If you’re like most companies, a sizable portion — if not all — of your employees began working remotely due to the pandemic. Many companies have seen the benefits of this practice and are making plans for employees to continue to work from home. This can save companies thousands of dollars a month, while at the same time preventing the spread of COVID-19. The downside, however, is that working remotely can harm your email security by increasing your vulnerability to phishing threats.
Employees working from home have to use email all day long. They can’t just poke their head into a boss’s or colleague’s office. This increased reliance on electronic communications has made email fraud much more attractive to cybercriminals.
To make matters worse, the current situation can make employees much more susceptible to scams. For one, working in tandem with home schooling, quarantines, family pets, impending elections, and more, people tend to be distracted. Additionally, because the uncertainty of the times has changed so many things for businesses, even the most careful employees are willing to agree to changes in procedures. It is behaviors like these that give cybercriminals the opportunity they need.
The three biggest phishing threats your remote employees need to be aware of are:
Ransomware and Malware
The FBI estimates that, every day, ransomware infects more than 100,000 computers worldwide, costing $1 billion in ransom payments a year.2 If that wasn’t enough to worry you, the U.S. Cybersecurity Infrastructure Security Agency warns that COVID-19 is only increasing the risk of ransomware and malware attacks.3
Cybercriminals are sending out malicious emails that pretend to be from legitimate senders offering important information about the coronavirus. Within these emails are attachments containing malware or ransomware which, if downloaded, can quickly impact your entire organization.
These spoof emails can appear to be from government agencies like the CDC or from your HR department or organizational leadership. Your employees have likely received quite a few legitimate communications about COVID-19 while working remotely, which has potentially lowered their guard. They might not think twice about downloading a file that purports to contain information on staying safe or new company procedures. And it only takes one employee making one mistake to put you at risk.
Spear Phishing
Like the previous scams, spear phishing works through impersonation and, in the time of COVID-19, it’s easier to pull off. Your employee receives an email that appears to be from a trusted source, like their boss, a bank or a vendor. Typically, the email asks for credentials like logins and passwords or sends the target to a website that collects credentials.
This scam has been working particularly well in an environment where so many organizations are changing procedures and so many employees are remote. It’s not at all difficult to see how employees could fall for a spoof email from your company’s healthcare insurer asking everyone to confirm log-in information to “ensure coverage remains intact during COVID-19.” — or one from your IT department asking everyone to provide their email passwords to “help improve company security while everyone works remotely.”
Business Email Compromise
Business email compromise (BEC) has cost U.S. businesses $1.7 billion in 2019.3 It can target anyone in your company who performs transfers of funds.
Typically, the target of a BEC phishing scheme receives an email that appears to be from a company or contact your organization works with. The email requests a transfer of funds to a new account. With many companies having changed procedures during COVID-19, it’s easy for BEC scammers to justify the new account.
BEC works because, in many cases, BEC cybercriminals will have looked into — or infiltrated — your organization’s specific vendors and partners to ensure they’re impersonating a contact your people trust. It’s possible the scammer will know the exact amounts of scheduled transfers. Many will also go to great lengths to make these impersonated emails look legitimate. Noticing them requires a lot of vigilance from employees who handle funds transfers. And when those employees are remote, they may be less diligent.
Stopping phishing schemes requires a lot of vigilance by a lot of people. Fortunately, there are ways to make it easier for all your employees to spot and stop phishing attempts. In particular, you can turn to a company like INKY.
Bestowed with a unique intelligence and guided by unprecedented vision, INKY is the new solution in the war against phishing. Unlike most anti-phishing tools, INKY uses a complex combination of computer vision, artificial intelligence (AI), and machine learning to identify phishing attempts most systems miss, spotting imposters even if they’re off by only a pixel. Thanks to INKY alert banners at the top of emails, your employees will have the assistance they need in avoiding scams and they’ll learn what to be on the lookout for. It’s employee learning and remote-worker protection all in one — keeping your organization safe.
Would you like to learn more? Contact INKY and schedule a free demonstration today.
----------------------
INKY® is the emerging hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.
2Source: https://us-cert.cisa.gov/ncas/alerts/aa20-099a
3Source: https://pdf.ic3.gov/2019_IC3Report.pdf