The pandemic that is COVID-19 is quickly turning into pandemic of ransomware. Canada is not immune to the global increase in ransomware. Scott Beck, of BeckTek in Riverview, NB, told Canada’s National Observer that he has seen “a 4,000 per cent increase in ransomware emails and among my own clients, 53 per cent of inbound emails last month were junk phishing emails.” David Shipley, CEO and founder of Beauceron Security in Fredericton, added, “We’ve seen about a 250 to 350 per cent increase [in ransomware-related attack attempts] in the last three weeks alone with COVID-19 themed cyberattacks. And at last count, there are 13,000 website domain names using some form of the name COVID-19 that are malicious websites,” If that wasn’t bad enough, last month, the Financial Post reported that two Canadian organizations involved in work on COVID-19 — one a government body — have been the targets of recent ransomware attacks. US Cybersecurity firm Palo Alto initially reported on the attack on the Canadian organizations. Jen Miller-Osborn, deputy director of threat intelligence with Palo Alto, said they are seeing a rise in phishing attacks using the pandemic as a hook to trick people into opening an attachment or clicking a link. Says Miller-Osborn, “going after people who are on the front lines is just really despicable. So, we really want to call attention to the fact that that is happening to make sure those people on the front lines have as much awareness as they can.” Workers, be they on the front lines or working from their home office, already have a lot to worry about. We can offer some tips to help workers understand how to spot scam emails that could infect them with ransomware. Here are 4 signs to watch for. If the email has these 4 things, watch out, it could be phishing for privileged information or trying to infect you with ransomware.
- The email is requesting personal information. Before you respond, ask question, why?
- The email is trying to elicit an emotional response from the reader. Usually the sender is requesting that you respond immediately. Again, ask yourself why? Will there really be an issue if I wait a day or two?
- The email has several spelling and grammatical errors. A lot of phishing scams come from overseas, they may not sue the correct spelling or grammar.
- When you hover over links and email addresses, check that the links are actually legitimate domains of organizations your deal with. For example, if the link says microsoft.com, but when you mouse over, it says something different, rest assured if you click the link you will not be going to the Microsoft website and could be downloading malware onto your device.