Email Security in the Age of COVID

The COVID-19 crisis, besides being an immense health crisis, has also introduced a troublesome issue into the technology environment: increased cybercrime.

Since January, sophisticated cybercriminals have leveraged the COVID-19 pandemic to stage an array of cyberattacks, from ransomware takeovers of hospital and healthcare systems to impersonating video conferencing platforms which have soared in usage by remote work-from-home employees (in one 3-week period during April-May alone,  2,449 Zoom-related domains were registered, according to Check Point.)

Malicious Emails Soar

Among the biggest rises in cybercrime related to the pandemic is an attack on emails. Correlating in numbers with a UN report of a 600% increase in malicious emails during the current crisis, our partner Barracuda Networks estimates as well that the increase in the number of coronavirus or COVID-19-related spear-phishing attacks has soared by 667% since the end of February 2020. Google’s Threat Analysis Group also reported in mid-April that they blocked 18 million COVID-19 themed malware and phishing emails per day.

Spear-phishing is the fraudulent practice of sending emails ostensibly from a known or trusted sender for the purpose of inducing targeted recipients to unwittingly reveal confidential information.

The majority of the COVID related phishing emails involved hackers impersonating health organizations such as the World Health Organization to get personal information and/or delivering fake coronavirus-related news. Hackers are also creating fake COVID-19 themed email alerts. Recipients who respond to these phony alerts usually end up downloading malware or otherwise compromising their data security.

Phishing is a serious threat that can cost companies and individuals serious money and peace of mind. What can organizations do to protect themselves and their employees from the increased threat of malicious emails during this time?

No Such Thing as “Too Careful”

Fraudulent emails that seem very authentic on the surface can invariably even catch the most conscientious of us off guard. As a matter of practical and best practice advice, recipients should always be extremely cautious before opening emails or alerts that appear to come from health experts, government agencies or businesses, as well as not downloading or installing programs from sources seemingly familiar sources unless the communications is confirmed as being from the real source, etc.

Besides taking common sense personal precautions, among the best of breed in technology solutions out there that can help combat the threat of malicious emails comes from Barracuda. Barracuda Sentinel is an AI solution for real-time spear phishing and cyber fraud defense. Delivered as a cloud service, Barracuda Sentinel deploys AI to protect businesses and individuals from spear phishing, impersonation attempts, business email compromise and cyber fraud.

As noted in a previous blog, Barracuda Sentinel’s AI is always learning email patterns. It learns who is sending to who and who can send POs, credit card information and banking information. As it learns your environment, it starts to stop these types of attacks, making sure your email is secure.

There is no such thing as being too careful in today’s climate where cybercriminals are looking to exploit these uncertain times. For a complimentary email security check with Barracuda Sentinel, please feel free to contact: [email protected]

Dan Bryant is a Solutions Architect for the Applications/Cloud Practice at Groupware.