CORONAVIRUS SPAM: How a simple attachment can become fatal!

CORONAVIRUS SPAM: How a simple attachment can become fatal!

Here we are, at home, to keep doing our job in a responsible way in order to face this critical moment for the containment of the infection of the Covid-19 virus.
We are happy to have the chance of staying with our families and to manage our working time and our working space in a, different from every day but not new, “smart” way.

Have we ever wandered about the most favourable conditions for an hacker to attack?

Cybercriminals play on human factor exploiting our weaknesses, like our fears; we are worried about Covid19, money, penalties.

And do you know how they do this?

They hide themselves behind a simple email with a perfect subject, like the one unveiled by SophosLabs ; an informative communication containing as an attachment a document written (they say) by World Health Organization about necessary precautions..

How an abnormal situation can be identified? How we can manage it? And which are the tricks to unmask these attacks in a few attempts?

Today, more than before, we must pay specific attention to any form of received communication, reminding ourselves to believe only to official and validated informative sources.
It’s enough to start from these simple expedients, in security awareness pills, which allow us to don’t fall into their trap:
· Do not complete operations in an hurry way (hurry inhibits us to reason in a mindful way)
· Analyse the syntax/grammar/spelling of the message (not always but often they fall into grammar mistakes both in content and in subject of the email)
· Verify the sender (with a double click on descriptive/sender field we can open the sender profile and there we can see the real email address: Do I know him/her?)
· Double check with the person we know (in case the email seems to come from a correct address, and can ask for a ransom, take a while and call him/her before acting hastily. Be aware that this happens frequently)
· Give a specific attention to the accuracy of domain (it’s enough to invert two letters for misleading the hurried user, to insert punctuation marks, to swap i with l)
· Do a careful analysis of the content, and truthfulness of the website pages. Usually there are nominal links that drive to external malicious links (if we are browsing on suspected pages full of attractive links, DO NOT click on the link, but place only the mouse cursor and check the banner showed in a little window placed in the bottom on the left which contains the real address pointing to that link).
On smartphone, it’s enough to keep pressing on website and the preview of the page opens or just copy and paste the address on a text file in order to check the syntax. Is it a trustworthy website?
· Remind that in case of doubts, your technical Support or HelpDesk is always at your disposal.

What is the advantage of phishing campaign?

They don’t need everyone fall for it, they wait only for the 0,1% of their emails are successfully received and clicked. And please consider that on a smartphone is a lot more easy to be caught (because we act in a rush, the screen is small, and we literally lose ourselves with these smart devices).
Working from home we use a domestic Wi-Fi, a not secure network like the one we have in the office and there are connected several devices, therefore with a bigger potential attack surface.
Sometimes a spyware that is able to read what I write on my keyboard is enough in order to steal all our data.
· Check all devices connected to our network are known and dismiss the anomalous
· Have a good antivirus and keep it updated
· Isolate business company domain from the personal one: do not use personal pc and personal information to access to the business equipment and business tools and vice versa
· Choose a good password (a combination of at least 12-14 characters long, not containing references to names, not based on personal information and not easily traceable)

Don’t underestimate the risks, increase awareness of the damage we can create and we start from these security awareness pills to build a security awareness plan aimed to safeguarding our work and personal data. Ask us which IT Solutions are the most suitable for you. Please note that there are special simulation tools that reveal tricks of cyber-attacks and there are also dedicated programs to raise awareness of employees, collaborators and suppliers on these issues.
A reliable technical support, a dedicated training, a consolidated experience and targeted exercise are the ingredients to create a solid and safe environment that allows us to face any unpredictable situation. We live a technological evolution which evolves faster and faster that presents us constant challenges. We collaborate in terms of prevention and singularity by also analysing details and proposing tailormade solutions that grant us to find the best way to come out of it a winner.