Every industry is noticing a rise in coronavirus spam emails, but hackers are targeting healthcare institutions in particular. Hackers send out malicious emails with links or PDF downloads and mask themselves as executives from a healthcare organization. For example, a hacker can send a public service announcement acting like the CEO of a hospital and tell employees to read an attached document.
This kind of attack can be very dangerous because of the network effects of some malware; if one person were to open the attached file, it could compromise their account and hackers can contact other employees within an organization from that account. Some malware are advanced and can record the keystrokes of users; this enables the hackers to copy usernames and passwords and get access to bank accounts, patient information and other sensitive data.
The most prominent recent malware attack targeted users in Japan where the coronavirus’ spread is rampant. A mass email campaign was sent by hackers masking themselves as a disability welfare provider in Japan and it encouraged recipients to view an attached document. This led to users downloading a malware called Emotet. Emotet spies and eavesdrops on users by viewing their network traffic and accessing stored usernames and passwords. This kind of attack is why it’s important for organizations to stay vigilant and prevent any penetration from malware attacks.
Some practices to prevent coronavirus malware and phishing attempts include:
- Educating employees: Educating employees about the spam campaigns associated with the coronavirus should be an immediate priority. If employees know how to recognize a spam email or the characteristics associated with them, they are far less likely to download malicious software
- Use Firewalls/Antivirus: Surprisingly, many companies have little to no security in regards to their emails, networks and other internal settings. Installing a firewall or antivirus will help prevent a large percentage of spam and unsolicited emails. By having some form of defense like an antivirus or firewall, you can prevent cyber attacks from reaching anyone in your organization.
- Avoid pop-ups, links, downloads, etc: On a day to day basis, most employees don’t need to download files from unfamiliar senders or external parties. If someone sends an email urging you to click a link, download a file or something similar, do not do it. Legitimate people in your team or organization are highly unlikely to urge you to download a file.
If you’d like to learn more about how to prevent your organization from cyber attacks, click here for a free assessment. An assessment can examine the strength of your internal infrastructure and show which ways you can improve your security.