Social Network For Security Executives: Network, Learn & Collaborate
Novel CoronaVirus is not only posing a grave danger in the real world, but it is also posing a threat to the cyberworld. Cybercriminals are exploiting the public fears about this deadly virus using phishing attacks.
Phishing is a technique used by cybercriminals to send genuine-looking emails and make the user take actions. These actions can be replying with personal information or clicking the link in the email and doing some transactions etc.
One such scenario is, a user receives an email impersonating as the Incometax department saying that he has a tax refund. He can transfer that refund to his account by clicking on the link that is provided in the email and just give the bank account and login details on the page. This page will look like the Incometax department's page, but it is not, and the user's details are compromised. Money is siphoned off from the bank using these details.
In the COVID-19 situation, many users receiving phishing emails impersonating as a software/antivirus company, saying that they are giving their software for free for work from home. This free software can contain malware or malicious software when installed and will infect the computer.
Some types of malware
Ransomware - Once infected, this malware can encrypt documents in the computer and demand a ransom in the form of Bitcoins to decrypt the files.
Keylogger – This malware can record whatever the user is typing, including the login credentials for a bank or an email account, and send it to the hacker.
Remote Access Trojan or RAT - This malware can give full remote access of the infected computer to a hacker. This hacker can watch what the user is browsing, or he can remotely activate the web camera and watch, or he can read the documents on the computer.
Zombies or bots - This malware even though it is harmless to the computer but controlled remotely to participate in the Distributed Denial of Service (DDOS) attacks to bring down the websites or networks.
Other examples of phishing emails based on COVID-19
· Email impersonating as HR of the company asking users to review the work from home policy, in the attached (malicious) word file.
· Email impersonating as HR that a colleague is tested COVID-19 positive and check the attached (malicious) document on how to keep safe from the virus.
· Email impersonating as the CEO of the company asking an employee to join in the video conference by clicking the link. This link can download malware.
· Email impersonating as the IT Help desk, asking the users to download and install the (malicious) VPN software for work from home.
· Email impersonating as the health department asking users to install (malicious) software on their mobile phones.
Tips to prevent yourself from being a victim to the phishing attacks
Started by Priyanka Aash on Wednesday. 0 Replies 0 Likes
What are the challenges you as a CISO have been facing since the last year and share some security trends that are catching up? Help the community by sharing your knowledge and personal views on this subject. Or if you have any specific questions…Continue
Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies 0 Likes
Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue
Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies 0 Likes
(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue
Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies 1 Like
(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue
# Manageengine Adaudit Plus -vs- Netwrix Auditor
# Rapid7 Nexpose -vs- Tenable Network Security Nessus
# Algosec Firewall Analyzer -vs- Tufin Orchestration Suite
# Hp Arcsight Siem Solutionarcsight Express -vs- Splunk Enterprise Splunk Cloud Splunk Light
# Cisco Meraki Mx Appliances -vs- Fortinet Fortigate
# Cloud Access Security Broker
# Distributed Denial of Service
# Network Advanced Threat Protection
Follow us
© 2021 Created by CISO Platform.
Powered by
Badges | Report an Issue | Privacy Policy | Terms of Service
You need to be a member of CISO Platform to join the discussion!
Join CISO Platform