It has been months since COVID-19 forced us to work from home. Overnight we had to change habits and routines. Unfortunately, scammers are also quick to adapt and exploit such situations. Many people do not know what a typical feature of phishing attacks is, and thus go straight into the trap of the scammer. We caught up with Mark Stegelmann, who is the head of consulting at our partner company Watchcom, to learn more about this topic.
Scammers adapt their message to developments around COVID-19
- We see that our customers are seeing a significant increase in phishing attacks. It is not uncommon for criminals to exploit uncertainty and fear created by current issues for their own gain. In early 2020, we found that the scammers were trying to exploit the great uncertainty when COVID-19 broke out, and fake emails with "up-to-date information on Covid-19 proliferation in your city", "important precautions to prevent more deaths" and "consequences of COVID-19 for your industry" became more and more common, Stegelmann says.
- We now see that the phishing attacks are centered around video conferencing notifications with a request to download software to attend the meeting, information about state support schemes, information about new virus spread, and possible vaccines.
Mark Stegelmann, PhD and department head for consulting at Watchcom
All sectors of business are at risk
The financial industry has traditionally been one of the most vulnerable industries for phishing attempts, since most criminals have a financial motivation. A much-cited example of a comprehensive scam started by phishing is the "Norfun Scam".
- On May 13, the state-owned investment fund Norfund went out in the media with DNB to inform them that they had been scammed for NOK 100 million in an advanced email fraud. The perpetrators had apparently gained access to the company's email server and sent fake emails to employees, and through a professional scam, employees were tricked into paying money into a bank account in South America. Unfortunately, this is not a unique case. DNB's statistics show an increase of 32 per cent of similar fraud cases last year. The losses can be huge, not only financially, but loss of reputation, reputation and market position, says Stegelmann.
- Unfortunately, this does not mean that other industries are not exposed to scams. Most of our customers, regardless of industry and size, report that their employees have been tried to scam even though they do not necessarily manage large amounts of money.
Furthermore, he says that it is special these days, now that most of us sit at home office and there is a great distance between the employees and the business. When we send much more e-mail and in addition do not see each other physically, it becomes more difficult to reveal the scam, and we become especially vulnerable to fraud attempts.
- While organized criminals often choose to attack larger companies in the hope of bigger profits, many scammers try to attack smaller companies in the hope of "easy money" and the victims do not have as good internal routines and skills of the employees as in a larger company , emphasizes Stegelmann.
Get help to stop phishing attacks
Watchcom has understood that training and training of employees is very important in preventing attacks. Watchcom's advisors have extensive experience in conducting generic and targeted phishing drills based on today's threat, both for smaller and larger private and public companies. The security experts assist with, among other things, the planning of the target group, the time and content of the exercise, to ensure that the results of the exercise give the customer the best possible insight into how vulnerable the business is to phishing attacks.
To enhance customer training and awareness raising, Watchcom is partnering with one of the world's leading phishing drills providers; KnowBe4. Together they offer automated phishing exercises; a cost- and resource-efficient solution that reduces the need for coordination and follow-up of exercises and training measures. The platform gives businesses the opportunity to compare their own results against companies of the same size and industry over time, which becomes an important tool for adjusting security measures.
- We are committed to creating a positive safety culture for our customers, and believe that a strongly rooted and practiced safety culture pro-actively contributes to increased security. We have very good experience with this across industries and businesses, ”adds Stegelmann with a smile.
Together with Watchcom we deliver courses in security culture, and we can conduct a phishing test to see what it looks like to you today. Fill in the form below so that we can contact you with more information.