Through phishing activities, hackers try to acquire sensitive information such as usernames, passwords, and credit card details directly from users. Phishing is typically carried out by email spoofing or instant messaging, and often misleads users to enter details on a fake website which looks very similar to the legitimate one.

Commonly, the fake website requests personal information, such as login details or passwords. This information can then be used to access the individual's account on the real website. By leveraging a victim's trust, phishing can be classified as a form of social engineering.

Many organisations are reporting a growing volume of ransomware attacks and sophisticated phishing scams using coronavirus references as bait to induce employees to click on email links or attachments infected with malware. The World Health Organisation has warned that criminals may be sending phishing emails that appear to be from the WHO and which ask recipients to give sensitive information such as usernames or passwords or click on malware-installing links or attachments. Cyber criminals have also been using the name of the US Centre for Disease Control and Prevention and aping domain names in phishing emails similar to those flagged by the WHO.

Organisations must be vigilant and in this challenging environment adopt a heightened state of cybersecurity and robust data management processes.

Go back to FAQs on Cyber Risk