The coronavirus continues to be a phishing nightmare

One in five UK businesses report receiving a phishing email.

The coronavirus has been unkind to millions of people. We’ve been sent home to work from home offices rather than workplaces, and with it, there’s a significant risk of falling foul of hacking attacks. According to new data, we need to be more aware than ever of the risk of phishing attacks.

According to Webroot, an international cybersecurity company, workers are struggling under the weight of massed emails. 

Workers worldwide have received 34% more emails in 2020 than they did last year.

That increase in email volume is dangerous, say Webroot, because it results in the risk that more of them could be malicious. 

That’s particularly problematic because more of us are spending time working at home – more than half of respondents worldwide say they’re working at home now, compared to pre-pandemic. With that comes the danger of not being able to ask others whether any email they receive is legitimate, or could be an attempt to trick them into clicking something they shouldn’t.

Risky business

“People are on guard more with the pandemic, with many at home reading and watching the news, frequently receiving more content on the internet and on social, and sharing news – fake or true – at a higher rate,” said Dr. Prashanth Rajivan, Assistant Professor at the University of Washington. 

“At the same time, people are also taking increased personal safety measures by social distancing and wearing masks. Together, these actions may be creating a false sense of confidence among employees that they’re more prepared to spot a phishing attack than they really are,” said Rajivan.

That’s a major concern, suggests Nick Emanuel, senior director of product at Webroot. “With mass work from home, an influx of emails and a general ‘always connected’ attitude, there are more opportunities for cybercriminals than ever before. Businesses and consumers must prioritize cyber resilience and recognise that it is everyone’s responsibility to protect their data.”

A sense of false confidence

Surveyed by Webroot, three quarters of UK respondents said they feel they know enough about cybersecurity to keep themselves safe online. But that’s not necessarily true – at least not based on another answer they provided to the questioners. Two-thirds of respondents say they regularly open emails from unknown senders without any issue – one key area in which they could end up being phished.

Worldwide, a third of workers ended up admitting they have clicked a phishing link in the last year.

In the UK, that’s one in four people. Most concerningly, when people end up being phished, not all of them confess to being conned.

One in 10 respondents to Webroot’s survey said they never reported clicking on a phishing link – meaning that many attacks could go unreported, and undiscovered until it’s too late.

Rising concern amongst workers

There are signs of success, though. One in five people say that they’ve received phishing emails specifically related to the coronavirus since the pandemic started, showing hackers are trying to take advantage of our fears of the pandemic.

But we’re also seeing people start to acknowledge that hacking and phishing can be a risk.

One in three respondents to Webroot’s survey say they’re more concerned about phishing now than they were at the start of the year.

Perhaps they’re starting to see the rising number of emails in their inbox from an unknown provenance and seeing colleagues fall foul of attacks.

The solution isn’t simple, but there are things we can do to stay safer. “More education and prevention measures are needed to achieve cyber resilience, especially as the future of work includes remote workers who are accessing company resources from personal or shared public networks,” say Webroot.