Safeguarding IT Infrastructure Against COVID-19 Phishing Scams

Dealing with phishing scams is an everyday responsibility for IT operations professionals. Safeguarding an organization’s data from fraudulent attempts to obtain employee usernames and passwords to secure IT systems has become a core competency. After all, no organization wants to face the same crisis that retail giant Target did in 2013, a cyberattack exposing over 70 million customer records which all started from the email phishing of an HVAC supplier.

It’s especially critical now, while organizations may be less likely to be thinking about data protection, to be aware that the COVID-19 pandemic has created yet another opportunity for phishing scammers to attack unsuspecting organizations. What is most certainly a global health crisis is, unfortunately, becoming a data protection crisis too.

Anti-virus protection company Norton outlines a host of phishing scams targeted as personal and business users. These include:

• CDC Alerts: Scammers are sending phishing emails disguised as coming from the US Center for Disease Control (CDC). These emails may include links to alleged coronavirus cases in recipients’ areas under the guise of keeping individuals apprised of real-time updates in their region.
• Health & Safety Measures: Some phishing emails are sent under the pretense of offering health and wellbeing tips. Recipients are encouraged to click on a link to view safety protocols that can be taken to protect against getting the virus.
• Employer Alert Emails: Targeted scammers are developing emails that appear to come from an individual’s employer sharing organization-wide safety precautions. A link is included to encourage recipients to see the alleged protocols from their employer.