Mary Jo Schrade, Assistant General Counsel, Regional Lead, Microsoft Digital Crimes Unit Asia
The past months have seen cybercriminals adapt their tactics to leverage what is going on in the world. In the first two weeks of March, Microsoft observed COVID-19 themed attacks peak, as nations began to take action to reduce the spread of the virus and travel restrictions came into effect. By the end of March, every country in the world had seen at least one COVID-19 themed attack.
Microsoft has been tracking these trends and investigating the criminal networks behind them.
An example of this is a worldwide cybercriminal disruption, which stopped an attempt by attackers to defraud customers in 62 countries around the world. While first observed in December 2019 by Microsoft’s Digital Crimes Unit (DCU), the sophisticated, new phishing scheme designed to compromise Microsoft customer accounts has evolved in the past few months – using COVID-19-related lures in emails to target victims.
Costly price of business email compromise attacks
In recent years, business email compromise (BEC) attacks have increased in complexity, sophistication and frequency – where attackers enter the inboxes of employees and organizations to infiltrate their networks like yesterday’s attack.
According to the FBI’s 2019 Internet Crime Report, the most costly complaints received by its Internet Crime Complaint Center (IC3) involved BEC crimes, and have resulted in losses of over $1.7 billion, representing nearly half of all financial losses due to cybercrime. This increasing economic harm caused by cybercriminals must be considered and confronted by the public and private sectors and it is a key priority for Microsoft’s Digital Crimes Unit together with law enforcement agencies around the world.
Often, these crimes entail cybercriminals designing phishing emails to look as though they originated from an employer or another trusted source. These emails are attempting to compromise accounts, steal information and redirect wire transfers. Recently, the phishing emails have been cleverly masked with messages with COVID-19 headlines like “COVID-19 bonus” as a means to exploit pandemic-related financial concerns and to induce targeted victims to click on malicious links.
Of the millions of phishing messages seen globally each day, roughly 60,000 include COVID-19 related malicious attachments or malicious URLs. Microsoft intelligence has found that attackers have also been impersonating established entities like the World Health Organization (WHO), the US Centers for Disease Control and Prevention (CDC), and various ministries and departments overseeing health issues in countries around the world in order to lure unsuspecting victims to open emails and click on attachments or links.
Safe practices the best protection against phishing
- Enable two-factor authentication (2FA) or multi-factor authentication (MFA) on all business and personal email accounts – this should be applied across business organizations that employees work in, as well as any online services used on a day-to-day basis.
- Learn how to spot phishing schemes and guard against them – employee guidelines should contain information on how to identify phishing attempts, how to distinguish between official communications and suspicious messages that violate company policy, and where these can be reported internally.
- Enable security alerts about links and files from suspicious websites and unknown senders, and carefully check email forwarding rules for any suspicious activity.