{"id":3808,"date":"2020-08-27T10:35:02","date_gmt":"2020-08-27T15:35:02","guid":{"rendered":"https:\/\/www.stratospherenetworks.com\/blog\/?p=3808"},"modified":"2020-10-21T16:05:44","modified_gmt":"2020-10-21T21:05:44","slug":"avoid-taking-the-bait-for-covid-19-phishing-schemes","status":"publish","type":"post","link":"https:\/\/www.stratospherenetworks.com\/blog\/avoid-taking-the-bait-for-covid-19-phishing-schemes\/","title":{"rendered":"Avoid Taking the Bait for COVID-19 Phishing Schemes"},"content":{"rendered":"

\"AEarlier this month, the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA)\u00a0issued an alert<\/a>\u00a0warning that a malicious actor has been sending out phishing emails containing links to a website spoofing the Small Business Administration (SBA) COVID-19 loan webpage. The CISA reports that these emails have a subject line that says “SBA Application – Review and Proceed” and a sender marked as disastercustomerservice@sba(.)gov.<\/p>\n

If you follow the link in the body of one of these emails, you’ll reach a screen prompting you to sign in to your SBA Economic Injury Loan portal account, which the perpetrator of this scam will use to steal your credentials. This is just one example of the many\u00a0phishing schemes<\/a>\u00a0that cybercriminals have launched to take advantage of those affected by the novel coronavirus pandemic. Now more than ever, it’s vital to proactively protect your organization against these attacks and ensure your team members know how to spot suspicious messages.<\/p>\n

Coronavirus-Themed Phishing Schemes: What to Watch Out For<\/h2>\n

Soon after COVID-19 began to spread around the world, hackers hatched plans to exploit the victims of the outbreak. The U.S.\u00a0Department of Justice<\/a>\u00a0warns on its website that malicious actors are trying to capitalize on this catastrophe via “a variety of scams.” In addition to attacks on\u00a0remote work infrastructure<\/a>, this surge of\u00a0coronavirus-driven cybercrime<\/a>\u00a0has included a flood of phishing emails<\/a>.<\/p>\n

In a\u00a0joint alert<\/a>\u00a0issued in April, the CISA and the\u00a0United Kingdom\u2019s National Cyber Security Centre (NCSC) observed that malicious actors were sending out phishing messages with “COVID-19” or “coronavirus” in their subject lines to entice recipients eager for information about the pandemic and relief efforts. Some of these fraudulent emails claim to come from official sources like the SBA, Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO).<\/p>\n

Around the same time that the CISA and NCSC issued that alert,\u00a0Google’s Threat Analysis Group (TAG) reported<\/a>\u00a0detecting 18 million malware and phishing Gmail messages per day with COVID-19 themes. In the months since then, coronavirus-related phishing campaigns have made headlines numerous times. Here are just a few examples, in addition to the SBA COVID-19 loan website scam:<\/p>\n