Our phishing awareness campaign for the CV19 Cyber Volunteers
The Cyber Volunteers 19 (CV19) group was set up by Lisa Forte, Daniel Card and Radoslaw Gnat following the global outbreak of COVID-19, focused on providing voluntary cyber security support to healthcare services in the UK and other European countries. When I was asked to lead the awareness project for the initiative, of course I didn't hesitate to say yes, and our team at Cygenta was equally keen to roll up their sleeves and work on this project.
Together we have produced the first campaign, which is focused on phishing. This campaign will go to frontline and back office staff in healthcare organisations in the UK, Germany, France, Spain, Italy, Portugal, Russia, Poland, Greece, Sweden, Slovakia, Finland, Norway and the Netherlands. It will also be made available for use in the CV19 sister groups in Australia, Brazil, the USA and Dubai.
You can see all of the resources and download them here. As I've already covered in this blogpost and video on COVID-19 scams, we know that cyber criminals are seeking to exploit the COVID-19 pandemic, with many social engineering attacks using the crisis as a theme in one way or another. The UK’s National Cyber Security Centre has detected more UK government branded scams relating to COVID-19 than any other subject, as they outline in this pdf joint advisory with the US Department of Homeland Security. According to Google, criminals are sending 18 million COVID-19 phishing emails a day to Gmail users, with some speculating that the pandemic is the biggest phishing topic we have ever seen.
With this in mind, my team and I knew that phishing should be the focus of the first awareness campaign that we would deliver as part of our volunteer work with the CV19 group. The healthcare workers that we know have been recipients of phishing messages both at work and on their personal devices and now, more than ever, we want to help the healthcare sector be as secure as possible.
Many phishing attacks take advantage of people’s anxieties, concerns, desire to help and of the special offers and support that corporations are extending to healthcare workers. They do this because when a target’s judgement is clouded by emotion, we are more likely to click a link, download an attachment or transfer money without considering the fact that the communication might not be genuine. Therefore, this campaign raises awareness of these scams and the way they target our emotional responses. The aim of this campaign is to encourage people to be vigilant of communications and to take a minute to check it’s right.
We have intentionally avoided heavy use of fear-based messaging, because such messaging can often be counter-productive. We want to engage and empower people, not add more fear in a climate where there is already enough anxiety.
For this awareness campaign, we have created three posters, three fliers and a video. These are targeted at frontline and back office healthcare workers in the UK and Europe and are freely available for all to download and use.
Read more about the CV19 group here and follow the founders of this great initiative:
Stay safe and well 💜