IT teams are tasked with the daunting challenge of managing employees’ connectivity during the Covid-19 crisis to ensure productivity and minimal disruption to the business. At the same time, there has been a sharp spike in the number of ‘phishing’ and ‘smishing’ attacks since the outbreak began.
Every day, Gmail blocks more than 100 million phishing emails. In the first week of April 2020, Google reported 18 million daily malware and phishing emails related to Covid-19. This was in addition to more than 240 million Covid-related daily spam messages.
How phishing works
Phishing is still one of the most effective methods that attackers use to compromise accounts and gain access to company data and resources.
Most online users are aware of phishing emails, which often encourage you to log on to what seems to be an online banking portal or other credit facilities. The user enters their login details on the fake portal, after which the scammers use this information to raid the user’s bank account.
How smishing works
Smishing is a growing cybercrime trend. Essentially, it’s Phishing 2.0 – via SMS. The sender ID for SMS messages can be tweaked to look like a message from a bank or other recognised institution, but in fact, it comes from a person. A link to a fraudulent portal in the message does the same as the link in a phishing message, only via the mobile phone.
Smishing also works when scammers send a phone number in the message. If the victim calls the number and gives away private information, this can also cost a lot of money.
Internet fraudsters are creating new phishing and smishing scams every day to make a quick buck from the fear and uncertainty surrounding the Covid-19 pandemic. With so many people working, shopping, and communicating online, fraudsters are seeking to benefit from any possible lack in online security.
One trick is to impersonate the World Health Organization (WHO) to solicit fraudulent donations or distribute malware. Another is to capitalise on government stimulus packages and imitate government institutions to scam small businesses.
With many consumers now being forced to shop online, cybercriminals are taking advantage of this by sending fraudulent shipping alert text messages. These SMS messages, which appear to be from major carriers such as UPS, Amazon, etc., contain a fake tracking number and link that directs the target to update delivery preferences, while also requesting credit card information.
Securing your mobile communications
Mobile communication has become more important now than ever, with consumers unable to visit your office or store. That means companies need to prove their trustworthiness and protect their customers from fraudsters. Luckily, there are ways to ensure secure mobile communications between the brand and consumer. We recommend two mobile security precautions you can take to safeguard your personal and business mobile interactions.
Another way to limit risk threats is by adding Two-factor Authentication (2FA). This means adding a level of authentication whenever granting access to secured online environments. Think of medical information for patients, company info for your employees, financial information for consumers, and order pages for consumers.
By adding a second level of authentication on top of just a username and password, the chances of sensitive information falling into the wrong hands are limited. The user will also need to add, for example, a One Time Password to validate the user’s identity.
A ‘One Time Password’ is a string of characters or numbers automatically generated to be used for one single login attempt. One Time Passwords can be sent to the user’s phone via SMS or Voice.
In addition to the abovementioned advice, always keep these general cybersecurity tips in mind to prevent Smishing and other cyber threats:
Finally, remember that banks will never send you a text message with a link to log in for online and mobile banking or ask you to reply with sensitive information. When in doubt, always contact your bank directly.
