Phishing schemes and cruise line breaches
With industries around the world struggling to cope with COVID-19, and many smaller businesses especially hurting financially, it is crucial to avoid falling prey to cyber criminals and further disruption. Phishing schemes, and not just COVID-related ones, continue to be an insidious way to exploit people’s trust or fears for the phishers’ own purposes.
Phishing has resulted in a loss of $26 billion for businesses since 2016, according to the FBI. Hackers will often do a fair bit of research in order to learn about their target and convincingly impersonate a contact. This enhances their charade, maximizing the chances that even a cautious user might be fooled by an extremely convincing fraudulent email. The result is a new headline.
Every day, according to Symantec, 135 million of these phishing attempts go out. Research from McKinsey & Company shows that people on average spend 28% of their workday time checking their emails, leaving ample opportunity for any number of them to become the next weak link. Anyone can become a target of this risk, even if the machines are well protected. That’s why employee education and training is more important than ever, especially with remote access to office networks the new normal for many. It’s an inescapable result of COVID-19, and it’s hitting numerous industries.
Take the travel sector. Travel agents and cruise lines are obviously some of the most affected these days, and now Norwegian Cruise Line has experienced its own data breach, with customer data exposed and discovered sitting on the dark web. Although it does not appear to be related to any Coronavirus scams, a breach like this can lead to yet more phishing attempts and other fraudulent activities. This puts the smaller travel agents at the most risk, as their entire operation can be threatened far more than their larger counterparts. LogRhythm Labs CSO and VP James Carder states that agents should make sure they’re not using the same password across multiple applications, and recommended Norwegian install monitoring and detection controls for their systems.
While the situation holds, everyone is going to need to watch out for bad actors looking to exploit it to pilfer their data. Don’t make it easy for them.