Menu

Accessible Site

Donate Today

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

How hackers are using COVID-19 to find new phishing victims

Wednesday, June 24, 2020

Categories: ASCF News Emerging Threats National Preparedness

Comments: 0

Hackers will always exploit a crisis, and the coronavirus outbreak is no different. Since January, cybercriminals have leveraged the COVID-19 pandemic to stage all manner of cyberattacks, from ransomware take-overs of hospital systems to private network hacking. But the latest cybercrime scheme exploits the greatest cybersecurity vulnerability of all: human emotion. A slew of recent phishing attacks are targeting consumer trust in big name videoconferencing platforms to steal personal information and harm lives.

As a genre of cybercrime, phishing attacks are nothing new. In a phishing scam, cybercriminals try to get an individual to download malware or give away personal information via email or phone by exploiting their fear, anxiety, curiosity or trust. Often, cybercriminals pose as a trusted friend, official government agency or a well-known business. In fact, there have already been numerous phishing scams related to COVID-19 since the start of the outbreak, most of which have involved hackers impersonating health organizations and delivering fake coronavirus-related news.

But this time around, hackers have adapted to the realities of remote work and telecommuting by impersonating trusted tech platforms. Skype, Zoom and Google Meet users are now the targets of manipulative cybercrime.

Recent Check Point research uncovered that more than 1,700 Zoom-related domains have been registered in the last three weeks alone, and 4% of them are suspicious or possibly malicious. Hackers are using these false domains to fabricate Zoom meeting notifications and create fake COVID-19 themed email alerts. Individuals who respond to these alerts usually end up downloading malware or otherwise compromising their data security. In another iteration of this kind of scam, hackers are impersonating a Skype login page and tricking Skype users into relinquishing their password information.

It’s a devilishly smart tactic. Hackers know that over 90% of data breaches are the result of human error. And with so many people working from home, cut off from regular contact with IT security and generally on edge with anxiety or stress, now is the perfect time for hackers to test the limits of individual vigilance.

The extent of this new phishing threat is huge. Google’s Threat Analysis Group reported in mid-April that they blocked 18 million COVID-19 themed malware and phishing emails per day. At ID Experts, we’ve seen a 50% increase in the number of our ID Experts members who report being targeted by scams and phishing attacks since stay-at-home orders were first put into effect.

While spam blockers go a long way toward limiting the impact of scammers, no technology can fully protect an individual from the trickery behind phishing attacks. That’s because hackers rely on a form of psychological manipulation known as social engineering to entice and deceive individual users. The only surefire way to fight back against phishing scams is to educate employees on the signs and help them improve their personal cybersecurity hygiene.

To protect their privacy, individuals in all levels of management have to be extremely cautious before opening emails or alerts that appear to come from health experts, government agencies or businesses. And as we now know, consumers should be equally cautious when responding to videoconferencing meeting invitations. As a general rule, if you aren’t expecting the email, then don’t open it! When in doubt, check the email address against the senders’ website before clicking or reach out to the sender directly.

Additionally, employees must keep in frequent communication with their coworkers and peers.

Hackers like to exploit our isolation and confusion, but they can’t trick everyone at once. In one example of a recent phishing scam, hackers are sending around fake job termination meeting alerts through Zoom. If you receive an email or meeting notification that makes you panic, reach out to other trustworthy people like coworkers and supervisors to confirm the content of the suspicious email. Similarly, companies’ IT departments must ensure that the same centralized precautions that are in place in an office environment are in place to protect remote workers. These should include multiple levels of detection to help employees defend against phishing scams or other kinds of cyberattacks.

Finally, never download suspicious files! This may go without saying, but you’d be surprised how many people unsuspectingly download malware files just because the original email looks legitimate at first glance. Always check and double-check strange download requests. If it seems weird that a service you’ve used for years suddenly wants you to download a new app or update through a special link, chances are it’s a scam.

Phishing is a serious threat that can cost individuals and companies both money and peace of mind. Hackers are always changing tactics to exploit our greatest vulnerabilities. To stay ahead of these criminals, we have to be vigilant, especially during the pandemic.

Photo and Link: https://www.securitymagazine.com/articles/92666-how-hackers-are-using-covid-19-to-find-new-phishing-victims

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.

Search