Home » Blogs » Website templates used in COVID-19 related cyberattacks

Website templates used in COVID-19 related cyberattacks

Templates increase danger and frequency of cyber threats

Hackers are increasing their efforts to compromise systems and people’s security by using common website templates. Tricked users give away their credentials, typically to fake web-zones.

The cybersecurity report agency, Proofpoint, identified over 300 phishing campaigns utilizing these website templates as part of their hacking strategy. Researched templates appear as authentic as possible, designed to appear indistinguishable from the real thing. Therefore, the idea is to create a sense of emergency (as is common with phishing attacks) so the user gives up log in or other credentials. The malicious websites even maintain authentic-looking user interfaces, which can deceive those browsing the site if not careful.

Proofpoint clarifies that mimicked organizations include the World Health Organization, the IRS, Disease Control Centers, and the UK’s HMRC. These artificial websites are so common you have likely stumbled upon them by accident.

Proofpoint goes on to say the characteristics of these malicious websites typically include information regarding COVID-19. Some will claim to sell discounted health services/supplies. Others will claim you can order medicine or a “cure” for the Coronavirus. Various designs and additional details were included to make them appear as legitimate as possible – for instance, having multiple language options or additional pages users could access.

As experts have pointed out, these details mean threat-actors are paying close attention to what makes websites appear authentic and what behaviors to exploit. In other words, they’re looking at people’s activity in an attempt to repeat that behavior. Compromised information is the result.

What this means for remote workers and businesses

Because malicious actors are likely to continue their cyber attacks as long as COVID-19 remains a pandemic, remote workers and companies must take extra precautions. So, a company that utilizes remote workers should have multiple layers of security in place to prevent potential intrusions.

If remote workers are using personal devices, they can indirectly present a severe risk to a company network. For example, if that personal device is compromised because the individual unknowingly gave away credentials on a fake Coronavirus website, that can lead to intrusion of the businesses’ network.

Protecting your network and your information

So, while there’s nothing new about phishing scams, but modern techniques leave room for concern. In a time of serious uncertainty and fear, it’s easy to make mistakes and compromise one’s own digital safety. Fortunately, there are strategies one can use to check the legitimacy of a website, and Bytagig has a list of tips you can follow

Moreover, we also recommend using these rulesets for company security policies to reduce the risk of intrusion, especially if remote work solutions are used. This informs workers of what the risks are, how to avoid them, and what steps to take if they suspect a breach or other problems.

Recommended actions

Bytagig has a few recommended actions to take to prevent these intrusions from occurring:

  • Enable TFA (two-factor authentication) on business devices, and require it if remote workers are using their own hardware for work
  • Keep all devices up-to-date and require all workers to update all relevant devices, software, and apps
  • Limit access to the business network for workers
  • Keep staff informed of phishing scams and COVID-19 related scam attempts
  • Advice caution and report any uncertainties to relevant IT security teams
  • Don’t use personal devices for company work

Still experiencing troubles or want to take your security to the next level? Bytagig has solutions for you. Contact us today.

Share this post: