Home Phishing in the New Normal

Phishing in the New Normal


As millions of employees transitioned to remote work, hackers have not missed the opportunity to capitalize on the fear, worry, and anxiety that people naturally felt about the outbreak. When the pandemic began, Google was detecting 1.18 million coronavirus-themed malware and pushing emails per day.

According to the Anti-Phishing Working Group,2 the number of phishing attacks has only grown since then. Phishing threats in the current cyber landscape are frightening for organizations and employees. From the upsurge in COVID-19-related malicious domains to the use of fraudulent advertisements offering vaccines for sale, organizations have seen an unprecedented increase in the sophistication and volume of cyber exploits. These attacks have sought to spread malware and compromise personal data.

As the biological pandemic continues, so does the targeting of healthcare organizations, seeking to steal valuable commercial and personal information. Such attacks have even disrupted vital research operations. Since November 2020,3 there has been an increase of over 45 percent in the number of attacks seen against healthcare organizations globally, compared to an average 22 percent increase in attacks in other sectors.

Phishing schemes work well because people can make mistakes. Well-crafted socially engineered phishing attacks are successful when people fail to detect the scam. It’s estimated 4 that over 90 percent of all attempted cyber attacks result from phishing, and 32 percent of actual data breaches involved phishing activity. Thus, preventing phishing attacks should be an organization’s top cyber security priority.

In this whitepaper, we’ll discuss the most popular phishing attacks that hackers are using during the pandemic and how to recognize them. At the end, we’ll provide our recommendations to prevent phishing attacks. “Phishing targeting webmail and Software-as-a-Service (SaaS) endures as the largest phishing category, with 31.4 percent of all attacks.” – Anti-Phishing Working Group

E-mail Phishing
E-mail-based phishing attacks saw the highest increase compared to any other phishing attacks during the pandemic. According to Check Point’s Brand Phishing Report, the increase in phishing emails was one of the most prominent trends of the work-from-home era. Cyber criminals are well aware of the distractions people are dealing with while working remotely.

In a phishing e-mail, the scammer tricks the victim into thinking they’re receiving a legitimate e-mail from a legitimate sender. These attacks frequently rely on spoofing, in which the e-mail header, or ‘from’ field, is forged to look as if a trusted person sent the e-mail.

Phishing emails often convey a sense of urgency – an urgent deadline, a fine, or a loss of funds or a job. The email might suggest you’ll miss out on a reward, raising your curiosity. If users feel pressured or unsure in any way then not clicking is the desired course of action.

Download the complete text here.