Criminals use COVID-19 for phishing: KPMG

COVID-19 pandemic has people worried, and with that concern comes an urgent need to keep data safe and secured. Many existing organised crime groups have changed their tactics to use COVID-19 related materials on health updates, fake cures, fiscal packages, emergency benefits and supply shortages. KPMG cited the examples of campaigns, including COVID-19-themed phishing e-mails, attaching malicious Microsoft documents which exploit a known Microsoft vulnerability to run malicious code. On safeguards, Akhilesh Tuteja, global cybersecurity practice co-leader and partner at KPMG India, said, “A selection of phony customer advisories purporting to provide customers with updates on service disruption due to COVID-19 led to a malware download. Phishing emails purporting to come from various government Ministries of Health or the WHO directing precautionary measures, again embedding malware.’’ Also started appearing, COVID-19 tax rebate phishing lures encouraging recipients to browse to a fake website that collects financial and tax information from unsuspecting users.On safeguards, Mr. Tuteja further said, “A firm must provide remote workers with clear guidance on how to use remote working solutions, including how to make sure they remain secure and tips on identification of phishing while calling to ensure that all provided laptops have up-to-date anti-virus and firewall software.” KPMG recommends that the response to these could include some steps to reduce the risk to an organisation and its employees, particularly as companies shift to remote working.