Do you know that Google saw more than 18 million daily malware and phishing emails that are related to COVID-19 scams during a single week?

Add these numbers to more than 240 million daily spam messages, also related to the novel coronavirus. Now, it's starting to paint the right picture of exactly how humongous the appetite is for cyber scams.

It's truly terrifying. As a business, you're already under risk of blunt-force attacks and other nasty malware on a regular basis.

However, with the fear and high emotional turmoil caused by COVID-19, your business is even more at risk of your staff falling for phishing attacks and cyber scams. 

This is where learning how to identify cybersecurity scams and phishing attempts comes in handy. Keep reading to learn all about how to protect your business from cyber scams.

We'll start with the most common examples currently circulating the internet, then we'll breakdown how to identify a coronavirus phishing email a kilometre away. 

Examples of Current Coronavirus Phishing Emails

A coronavirus-themed phishing email can take a multitude of forms. However, they tend to mainly follow one of the following types of emails. 

1. Health Advice Emails

There have been numerous emails that phishers have sent out offering medical advice that promise protection from COVID-19. 

These emails tend to claim that it's coming from a renowned health organization or a public health office that's government-related in one form or another. 

It calls the receiver of the email to use the provided link to download "safety measures", or click to download a video of the latest virus dramas somewhere in the world. This download material is often laced with cyber malware, and can truly wreak havoc on your business data and IT infrastructure. 

2. Workplace Policy Emails

Unfortunately, there has been a recurring trend of cybercriminals specifically targeting employees' workplace email accounts. 

They tend to take the form of a coronavirus update for your employees. For example, an email arrives posing as your CEO telling your employees that there is a new "communicable disease management policy" that they need to download and read.

Of course, once an employee downloads the fake "policy", you'll be dealing with malicious software that might target your business data. 

How to Recognize and Avoid Cyber Scams

As it were, with working from home (WFH) policies in place, your employees will be using a variety of apps and software to stay connected. This will expose them to a higher risk of cyber scams and fraud. 

Let's take a look at the steps you can take to prevent either you or your employees from falling for a cyber scam.

Beware of Online Requests for Personal Information

The Australian Cyber Security Centre (ACSC) reports that approximately 100 cyber crimes have been reported where Australians have lost money or personal information due to COVID-19 themed scams.

Any email that's coronavirus-themed that asks for personal information like bank account data or login information is almost certainly phishing scam.

No legitimate government agency is going to ask for that sort of information via email. The simplest way to deal with these emails is to never respond. 

In addition, if you have an IT department with a dedicated cybersecurity unit, then make sure to notify them, so they can tighten email protocols.

Check the Email Address or Link

A great way to check where a link leads is by hovering your mouse over the URL just to see where it leads. 

In some cases, it's quite apparent that the link has nothing to do with the email's topic. However, phishers are smart enough to create links that are similar to legitimate addresses. 

Therefore, make sure to delete that email once you're suspicious of its nature. 

Keep an Eye out for Generic Greetings

Nothing screams "scam" louder than an email with a generic greeting. 

Phishing emails are very unlikely to use your name. Therefore, you'll find them going for "Dear sir or madam."

Be Suspicious of Emails That Insist That You Act Now

Another clear sign that things aren't what they seem is an email of suspicious origin that's demanding immediate action.

You'll find that phishing emails will always try to create a sense of urgency. The aim is to get you to provide personal information or to click a link or download a file as soon as possible before you think about it too much.

After all, if you took the time to think things through, you're more likely to figure out it's a scam. 

Other Cybersecurity Strategies to Protect Your Business

The techniques above are just the tip of the iceberg when it comes to cybersecurity for your business.

There are more solid strategies and implementations that are critical for having healthy cybersecurity.

Email Filtering

Even small businesses should be deploying and email filtering system.  A good email filter will validate the sender before receiving the email. Here at GB we receive tens of thousands of valid emails every day, but our email filter blocks hundreds of thousands of emails that it determines are spam or malicious.

Internet Proxy Filters

All businesses should consider using a proxy internet filter, which continually updates a blacklist file of malware websites. Should your staff click on a phishing scam, if you have a proxy in place it will often already know about that bad website you are trying to connect to and will block your connection. The rare time GB staff fall foul of a phishing scam its our proxy that often saves us.

Update Your Software

It sounds intuitive. Yet, you'd be surprised at how out-of-date a lot of business software currently is, which creates glaring holes into these businesses' firewalls and security protocols. Malware, if it is downloaded, has nothing to infect if you close all of the vulnerabilities with regular software patching.

It's important to make sure that you have the most recent, improved or safer version of installed software. This applies to both operating system software and application software.

Enable Multi-Factor Authentication

If your staff are connecting from home and their personal information is stolen, their passwords to your work systems may have been compromised. With multi-factor authentication turned on, the chances of getting hacked get decimated to extremely low levels. 

This is one of the most effective security controls you can implement to prevent any unauthorized access to physical computers, applications, and even online services. 

The way multi-factor authentication works is by requiring a combination of proofs from the person requesting access. 

For example, at GB we require at least two authentication methods to connect in remotely. The first is our business password, but the second can be set up as our staff choose. Some staff have a passcode send to their mobile, some push a button on their mobile and some without mobiles use a landline to validate who they are.

A good multi-factor authentication system will be easy to use and make the sheer level of difficulty for cybercriminals too difficult for them to bother with you.

Security awareness training

Also consider security awareness training for your staff. This can dramatically decrease the number that fall victim, but also increases the number who can detect and report the attacks.

Protecting Your Business Is Key to Survival

In this day and age, nothing can cripple your business faster than a cyberattack or falling prey to cyber scams. 

Thankfully, now you have a great toolkit of recognizing phishing emails and other underhanded attempts at getting your information or stealing your customers' data. 

In addition, you can start integrating the tips and strategies to hike up your cybersecurity and educate your employees.

For more information about avoiding cyber-attacks download GB’s whitepaper Avoiding Cyber Scams Related to Covid-19 - Whitepaper

To learn more about GB's liability, professional indemnity and cyber claims services click here.