mobile logo
07
June

Get It From The Source: Avoiding Covid-19 Vaccine Scams and More Trending Phishing Tactics

June 7, 2021
In Industry
By Secure Sense

People are getting vaccinated! As Covid-19 infection and hospitalization rates decline again, we’re hopeful this time is different and with enough people getting access to effective vaccines there is light at the end of the tunnel to end the pandemic – at the very least in the form of achieving a managed level of endemic. We are all seeking a return to something approaching normalcy and an end to the terrible consequences this virus continues wreak on families in our country and across the globe.

Not dissimilarly to public health officials urging us to keep our guard up and that this is still a critical time to make the right decisions to ensure the tools and measures we have to fight covid are most effective, today we’d like to take time to remind people that we’re in a critical time for vigilance against pandemic driven phishing campaigns.

Towards the beginning of the pandemic we began reporting on the uprise of ‘covid scams’ like the infamous WHO impersonations and others targeting individuals fears and demand for information about Covid-19, as well as organizations scrambling to scale up remote work capabilities. Throughout the shifting waves of the pandemic and emerging cultural and technological trends that have accompanied them, new and shifting opportunities for malicious actors to catch people off their guard and design clever scams have arisen in lock step.

Statistics Canada determined that more than one in three Canadians have received a phishing attack, and we suspect it may be significantly more prevalent than that. Opportunities for effective phishing campaigns have increased across the board, especially retail related scams due to continuing increase in online business due to public health measures. Human Resources related phishing emails with malicious attachments is another booming trend, as it is especially easy to a) anticipate what type of content employees are expecting to receive, and b) that content is new and being sent out rapidly which diminishes employees’ abilities to spot discrepancies between standard communications and fraudulent ones. More recently phishing campaigns related to vaccine information and booking have emerged, as well as scam emails related to supporting Covid-19 initiatives and donating to relief funds for hard-hit regions.

This is an especially risky time for these types of phishing campaigns because, as we hinted at, our ingrained defences to spot things out of the norm are being compromised by both the novelty of legitimate content we’re receiving, and our expectation of receiving it. To put it another way, when the world is least normal in the general sense; it’s most difficult to distinguish anomalies in the particular sense.

Let’s take the example of receiving an email invitation to register for your first Covid-19 vaccine dose. This is not a communication that any of us are familiar with, and yet it is one that most of us are eagerly awaiting, do not want to miss out on, and must respond to promptly. That is a recipe for risky clicking. Determining the legitimacy of such emails has not been easy, especially early on. You may register with your local health unit or a specific clinical organization, but the booking may then come from a unified booking system being used across many provincial organizations. Domain lookups for registration links were found by some to be registered to Her Majesty the Queen in right of Ontario, and others revealed only AWS. Assuming most folks are less persistent than cybersecurity consultants in verifying these types of things, it represents a huge opportunity for scammers.

Normally, we like to tell you not to click on links or open attachments that you’re not expecting, but that advice falls short when we are all, as a whole, expecting to receive new-to-us communications. Given the astounding quality of some of the phishing email templates and landing pages we’ve been seeing lately, combined with a population that is anxious, expectant and more active online than ever before, this is a time for deeper caution.

So, what should you do? Well, hopefully none of this information is new to you, but we will take any opportunity we’re given to remind everyone:

  • Don’t click on links or open attachments you’re not expecting
  • Verify that URL links and sender e-mail addresses look right, and better yet dig into domain registry and reputation info if you’re not sure
  • Be suspicious of content that doesn’t look or read quite right like typos, grammatical mistakes or even style and tone
  • Don’t give out sensitive information online unless you’re certain you’re giving it to the right person via a secure method (and it’s really necessary)

For more detailed recommendations you can see some of our other relevant blogs, but maybe the best advice these days echoes Justin Bieber’s current hit “Peaches” in recommending you ‘get it from the source’. If instead of asking yourself “Does this have signs of being fake” you ask yourself “Could this still be fraudulent?” the answer is increasingly yes. So, as counterintuitive as it runs to our usual recommendations for tools and automations to leverage to make our business and personal lives most efficient, the best approach in some cases is to go to the source:

  • Call the number from the official website to confirm if you should have received an email or text requesting that information. Do not use information from the email to validate the email.
  • Call your manager or HR department to confirm you should be opening that attachment
  • Go to the retailer website directly to find that deal on discounted Raybans that is just so enticing

This is good advice for individuals, but what about at an organizational level? At Secure Sense, we’re not in the habit of blaming end users. People will make mistakes—yes, sometimes ones they should have avoided—but it’s not productive to say that individuals are responsible for potential breaches given that something like 75-85% percent of breaches involve human interaction. Humans are security vulnerabilities, that’s still a fact of life; but we’re also invaluable assets to the strength of cybersecurity programs. Training is critical, but so is engagement–not only teaching people to recognize specific scams and phishing tactics, but fostering a mindset that is critical and discerning without instilling fear and blame that can lead to an aversion to these matters rather than attentiveness.

This blog entry has not been about showing off (and selling) sandboxes and gateways and zero-day malware prevention, etc., but investment in the right tech and proper implementation is still our collective best bet as organizations when it comes breach prevention and giving employees a fighting chance to avoid increasingly sophisticated phishing campaigns.  These are topics we love to discuss with anyone who wants to hear more. If you’re interested in reviewing your current posture against these or any threats, or the proven best approaches for effective awareness training, we’d love to hear from you.

Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout.

Post Tags:

Related Posts

Effective Patch Management Tools for Your Organization

Welcome back to the...

