The Impacts of Phishing During COVID19

By Caleb Kwong | October 20, 2020

Introduction

There is no doubt that the COVID19 Pandemic has turned this world upside down, to degrees and proportions that have never seen before.  This is especially true from the standpoint of Cybersecurity.  While the threat landscape has been changing even well before all of this hit, it has exploded into new frontiers that are entirely unprecedented.  While the older threat variants still exist, many new ones have emerged from it, especially when it comes to Phishing.

This is the focal point of this article.

What Is Phishing?

Most of us have heard of this term, but unfortunately, the real ramifications behind it are still poorly understood by Corporate America.  This is essentially when an employee (or for that matter, any individual) receives an Email that is not legitimate, but it appears that way at first glance.  To make them this way, the Cyberattacker will even hijack your electronic address book and harvest the contact information in it to make the Email look even more authentic. 

But upon doing a deeper dive of the email message, one can notice that most likely it will have slightly awkward grammar, a mixture of upper case letters and lower case letters that are placed in the wrong positioning of the word, and even return addresses that are not the same as the sender’s Email address.

Also, these phony Emails will either contain a document that has macros in them, when opened, will disperse the malicious payload onto the end user’s device.  But there could also be even a direct link in the body of the email message, which will direct the employee to a website that looks like the real thing but is spoofed and illegitimate.

Phishing is probably one of the oldest threat vectors that are out there, making its first public notoriety in the late ‘90s when the Personal Identifiable Information (PII) records were hijacked from AOL.  But with COVID19, Phishing has become extremely stealthy, covert, and even much more challenging to spot. 

Just consider some of these key statistics:

*Since February 2020 (which is when COVID19 made its first impact here in the United States), Phishing attacks have gone up well over by 667%;

*Between just a one-month time period, from March 1st to March 23rd, there were a total of 467,825 Spear Phishing Email attacks (these are Emails that are specifically targeted towards an individual or a particular business);

*Phishing can take on different forms, which are as follows (their total percentage of impact is also during the monthly time frame):

  • Scam messages:  These increased by 54%;
  • Brand Impersonation Attacks:  These increased by 34%;
  • Blackmailing Attacks:  These increased by 11%;
  • Business Email Compromise:  These increased by 1%.

(SOURCE:  1).

Although Business Email Compromise is only the smallest fraction of the total pie in terms of the total number of attacks, it too is becoming one of the primary threat vehicles that are being used as well.  For example, just in the first quarter of this year, businesses reported a loss of almost $2 billion because of BEC Phishing Attacks, and nearly 40,000 businesses were impacted.

(SOURCE:  2).

What Is Business Email Compromise (BEC)?

BEC is a type of Phishing attack that is very specialized in nature.  For example, it specifically targets those companies that engage in high dollar volume wire transfers, or those that make use of many suppliers in the final distribution of goods and services to customers.  In these particular instances, it is the Email addresses (and even their electronic address books) the C-Suite of these organizations that are primarily targeted. 

When launching these kinds of attacks, the Cyberattacker will very often instill a sense of fear or intense urgency into the body of the email message.  As a result, these Emails are very often sent to the administrative assistants of these high-level executives, which request them to send a lot of money to a specific bank account, which is usually located offshore somewhere, so the funds cannot be easily tracked down.

There are other types of BEC related Phishing attacks as well, which are as follows:

  1. Bogus Invoices:

These are targeted towards those very large companies that have a plethora of suppliers that they use, especially if they are based overseas.  The Cyberattacker can send a Phishing Email in which they pretend to be such a supplier, also requesting wire transfers to be made to their phony accounts.  In these cases, the fear tactic used is that payment is immediately due; if not, the supply chain will be immediately terminated.

2. The C Executive Impersonation:

This is where the Cyberattacker disguises themselves as a C suite executive at your firm, in which they specifically request money to be wired to immediately to an account, confidential information, etc.

  1. PII:

In these kinds of attacks, the Cyberattacker will often claim they are conducting an audit to make sure that your organization follows the data privacy laws of both the GDPR and the CCPA.  Very often, it is the Human Resources (HR) and Accounting departments that are widely targeted, because the employees have the most access to the databases that house the PII datasets of both customers and employees.  Once access has been given, Identity Theft attacks can occur, and very often, it will be too late when the victim finds out.

Although the above scenarios assume that a Phishing Email has been sent, the Cyberattacker has other means at their disposal as well, such as resorting to Robocalls, Smishing Attacks, Dumpster Diving, and even sending phony letters through the regular snail mail.  Also, the common keywords that are found in BEC Phishing Emails include the following:

  • Payment
  • Request
  • Urgent
  • Time Sensitive
  • Transfer

Conclusions

You may be asking yourself at this point, what can you and your business do to prevent yourself from a BEC Attack?  There are many tips out there, and a simple Google search will point you in the right direction.  But apart from these kinds of suggestions that are available online, there is another, more technical-based solution that you should be using. 

This is known as the “Domain-based Message Authentication, Reporting, & Conformance,” also known as “DMARC” for short.  Essentially, by implementing this application, all of the employees in your company will be able to convey to the recipients of the Emails that they are sending that the messages are transmitted are legitimate and authentic.  At present, there is no other solution like this that is available.

There are other features to the DMARC as well, which include the following:

  • Confirm the authenticity of the domains that are used for sending the emails, even if they are 3rd party domains;
  • The ability for the IT Security team to create specific policies that instructs the Email providers how to dispose of (or even deliver) messages that are deemed to be illegitimate in nature;
  • Collect intelligence-based information and data across other Email domains that are being used on the public Internet.

More information about the DMARC can be provided by your Savant Solutions Security Advisor.

Sources

  1. https://www.securitymagazine.com/articles/92157-coronavirus-related-spear-phishing-attacks-see-667-increase-in-march-2020
  2. https://www.aarp.org/money/scams-fraud/info-2019/business-email-compromise.html

Posted in Cybersecurity and tagged ,

Leave a Comment

You must be logged in to post a comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.