain email protocols and firewalls to thwart any attempted attack. 

Hackers are hoping you will download the attachment to infect your computer with malware or ransomware, or direct you to a fake website to enter sensitive information.

This tactic is trying to manipulate the recipient by his or her perceived responsibilities through demanding some sort of professional transaction. Invoicing, banking, registrations or any online data offering can elicit a natural reaction to take care of an urgent matter and provoke enough curiosity to open an attachment or click a link to find out more information.

Phishing Email Education is The Best Prevention

Your first line of defense always starts with the individual. If someone inside of your organization doesn’t know how to spot something suspicious from the attacks coming from the outside, how can they ever be effective in protecting your digital assets? We learn not to talk to strangers when we are kids. We learn to NEVER open the door for anyone the first time our parents let us stay home alone. 

Teaching the next generation the imminent dangers of the environment around them is part of passing down generations of basic wisdom.

Phishing email training is one of the best ways to educate yourself and your employees on how to spot a phishing or ransomware attack. This is even more crucial if you have to send your employees to work from home. 

As technology changes daily, keeping up with the wisdom and knowledge of recognizing outside threats coming into our inbox gets more and more complicated. Cyber attackers are like chameleons in the tech space. They will cloak themselves in the disguise of the digital environment they are trying to penetrate.

Keep Your Email Training and Policies Updated

Training that happens only while onboarding the employee will quickly become outdated. Regular testing and training must be done with your entire team to ensure their knowledge stays current to the latest attack trends. ID Agent’s Dark Web Scan with Phishing Email Training is a great product that can not only check for your information on the Deep Web, but also helps employees spot malicious email through their regular training modules. Contact Be Structured Technology Group if you are looking for corporate email training and creating a solid Disaster Recovery Plan for your business.

About Chad Lauterbach

CEO at Be Structured Technology Group, Inc. a Los Angeles based provider of Managed IT Services for small business. I desire to help small businesses better utilize technology by assisting in high level planning to make sure that new systems will benefit them both operationally and financially. I am careful to implement and support systems using industry best practices.