Cybercriminals do not stop their activity despite the health emergency and take advantage of the situation to carry out attacks in greater volume. This increase in cyberattacks has been exponential, using the coronavirus as a pretext and abusing the ignorance of users and employees, who are manipulated to steal confidential personal or company information through links to malicious web content, false portals and emails supplanting the identity of an individual or organization, the latter being the most common and the one that generates the greatest uncertainty if we consider the teleworking situation of many employees.

Recently, INCIBE has shared some guidelines to help in the identification of these malicious emails made with social engineering techniques. In general, these emails are intended to attract attention through the following premises:

inquietudes del teletrabajo y contexto actual
  • Urgency: Encourage your potential victims to open a link or download an attachment, insisting that it be done quickly, so that there is time to assess whether the information is trustworthy or not. This type of strategy is commonly used through phishing to banks.
  • Authority: This strategy tries to impersonate people or entities, both public and private, that are trusted by the victim and whose objective is to force them to take a certain action for the benefit of cybercriminals.
  • Willingness to help: The current situation also helps cybercriminals to take advantage of people’s vulnerability and ignorance to extract all kinds of information. Above all, it seeks to extract the most sensitive, to later exploit it and obtain a revenue for it with third actions.
  • Gratuity: It is common for it to attract attention that a product or service is free or has a promotion. Currently, cybercriminals use this strategy to offer masks, disinfectant gels, Internet, electricity, gas, etc. for free.

Likewise, there are other factors that must be considered to avoid falling and being victims of these cyberattacks. It is important to look carefully at the origin of an email, whether it belongs to an individual or a company. If it is the case of the latter, it could not come from a free email account such as Gmail or Outlook. It is also important to mention that if these emails come from a legitimate organization, they do not usually make mistakes in their writing or have an absence of a corporate signature at the end of the communications, so the absence of it can already be considered a sign of fraud of which to suspect.

Furthermore, the emails may also contain links that may redirect to websites that are programmed for the spread of malware and / or theft of sensitive information. Attachments always represent a threat, so it is advisable not to open communications that contain extensions such as:

  • .exe – The traditional Windows executable file.
  • .vbs – Visual Basic Script file that can also be executed.
  • .docm – Microsoft Word file with macros.
  • .xlsm – Microsoft Excel file with macros.
  • .pptm – Microsoft PowerPoint file with macros.

Cyber attacks are becoming increasingly difficult for users to identify and that increases the ease of cyber scam. If the necessary preventive measures are taken, being aware of how cybercriminals are evolving their techniques, it is possible to go one step further and reduce the risk of being the next victim and putting information at risk.

How to avoid these cases?

In the case of organizations and employees that exchange sensitive and / or confidential information on a day-to-day basis, it is important to establish corporate tools that include advanced security policies such as encryption, encryption, antivirus filters, etc. Tranxfer is the corporate tool for sending and receiving corporate files that applies these advanced security policies and that allows the organization to control, traceability and regulatory compliance of the files that enter and leave the company perimeter.

With Tranxfer, you avoid the abuse of email and collaboration tools for exchanging information with external third parties (suppliers, customers, etc.). Discover the Tranxfer technical characteristics .

supervisar evolucion

Get Started with Avada Crypto

[contact-form-7 404 "Not Found"]

Looking for help? Get in touch with us

oficinas remotas