The Corona crisis seems to be giving cybercriminals a boost in their activities: There are currently warnings about phishing emails on Corona topics, including emergency Corona aid. We summarize current warnings for you, show you why employee awareness is essential for phishing, and explain how to recognize phishing emails.
Table of Contents
Phishing emails: Corona emergency aid
In a press release, the European Commission warns of phishing emails connected with the Corona emergency aid. As a result, phishing emails with forged forms are circulating that promise an alleged “bridging aid II for companies, businesses, the self-employed, associations, and institutions.” Anyone who opens the document makes it easy for scammers: This is how they get sensitive data that is supposed to be tapped. That’s why the Commission warns: “Don’t open these emails! It is a scam attempt by malicious actors to obtain sensitive company data.”
Phishing: an underestimated IT security risk
This year, it is not the first time that warnings have been issued about phishing emails on corona topics: the European Commission alone issued a warning in July, October, and even November. In addition, the Federal Office for Information Security (BSI), the WHO, the consumer centers, and the federal police warned.
Various studies and investigations have further confirmed that the success of phishing in companies stands or falls with employee awareness. An online survey by the American software provider OpenText shows that 79% of all German office workers open emails from unknown senders without hesitation. This means that 4 out of 5 employees open emails from unknown senders!
The online survey of 1,000 German employees also showed that an incredible 28% of those surveyed had been the target of a phishing campaign at least once in the past 12 months. In the Corona crisis, 15% of those surveyed had already received phishing emails with Corona topics. Frightening: only 13% of those who had already been victims of a phishing email attack reported this to their employer.
According to their statements, the employees surveyed received around 70 emails a day. Considering that most employees will open any email even if the sender is unknown, the potential risk of security incidents begins to dawn. The tragic thing is that the employees do not feel responsible: Only nine percent see the responsibility for cyber security as their own. 66%, on the other hand, think that the IT departments are responsible.
Recognize phishing and act correctly
If you receive emails that match the characteristics listed below, you may be skeptical because then they may be phishing emails:
- They are addressed impersonally, for example, with “Dear customers.”
- The email content should prompt you to take any action, such as: “Update your information immediately!”.
- Threats are also often used: “…otherwise, and we will permanently block your account.”
- The email contains a request to enter confidential data, such as your online banking PIN or credit card number.
- You discover links or attachments in the email and are strongly encouraged to use them.
- The message content is written in brittle. This also includes the appearance of Cyrillic letters, missing or incorrectly resolved umlauts such as “u” or “us” instead of “ü.” Attention: In the meantime, professionally written phishing emails hardly have any language defects, so be vigilant even with well-formulated texts.
- Check the email header: As mentioned above, it is easy to disguise email addresses and impersonate someone else, such as a European Commission press officer. In the email header, you will find the sender’s IP address – and this is forgery-proof. The consumer advice center explains how you can read the email header here.
To counter the risk of phishing in companies, it is essential to train employees accordingly. As the study results summarized above demonstrate, many employees do not know how to behave. Employee training courses on security awareness counteract this in the long term – they are an investment in the IT security of the company.
Also Read: How To Be Safe Against Smishing