The Evolution from Password Managers to Privileged Access Management. Which is right for you?

Welcome back to the...

A Secure Sense Competitive Advantage

Welcome back to the Cyber Security Month blog! In last week’s blog, we talked about the importance and value of an MSSP, what sets Secure Sense apart from other MSSP’s and how Secure Sense can help your business. Today, we want to continue the conversation around the competitive advantage of working with Secure Sense and what sets us apart in the world of managed security.

In addition to our dedicated customer success teams and our 24×7 SOC (read more in the previous blog here) Secure Sense’s white glove service stands out in many other ways. Continue reading to find out the secret keyphrase, and our competitive advantage.

Expert engineers/analysts

Our experienced technical team comes from diverse technical backgrounds, representing a wealth of security knowledge. They play an integral role in everything we do at Secure Sense; from evaluating partners to developing services, allowing us to focus entirely on the best products and the highest training certificates.

Our engineers, architects, and analysts are required to ensure they are up-to-date on technical training. In addition to solution technical training, our technical team has focused on training in the following areas:

  • Communication for clearer and more accurate ticket updates​
  • Troubleshooting skillsets have led to fewer escalations internally, and ultimately shorter times to remediate​
  • Critical analysis skills which have measurably improved our ticket responses in providing higher quality responses to tickets.

This training has had a measurable increase in the quality of our services, as well as time to remediate and reduce escalations.

Our SOC has many teams that work with our expert analysts to ensure you receive the most from your service. In addition to our security analyst team, Secure Sense has four other technical teams: the reporting team, the threat intel team, the automation team, and the purple team.​

Automation team:

The Secure Sense automation team reviews customer requests, as well as potential customer controls, and ties those controls in with our managed services for automated systems mitigation, stopping threats in their tracks.​

The team is also responsible for:

  • Automated SIEM log analysis, tied into our Threat intelligence team to streamline the ingestion of IOCs into our managed services.
  • Implementing our vendor vulnerability review and remediation systems allows us to reduce our critical vulnerability remediation windows and provide improved visibility into coverage and reporting.
  • Delivering smart-responses from our SIEM solution, and implementation of Reporting team recommendations and improvements.​
  • Automating reporting and alerting directly into our ServiceNOW portal, providing short response times to customer alerts

Reporting team:

Secure Sense has created a dedicated reporting team to streamline and bring more meaningful data to our customers on a regular basis. This team not only builds custom reports, but also analyzes how our customers are using our services, identifying any particular improvements that we could be making to the services, and providing recommendations to the rest of the managed service teams.​

Our reporting team also builds datasets and analyses based on our customer tickets, as well as managed service systems, to identify new use cases and patterns that we can leverage to improve services internally.​

Threat intel team:

Our internal Threat Intel team reviews various events that have occurred and identifies the relevant TTPs. They provide this intelligence to our purple team which will operationalize it.​

The Secure Sense threat intel team focuses on both systematic collection of IOCs and analysis thereof, as well as individual TTPs that are used to identify new and emerging threats. ​The team looks at those tools, Techniques and procedures that threats are using in the market, and identifies how they could be leveraged against our existing customer base, along with better enhancing our services to detect those TTPs when in use.​​

Purple team:​

Secure Sense’s Purple team reflects the blend of both defensive or blue team skillsets, along with offensive or red team skillsets. The team takes tools, techniques and procedures identified by the threat intel team, analyses our customer’s environments and identifies if we can detect them. ​ With customer collaboration, the Purple team can provide execution packages where we can simulate specific components of a threat, and then validate that we have visibility into that TTP being run in a customer environment.

Professional services

Secure Sense’s implementation and support experts are experienced in a wide variety of Professional Services engagements with specialized tactical teams within our extended technical bench, focused on specific technologies and or products.

In most cases, Professional Services are project-based services that require a skilled engineer or architect for a one-time project or short-term change in your organization; or a senior consultant to provide a wide range of risk advisory services. Project teams will also typically address any ongoing support or maintenance after the initial project is complete.

Our cybersecurity consultant team and senior architects hold a broad range of top industry certifications and credentials, along with many years of experience in the industry. Our methodologies for common engagement types have been developed and refined to reflect the most up-to-date best practices and to scale to projects of any size, including global enterprise enablement.

A few of the engagements we commonly offer include:

  • Cybersecurity Architecture Assessment and Design
  • Solution Implementation Services
  • Health Checks
  • Penetration Testing
  • Vulnerability Assessments
  • Threat and Risk Assessment
  • Enablement & Training
  • Ongoing Support

Secure Sense focuses on continual training and certification among our technical ranks in order to provide the most knowledgeable technical support.

Security training

Secure Sense offers security training and can assist in helping your organization to create its cyber security training program. From general employee awareness training to specific security training for your IT and security staff, Secure Sense can help your organization combat the threats they face on a daily basis. Our team is able to offer:

  • Engaging user awareness training for end-users
  • Technology training for security solutions and products
  • Security Analyst training
  • Threat hunting training
  • Threat simulations to give your internal security teams practice in using internal tools
  • Tabletop exercise development and execution to simulate incidents and incident response

Your Key word is “Purple Team”

Don’t forget! Take this keyword and head to our LinkedIn page here to comment on it for your chance to win one of many prizes this month!

As always, if you’re interested in learning more about Secure Sense’s competitive advantage or any of our services, don’t hesitate to reach out to us at 866-999-7506 or sales@securesense.ca!

Continue reading