As the efforts to combat the COVID-19 coronavirus continue worldwide, fear and anxiety are high. And cybercriminals are seizing the opportunity to exploit those fears to get what they want – access and information. For them, a global pandemic is just another opportunity to trick people out of their credentials and gain access to personal and company data.

That’s why being aware of phishing – and how companies and employees can avoid falling victim to these attacks – is more important than ever.

Phishing uses deceptive communications to trick the recipient into providing personal or confidential information by disguising the outreach to look like it came from a trusted source. These camouflaged messages – they could be emails, text messages or even phone calls – will lure in potential victims with what looks to be wanted, needed or trusted information, urging them to click on links, open malicious attachments, or give out confidential information.

Below are a few ideas to help you avoid these tricks:

Use multifactor authentication

Nearly every data breach can be traced back to compromised credentials, with phishing being a very common method of attack. With the massive surge in employees working from home amid this global pandemic, exposure to the risks of phishing has exponentially increased for organizations around the world. And with the general population being asked to stay home to help “flatten-the-curve”, verifying customer identities with strong authentication is more important than ever to secure digital businesses.

Authentication is the single most important safeguard to prevent unauthorized account access. Using multifactor authentication (MFA) provides an added layer of protection by requiring additional credentials to enable remote access to an account. Even if a phishing scam exposes a password, MFA can prevent the attacker from getting into the network, VPN, cloud apps and more, and it helps minimize the attack surface.

That’s why MFA is quickly becoming a mandatory level of protection for organizations—and being offered to consumers for account access by banks, healthcare institutions and ecommerce businesses and cloud applications as well.

Arm Employees with Knowledge

Everyone should be careful with messages related to the coronavirus: emails, attachments, any social media, texts on your phone…anything. Have them look out for topics like:

  • Check updated Coronavirus map in your city.
  • Coronavirus Infection warning from local school district.
  • CDC or World Health Organization emails or social media Coronavirus messaging.
  • Keeping your children safe from Coronavirus.
  • You might even get a scam phone call to raise funds for "victims".

Be alert for:

  • Emails you aren’t expecting.
  • Messages insisting that it’s urgent to act quickly.
  • Emails invoking emotion like fear or curiosity.

We’ve seen several of these attempts over the past couple weeks:

  • Messages from “CDC.com” (the CDC, of course is a “.gov”) offering updates on “New Confirmed Cases in Your City”.
  • A message that tricks users into thinking it’s from the World Health Organization, asking you to click to download important coronavirus information – the WHO’s information is on it’s public site and doesn’t require you to enter an email.
  • Emails that spoof your own company name, as if it were coming from HR.

The upshot: stay vigilant. If you need more background on phishing and other scams, StaySafeOnline from the National Cybersecurity Alliance is a great resource.

You can learn more about how Entrust Datacard powers secure identities and multifactor authentication at this link.

Mark Ruchie and Cindy Provin

Mark Ruchie is the Chief Information Security Officer and Cindy Provin in the SVP and General Manager for Authentication and nCipher Security at Entrust Datacard.