The outbreak of the Coronavirus is front page news all over the world. The widespread concern and publicity of such an event makes it a perfect opportunity for cyber attackers to create and launch global scams and phishing attacks. This is a great time to reach out to your workforce and help them better understand the risks and secure themselves, both at home and at work. This not only helps build a stronger partnership between your security team and your workforce but helps reinforce how to spot the common indicators of such an attack, making your workforce more secure. Feel free to edit the short message below as you see fit.

Folks, most of us have seen and read in the news about the Coronavirus outbreak, formally known as Coronavirus Disease 2019 (COVID-19). We wanted to remind you that during media intense events like this, cyber attackers take advantage of this and attempt to scam you or launch phishing attacks that attempt to get you to click on malicious links or open infected email attachments. Here are some of the most common indicators that the phone call or email you received is most likely a scam or attack.<

  • Any messages that communicates a tremendous sense of urgency. The bad guys are trying to rush you into making a mistake.
  • Any message that pressures you into bypassing or ignoring our security policies and procedures.
  • Any message that promotes miracle cures, such as vaccines or medicine that will protect you. If it sounds too good to be true, it probably is.
  • Be very suspicious of any phone call or message that pretends to be an official or government organization urging you to take immediate action. 

For the latest updates consider visiting the World Health Organization or your government's website on Health and Disease Control. For example, in the United States you can visit the Center for Disease Control. Please keep in mind Coronavirus scams and attacks can happen at work or at home, via email, text messaging or even over the phone. Don’t fall victim to bad guys playing on your emotions. If you feel you have received an attack at work, simply delete the message or if you have concerns report it to our security team.

If you are going to push out an organization wide communications like this, you most likely need to coordinate first with your communications department. For those of you who have taken SANS MGT433, having a strong partnership with communications is a key takeaway of the class. Handled correctly, events like this are an excellent opportunity to engage your workforce, help them both at work and personally, and reinforce key behaviors you are already teaching.

About the Author
Thumbnail

Lance Spitzner

Director, SANS Security Awareness
Lance Spitzner has over 20 years of security experience in cyber threat research, security architecture, awareness and training. He helped pioneer the fields of deception and cyber intelligence and founded the Honeynet Project. In addition, Lance has published three security books, consulted in over 25 countries and helped over 350 organizations build programs to manage their human risk. Lance is a frequent presenter, serial tweeter ( @lspitzner ) and works on numerous community security projects. Mr. Spitzner served as an armor officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.