COVID-19 Phishing Security Bulletin
Unfortunately, threat actors have no compunction in leveraging events that are tragic in nature or that take advantage of panic inducing news reports. One such example is the recent use of COVID-19 in phishing campaigns.
Starting in Feb 2020, threat actors began exploiting widespread fear of the spreading coronavirus, known as COVID-19, in phishing attacks that are bypassing existing defenses and reaching end user inboxes.
This Area 1 Security Advisory & Bulletin outlines:
- Specific steps to ensure your users and corporate systems are protected from COVID-19 phishing
- Sample COVID-19 phishing campaigns and TTPs
- Why and how these campaigns are bypassing cloud email, SEG, DMARC, SPF and DKIM defenses
- Methodologies that do successfully detect these missed COVID-19 phishing attacks