The double impact of COVID-19 on phishing

For several years, phishing has been one of the more well-managed security risks. Thanks to major campaigns from banks and retailers, awareness is at an all-time high. People treat their inboxes with more scrutiny than ever before.

But, as COVID-19 continues to affect the way we live, work and use technology, instances of phishing are on the rise. Attackers are taking advantage of widespread confusion and uncertainty. And that puts your business at risk in a climate that’s already cause for concern.

There has never been a more important time to improve your user’s cyber security awareness. Here’s why.

COVID-19 scams are becoming commonplace

Phishing scams routinely take advantage of fear. They claim that your bank account has been hacked, your identity stolen, or your data exposed. All with the goal of pushing people to take immediate, instinctive action – and skipping any real scrutiny.

A global pandemic is an attacker’s dream come true. What better way to prompt people into action than tapping into their fears about their own health and wellbeing?

At the same time, businesses are working differently to meet the demands of social distancing and isolation. Suddenly, an email from your bank rather than a phone call doesn’t seem so unusual.

That’s why the news is full of reported coronavirus-related scams. According to The Guardian, more than 2,000 different phishing attempts have been reported to UK investigators. And that’s when Google claim to be stopping 126 million phishing emails from going out every single week.

The scale of the phishing problem has been turbo-charged. But that’s just one half of the problem.

Diligence is at an all-time low

Day-to-day, around 16% of employees fall for a phishing attack. Social engineering is worryingly effective, even when your employees are familiar with potential threats.

Now, with an entire workforce working from home, the true hit-rate of a phishing attack is likely to be much higher. Whether they’re juggling childcare, half-watching TV, or just in a space where they feel less focused, it’s all too easy to download an attachment or hit a link without thinking.

The increased frequency of phishing has come at precisely the time when it’s most likely to work. And your users are your only line of defence.

Get your 2020 Guide to Security Awareness Training

To help, our partners at usecure have put together a complete guide to security awareness training in 2020.

Available now as a free download, it includes:

  • A guide to your phishing risks in 2020
  • Advice on effective training that people actually use
  • Details on usecure’s phishing simulation tools
  • A useful checklist for your end-user training

Get your copy now to start eliminating your human security risk.

Written by