If you are wondering why you have been getting more messages from your security team, or why your line manager is hassling you to make sure your password is strong and unique, don’t be surprised. It’s been estimated that phishing attacks (a fraudulent attempt to obtain confidential information through a seemingly trustworthy communication) increased by over 200 per cent at the height of the global pandemic.
Just as alarmingly, the report (based on data from security vendor F5’s Security Operations Centre), found that phishing emails that used the term “covid” or “corona” had a massive 1100% increase in the first month of the global pandemic. It’s estimated that for the foreseeable future phishing will increase by at least 15% year on year.
The harsh reality is that criminals will look for any opportunity to make their communication sound credible and timely. National and global disasters or newsworthy incidents are ripe for exploitation by them.
It sounds convincing, the timing is right, and there is a benefit either to your pocket or your conscience. But in reality you are opening yourself, and potentially the rest of your company, up to huge losses.
Be careful. Do you recognise the sender and is the message characteristic of them? Or does it seem just too good to be true? If in doubt, contact your support desk: they can help you ascertain its true intent without hurting you or those around you.
Bitcoin and other cryptocurrencies remain a mystery for many of us. But that doesn’t mean you aren’t involved in their creation and distribution right now, without even knowing it.
Recently, hackers have been seen deploying cryptocurrency-mining malware on to other people’s computers without their knowledge, to “mine” cryptocurrency currency for themselves.
These hackers have been very careful to not draw attention to themselves by making sure they only phish one person from each company they target. They even correspond with their victims to further encourage them to open an email attachment that contains malicious software. Once their software is installed onto that initial computer, the hackers can spread further inside the company and install their malicious software everywhere.
There is plenty that you can do to help your IT and security teams to avoid this danger. But the most important thing you can do it is to avoid clicking on links in emails, especially if you are being encouraged to by unknown people you are conversing with over email or on the phone.
The mining software might seem innocuous, but it may well slow your computer down . And it makes your computer vulnerable to other threats, weakens the security of your company, and most importantly goes on to fund organised crime. No thanks.
It’s always important to have a strong and complex password. But it’s even more important to have two-factor authentication (2FA) in place. This means that you have two layers of security. If a criminal gains access to or guesses your password, there is still an additional security measure helping to ensure that your account is not breached.
This second factor may take the form of a short numeric code that is sent to you via SMS, or it might involve using an application on your smartphone to generate the code. It’s very likely that you are using something similar for your online banking already.
For all of your online accounts, especially the ones that contain the things you value most (personal information, credit cards, even personal photos) you should enable 2FA. You can normally find it under your account/profile, and then a section called security.
2FA adds a few seconds to your login time, but will make a significant difference to the level of security you have on your accounts, either at home or at work.