Nigel ThorpeTechnical Director
Mistakes humans make with data – Mistake #2: Phishing scams
08 Dec, 2020 2 min read
We have all been getting more phishing emails over recent years but during COVID, phishing has gone mad. According to a recent CheckPoint Software Report, the volume of phishing emails increased by more than 10 times over just a two-week period. At times during November, the report shows that one in every 826 emails delivered was a phishing attempt.
The rush online
There are a number of factors behind this rapid increase, but restrictions imposed by lockdowns limiting access to physical stores is a big one; driving an unprecedented number of us to shop online. As a result, hackers spotted the opportunity to exploit our appetite for a good deal. In the first two weeks of November, for example, there were 80% more sales or special offer-related campaigns. In one phish, threat actors imitated a popular jewellery store using a spoofed Amazon email address. Links in the email led to www.wellpand.com and then to www.wpdsale.com registered at the end of October and the beginning of November, right before the emails were sent. Further investigation showed both websites were imitations of the actual website.
Fear and uncertainty
As society continues to grapple with the impact of COVID-19, phishers are also preying on fears around the pandemic, health, politics and the economy. Among the scramble for a vaccine, for example, crooks have stepped up email campaigns with subject lines like ‘urgent information: COVID-19 new approved vaccines,’ according to CheckPoint. They pose as charity fundraisers, soliciting donations to supposedly help individuals, organisations and areas affected by the virus.
Others include pitches for phony remedies and products claiming to cure COVID-19. There was also a website promoting a non-existent vaccine. Scammers have also been advertising fake antibody tests in the hope of harvesting personal information they can use in identity theft or health insurance claims.
With widespread homeworking and so many of us out of the office, another common scam impersonates HR staff requesting personal information from employees at home.
With an estimated 70% of employees working from home either part or full time, an ‘always on’ mentality and online fatigue have made us more vulnerable to scams. The CheckPoint report revealed that 57% of those surveyed felt more distracted, which can impair our judgement and decision-making abilities, making us more likely to fall for a phishing scam.
It’s a well-known mantra but not always easy to follow. When in any doubt, do not click on any links, download attachments, or provide sensitive data, unless you can confirm the request is genuine. Such scams will always be around, but a simple combination of awareness and self-care makes a big difference. But most phishing is all about gaining access to our data, so if we simply made sure all of our data was encrypted, all of the time, and so rendered useless to phishers – it would be one less thing to worry about.