Cyber-Attackers Get Creative Targeting Employees Returning To Work

Cybersecurity company Mimecast has reported that attackers are exploiting users’ anxiety and need for information during the COVID-19 pandemic. Since January COVID-19-related spam has accounted for 10-15% of the total spam.

With COVID-19 restrictions beginning to ease, attackers have begun to focus to target employees returning to work, and are increasingly using non-traditional methods, including voice messages (vishing), text messages (SMShing) and deepfake audio. For example, people may receive an SMS that claims to provide a link to a tax agency, bank, or other official entity.

Deepfake audio messages, meanwhile, use AI to create convincing voice impersonations of organisations’ top executives. In some cases attackers have used audio from webinars.

Mimecast detected a particular spike in attacks on healthcare and research data organisations.

Most notably, there have been reports of phishing emails that attempt to install malware or steal credentials by providing a link that claims to give information on new safety office policies. Mimecast has detected and blocked more than 1,400 examples of this type of cyberattack in Australia alone.

Throughout the COVID-19 pandemic, attackers have adjusted their phishing messages to reflect the current state of affairs. A couple of months ago phishing attempts were more focused on retail shortages and panic-buying.

As a result, most phishing messages now are about going back to work and public transportation.

In order to keep safe, Mimecast has advised people to be wary of unsolicited communications, particularly over text and email. Official bodies rarely contact people electronically when trying to obtain money.

You can always attempt to contact an entity on an official number.

In addition, avoid clicking on links to retrieve voicemail messages from unknown numbers.