3 ways to combat coronavirus phishing scams

07 April 2020 Consulting.ca 2 min. read
More news on

With a surge of scams related to the coronavirus pandemic targeting businesses, RSM Canada offered a few pointers to reduce risks.

As criminals attempt to take advantage of anxiety and increased corporate and public health communications to steal personal information or compromise computers, companies need to remain vigilant and keep their employees well-informed.

According to RSM, scammers are keen to pounce on disaster scenarios to exploit fear, as well as lapses in protections and controls.

Scammers are using two sorts of attacks. The first is a lower-level one, where hackers send emails or texts with no particular target, impersonating the health department, Red Cross, WHO, or other entities tied to the pandemic. The emails try to get people to click on links which can lead to a theft of personal info or downloading malware or ransomware. One example is a fraudulent mass text message purporting to be the Red Cross and offering a box of free masks to recipients.

3 ways to combat coronavirus phishing scams

A higher-level attack is one that targets individual companies and presents fake coronavirus alerts or guidance authored by the organization’s leadership. Using a familiar name or face means these attacks have far higher success rates, according to RSM.

The consulting firm offered three ways to safeguard against these phishing risks.

Get in front of the issue and communicate the risks

Companies need to proactively communicate to employees about how they will distribute alerts and information. It’s important to make clear what will and won’t be requested, while stressing the importance of going to official company channels to stay and informed and vet any fishy emails.

Make it personal

Firms also need to make employees aware that risks extend to their personal networks, with threats lying within family communications. “Employees will get the point in terms of company data, while also appreciating the encouragement to act regarding personal data,” the firm wrote.

Communicate and evaluate remote work security policies

With security and firewalls often not protecting devices that access the network remotely, companies need to communicate rules and risks for working outside the office. Companies may also examine network or security changes to boost remote-work cybersecurity.