Cybercriminals have not halted their activities despite the health emergency and are taking advantage of the situation to carry out attacks on a larger scale. This surge in cyberattacks has been exponential, using the coronavirus as a pretext and exploiting the lack of knowledge among users and employees, who are manipulated to steal personal or company confidential information through links to malicious web content, fake websites, and emails impersonating an individual or organization—the latter being the most common and the one that generates the greatest uncertainty, given that many employees are currently working remotely.
Recently, INCIBE has shared some guidelines to help identify these malicious emails created using social engineering techniques. Generally, these emails aim to attract attention using the following tactics:
- Urgency: Encourages potential victims to open a link or download an attachment, insisting that they do so quickly, so there is no time to assess whether the information is trustworthy. This type of strategy is commonly used in phishing attacks targeting banks.
- Authority: This strategy attempts to impersonate individuals or entities—both public and private—that the victim trusts, with the goal of forcing them to perform a specific action that benefits the cybercriminals.
- Willingness to help: The current situation also allows cybercriminals to exploit people’s vulnerability and lack of knowledge to extract all kinds of information. Above all, they seek to obtain the most sensitive data, which they can later exploit to profit from it through third-party actions.
- Free offers: It’s common for a free product or service—or a special promotion—to catch your attention. Right now, cybercriminals are using this strategy to offer free face masks, hand sanitizer, internet service, electricity, gas, and more.
There are also other factors to consider to avoid falling victim to these cyberattacks. It is important to carefully check the origin of an email—whether it comes from an individual or a company. If it is from a company, it should not come from a free email account such as Gmail or Outlook. It is also important to note that if these emails come from a legitimate organization, they typically do not contain spelling or grammatical errors or lack a corporate signature at the end of the message; therefore, the absence of a signature can already be considered a red flag for fraud.
Additionally, emails may also contain links that redirect to websites designed to spread malware and/or steal sensitive information. Attachments always pose a threat, so it is advisable not to open communications containing file extensions such as:
- .exe – The traditional Windows executable file.
- .vbs – A Visual Basic Script file that can also be executed.
- .docm – A Microsoft Word file with macros.
- .xlsm – Microsoft Excel file with macros.
- .pptm – Microsoft PowerPoint file with macros.
Cyberattacks are becoming increasingly difficult for users to identify, making cyber scams easier to carry out. By taking the necessary preventive measures and staying aware of how cybercriminals are evolving their techniques, it is possible to stay one step ahead and reduce the risk of becoming the next victim and compromising your information.
How can these situations be avoided?
For organizations and employees who exchange sensitive and/or confidential information on a daily basis, it is important to implement corporate tools that include advanced security policies such as encryption, antivirus filters, etc. Tranxfer is the corporate tool for sending and receiving corporate files that applies these advanced security policies and enables the organization to control, track, and ensure regulatory compliance for files entering and leaving the company’s perimeter.
With Tranxfer, prevent the misuse of email and collaboration tools for exchanging information with external third parties (suppliers, customers, etc.). Discover the technical features of Tranxfer.
Get Started with Avada Crypto
Looking for help? Get in touch with us
