Phishing: Telecommuting + Coronavirus
Due to reasons of force majeure, known to all, a huge number of companies have been forced to urgently implement the teleworking model among their employees.
In many cases, this sudden urgency has come so suddenly that many companies have been forced to set it up without being able to count on adequate security measures and without being able to give employees minimal training in this regard.
Cyber-criminals, well aware of this fact, are taking advantage of it: We are detecting emails that impersonate the technical departments of companies, CAUs, etc. and request data from users, with the excuse of being able to keep the teleworking service operational.
These emails usually use the generic term "Technical Service" in the subject and/or in the signature, their writing does not contain errors, and the "from:" field shows the domain of the company, so for an end user they are difficult to detect.
Given the circumstances, the probability that the user provides the data is very high, which makes this campaign especially dangerous.
Recommended actions:
- Iberlayer marks the email subject with a special text when an external email is detected that uses an internal domain in the "from:" field. It is important to remember the importance of this mark, because it serves precisely to prevent scams like this.
- As far as possible warn users about this threat.
- As far as possible, remind users of the contact mechanism with the IT/CAU department, etc. and that it will never ask for your personal data, access data, etc.
- It is highly likely that after these emails a phone call will be produced to the user, again making
- Go through the Technical Service. With these lines we allow ourselves to suggest that whenever some type of data has to be given, it is the user who initiates the call or sends the first email.