Phishing Emails: Corona Spurs Cyber Crime | Total Security

The corona crisis seems to inspire cybercriminals in their activities: Currently there are warnings against phishing emails on corona issues, including immediate corona aid. We summarize current warnings for you, show you why employee awareness-raising is so important when it comes to phishing, and explain how you can recognize phishing emails.

Phishing Emails: Corona Emergency Aid

In a press release, the European Commission warns of phishing emails in connection with the Corona emergency aid. As a result, phishing e-mails with fake forms are in circulation, which promises an alleged “bridging aid II for companies, businesses, self-employed people, associations and institutions”. Whoever opens the form makes it easy for the fraudsters: This is how they get sensitive data that should be tapped. Therefore the commission warns: “Do not open these emails! It is a fraud attempt by malicious actors to gain access to sensitive company data. "

Phishing Emails

Predominantly Affected Users of T-Online

In addition to the police, Deutsche Telekom was also notified because: “At the moment, T-Online users are mainly affected. Thousands of T-Online users receive fraudulent emails that look like they come from Commission staff, ”warns the press release. The fraudsters have recently started using "existing personal email addresses [...] - in the current case from the spokesman for the European Commission in Germany, Reinhard Hönighaus".

The Commission stresses that no email accounts have been hacked. Rather, they are “imitated by criminals”. The European Commission states: “The imitation of the Commission's mail domain can only be successful if the infrastructure of the recipient of these malicious emails does not carry out an origin check using the“ Sender Policy Framework ”, or SPF for short because the Commission has an SPF policy published the relevant channel. As with some other providers, the recipient infrastructure behind @ t-online.de does not carry out an SPF check. "

It is important to know that the SPF check does not check the e-mail address that recipients see in the "From" field, but rather the envelope from address, which is not even displayed in the mail program. Even with the SPF check, e-mails that look like they came from another location can still be sent. Apparently, Deutsche Telekom has already reacted: It has "announced countermeasures and communication measures to the representation of the European Commission in Germany".

Phishing: An Underestimated It Security Risk

It is not the first time this year that phishing emails on corona issues have been warned: The European Commission alone issued warnings in July, October and even once in November. Also, the Federal Office for Information Security (BSI), the WHO, the consumer advice centers and the Federal Police issued a warning.

Various studies and investigations have further confirmed that the success of phishing in companies stands and falls with employee awareness. An online survey by the American software provider OpenText shows that 79% of all German office workers open e-mails from unknown senders without hesitation. This means that 4 out of 5 employees * open emails from unknown senders!

The online survey of 1,000 German employees also showed that a staggering 28% of those surveyed had been the target of a phishing campaign at least once in the past 12 months. In the course of the corona crisis, 15% of those surveyed already received phishing emails with corona topics. Terrifying: Only 13% of those who had already been the victim of an attack with phishing emails reported this to their employer.

According to their own statements, the employees surveyed received around 70 emails a day. If you consider that the majority of employees open every e-mail even if the sender is unknown, the potential for the risk of security incidents is slowly becoming apparent. The tragic thing is that employees do not feel responsible at all: Only nine percent see responsibility for cybersecurity with themselves. 66%, on the other hand, believe that the IT departments are responsible.

Further Studies on Phishing Emails with Corona and It Security

In October 2020, Ironhack analyzed which countries are particularly attractive for cyber criminals and hackers. The company explains: "Our result shows that, after the United States, Germany is the country most at risk from cybercriminals."

In their “2020 Phishing and Fraud Report”, the Munich-based company L5 Labs explains that phishing websites and emails are looking more and more professional. As a result, phishers would increasingly concentrate on recreating well-known branded websites.

As early as April 2020, Google reported that around 18 million phishing emails on Corona, topics were blocked every day - in addition to the around 240 million spam emails relating to Corona. It is noticeable that spear phishing is gaining in importance (further information on spear phishing can be found in our article “Spear Phishing with Emotet” ).

Recognize Phishing and Act Correctly

If you receive e-mails that meet the following characteristics, you should be skeptical, because then it could be phishing e-mails:

·         You will be addressed impersonally, for example with "Dear customers".

·         The content of the e-mail is intended to encourage you to take any action, such as: "Update your data immediately!"

·         Threats are also often used: "... otherwise we will permanently block your account."

·         The e-mail is asked to enter confidential data, such as your online banking PIN or your credit card number.

·         You discover links or attachments in the e-mail and are urgently requested to use them.

·         The message content is written in brittle or poor German. This also includes the appearance of Cyrillic letters, missing or incorrectly resolved umlauts such as “u” or “us” instead of “ü”. Caution: In the meantime, professionally written phishing emails hardly show any linguistic deficiencies, so be careful even with well-worded texts.

·         Check the email header: As mentioned above, it is easy to disguise email addresses and / or impersonate someone else, such as the European Commission spokesman. The IP address of the sender can be found in the email header - and it is forgery-proof. At this point, the consumer advice center explains how you can read the e-mail header.

 

In order to deal with the risk of phishing in companies, it is essential to train employees accordingly. As the study results summarized above show, many employees just don't know how to behave. Employee training on security awareness is a sustainable countermeasure - it is an investment in the company's IT security.


By the way: Phishing is not only dangerous via email or website, but also via SMS. For more information, read our article "The danger of smishing: This is how phishing via SMS works". If you want to find out how well you know about phishing, take the test: With our phishing quiz.

Use total security to protect your computer from phishing attacks.

Comments