COVID-19 themed phishing campaigns
Cybercriminals have taken advantage of the opportunities brought forward by the global coronavirus pandemic. Taking advantage of Government programs such as the Canada Emergency Response Benefit (CERB) and information to theme their landing pages to look like authentic Government agencies. They are going to great lengths to make Canadian content look legit by offering both English and French sites.
Messages can be through email or text message and may look to play on the fear created by the pandemic. You may be asked to provide personal information with the premise you have been in contact with someone else who tested positive for the virus. Other messages have been seen where fake health organizations are requesting funding and donations for emergency supplies and/or PPE .
Always check that the From: address whether by email or text is a reputable and known source. Watch for like domains where criminals will look to make the address of the website they want you to visit look similar to the real one. Be suspicious if you receive a message sent to your board email or cell phone when you have never provided that information to the entity asking the questions. Watch for Health Units asking for your personal information from a location where you do not reside. If you have concerns of the validity of a message always check with someone on your IT team. A lot of times they will know some of the indicators that a message is phishing and can help you to determine if you should respond or not.
Cybercriminals will always be opportunistic and try to take advantage of things that are in the news. Common trends emerge from topics that are getting the most media coverage.
IT teams need to protect school board staff by keeping them up to date on what themes are trending in Cyber Security. Are we posting tips on how they can protect themselves from new threats? Creating an awareness surrounding Cyber Security does not need to be formal training. Frequent tweets or posts about specific topics can create a culture of Cyber Security interest and awareness. Giving users the tool of knowledge to protect themselves online does double duty to protect the organization and the individual. “
Please let me know if you want me to make any changes or additions.
Steve Payne, CISSP
Regional Information Security Analyst (Eastern Ontario)