Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Re-Opening the American Economy? Malicious Actors Have a Plan...

Eric Howes | Apr 17, 2020

By Eric Howes,  KnowBe4 Principal Lab Researcher.  If you've been following the news over the past week or so then you know that a robust debate has opened at federal, state, and local levels in the United States over when and how to "re-open" the U.S. economy. Indeed, some European nations are already cautiously lifting some of the social restrictions imposed to control and suppress the spread of COVID-19.

Similarly, if you've been following the growth and development of Coronavirus-themed phishing emails over the past few months, you should also not be terribly surprised to learn that malicious actors have their own plan for re-opening businesses across the country.

Not only do they have a plan, they're starting to share it with your employees, most of whom will be keenly interested to know when they can resume something approaching a normal life after weeks of lockdown and finally return to the office.

coronavirus_re-open-1a
As phishing emails go, the prose here is absolutely pitch-perfect -- something even the most talented of malicious groups often struggle with when crafting social engineering schemes such as this one. The tone and language are familiar and hopeful, yet appropriately cautious and measured.

Nowhere will you find the hyperbolic excesses of so many of the virus-themed emails we've seen over the past few months. There are a few red flags here, to be sure -- the link, for starters, to say nothing of the From: email address. But your users need to be trained to look for them.

The payload is that familiar go-to for bad actors pushing dodgy HR announcements: Ye Olde Credentials Phish.

coronavirus_re-open-1b
Coronavirus-themed social engineering schemes have become a natural part of the threat landscape at this point. Although we are past the initial hair-raising surge of malicious emails that defined the month of March, they remain a threat because the bad guys are proving themselves all too capable of exploiting the very latest news about the ongoing pandemic to dangle phish-bait in front of your users.

While your users may be safer at home in many respects -- social distancing does appear to be "bending the curve" -- they remain as vulnerable as ever to threat actors looking to leverage yours users' fears and concerns to get inside your organization's network.

Now more than ever your users need new-school Security Awareness Training to handle the very latest social engineering schemes such as this one.

Topics: Social Engineering Phishing Security Awareness Training

Ready to Build a Security Culture That Lasts?

Stop treating training like a checkbox exercise. Using 15+ years of behavioral data, our AI-powered platform personalizes training for every user to significantly reduce human risk and stop attacks before they start.

Get a Quote

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Eric Howes

ABOUT ERIC HOWES

Read more from Eric »

Subscribe the KnowBe4 Blog

Posts By Topic

View All