We are in an extraordinary situation, and this requires unusual measures: Cancel events, expand of teleworking, set up communication infrastructure, but at the same time, many people are insecure and wait for instructions on how they should behave.
This makes many people vulnerable to false reports and misleading or harmful recommendations. This is the ideal opportunity for phishing, impersonating malware* and other social engineering.
- “…in order to be able to continue work in the event of a crisis, please report until tomorrow 19:00 o’clock at the new office portal [here phishing page] …”
- “… install the new VPN client in time, which you can download at [Download URL for Malware]. Reply to the Security issues with Ok.”
- Stay skeptical, if you are asked by e-mail to do unusual actions or you are referred to pages that contain a password check. Note that sender addresses or names in e-mail can be faked.
- Check the correctness. Serious incidents within a organization would surely be announced on their homepage. You can also look up prominent keywords in a search engine: widespread fraud scams are often already known and documented.
- if you want to crosscheck the correctness of the mail, please look up the contacts from our/another sources instead of the contacts within this mail.
- before you enter a password into a form, always check the address.
- If you’ve entered your password on an insecure website, change it immediately and notify us (due to the urgency of that matter, please give us a call to 02243 9000 1300)
- *a example: https://www.bleepingcomputer.com/news/security/data-stealing-formbook-malware-preys-on-coronavirus-fears/