Phishing attacks: in ordinary times and during a pandemic
A combination of workers getting used to working-from-home and the anxiety and fears arising from the outbreak of COVID-19 may be leaving workers and organizations vulnerable to cyber attacks. For example, malicious actors may set up email accounts to impersonate supervisors and coworkers and trick workers into providing information about themselves or the organization. Such emails are called “phishing attacks” and the purpose of such attacks is to gain information that malicious attackers may use to gain access to systems. Organizations who have permitted employees to use personal email accounts are especially vulnerable to such an attack since workers will have a tougher time discerning legitimate email accounts from those of attackers’ email accounts.
The Canadian Centre for Cyber Security has provided the following guidelines to protect yourself:
Against Malicious Emails:
- Make sure the address or attachment is relevant to the content of the email.
- Make sure you know the sender of an email.
- Look for typos.
- Use anti-virus or anti-malware software on computers.
Against Malicious Attachments:
- Make sure that the sender’s email address has a valid username and domain name.
- Be extra cautious if the email tone is urgent.
- If you were not expecting an attachment, verify with the sender.
Against Malicious Websites:
- Make sure URLs are spelled correctly.
- Directly type the URL in the search bar instead of clicking a provided link.
- If you must click on a hyperlink, hover your mouse over the link to check if it directs to the right website.
For more information, check out the website for the Canadian Centre for Cyber Security.