Enzoic Navigation
  • Solutions
    • Enzoic for Active Directory
    • Enzoic for Active Directory Lite
    • Enzoic Account Takeover Protection
    • Enzoic Exposure Alerts
    • NIST Password Standards
    • Hospitals & Healthcare Password Policy
  • Support
  • FAQ
    • FAQ Overview
    • Active Directory FAQ
    • Account Takeover FAQ
  • Resources
    • Resource Hub
    • All About Active Directory Passwords
    • What Is Credential Stuffing
    • What Is Account Takeover
    • What is a Cracking Dictionary
    • Intuitive ATO Protection
    • About Strong Passwords
    • Tech Docs
      • API – Dev Doc
      • Active Directory – Tech Docs
      • Security Overview
  • Company
    • About
    • Threat Intel
    • Enzoic Blog
    • Enzoic Partners
    • In the News
    • Contact Us
    • Careers
  • Sign In
  • Sign Up
  • Solutions
    • Enzoic for Active Directory
    • Enzoic for Active Directory Lite
    • Enzoic Account Takeover Protection
    • Enzoic Exposure Alerts
    • NIST Password Standards
    • Hospitals & Healthcare Password Policy
  • Support
  • FAQ
    • FAQ Overview
    • Active Directory FAQ
    • Account Takeover FAQ
  • Resources
    • Resource Hub
    • All About Active Directory Passwords
    • What Is Credential Stuffing
    • What Is Account Takeover
    • What is a Cracking Dictionary
    • Intuitive ATO Protection
    • About Strong Passwords
    • Tech Docs
      • API – Dev Doc
      • Active Directory – Tech Docs
      • Security Overview
  • Company
    • About
    • Threat Intel
    • Enzoic Blog
    • Enzoic Partners
    • In the News
    • Contact Us
    • Careers
  • Sign In
  • Sign Up
Sample COVID-19 Phishing Email

Employee Account Takeover in the Age of COVID-19

Account takeover for employees, customers, and users has become a real issue since the COVID-19 outbreak. Here is why that is and what organizations can do about it.

Since its discovery in December 2019, the novel Coronavirus, Covid-19, has spread throughout the world and caused significant disruption. This disruption has taken many forms. Of course, the most serious consequence of the pandemic has been the loss of life and the economic impact. Measures such as social distancing and self-isolation are considered necessary. It’s because of this that some authorities and conscientious employers moved to home-working.

The way we work has fundamentally changed, at least for the time being. We are now witnessing remote working at levels never seen in the past. This shift towards home working has allowed many thousands of businesses to continue operating through these unprecedented and uncertain times. However, this shift has also created opportunities for nefarious individuals to exploit companies. Work-from-home threats are a pressing and real concern.

Account Takeover & Attacks on the Rise during COVID-19 Crisis

Cybersecurity experts and government officials have warned that companies transitioning to large scale remote working are at risk of cyberattacks, employee account takeover attacks, and customer account takeover attacks. Although remote working isn’t new, many companies only had limited home-working capabilities, if any. The best way to ensure protection from cyber attacks is to have an educated workforce, robust cybersecurity systems and tools, and a thorough implementation of policies. However, unprecedented times call for unprecedented measures. The coronavirus pandemic hit swiftly and as such many businesses were ill-prepared to make this switch to remote working. Companies acted quickly to make this switch to prioritize the safety of their employees and the wider community. Unfortunately, this type of rapid change does leave companies vulnerable to cyber-attacks

The following factors contribute to increased cyberattack threat:

  • Inexperienced workers – Many thousands of people are now working from home who have no (or very little) experience with remote working.
  • Fluidity in job roles – The evolving economic impact of the pandemic has caused businesses to make tough financial decisions. Some of these decisions involve cutting staff numbers or reducing the active workforce. These choices can significantly disrupt the usual way of working and cause job roles to become more fluid. Employees may find themselves taking on new responsibilities they are unfamiliar with. Cybercriminals can exploit this vulnerability by conducting social engineering or phishing attacks. These attacks are more likely to be successful when employees are less certain of their responsibilities or less able to spot an unusual request due to inexperience.
  • The strain on IT staff – Shifting large numbers of the workforce onto new IT systems that they are unfamiliar with naturally causes teething issues. IT staff will be spending more time fixing remote-working IT complications and have less time to dedicate to cybersecurity efforts.
  • Mistakes – A rushed implementation of new software or policies can lead to errors being made. Cybercriminals will be looking to exploit these errors before they are noticed and patched.
  • New scams and techniques – Many people are familiar with traditional scams like malicious fake invoice emails or calls to action that involve clicking on a malicious link for a familiar service. The more people are exposed to these scams or educated on them, the easier they are to spot and avoid. This is why hackers constantly work to adapt their methods to trick people. The coronavirus situation has allowed hackers to invent entirely new ways of encouraging employees to hand over their account details. During a crisis of this scale, communications from external bodies are more frequent and people are often more motivated to comply with requests from sources they deem authoritative.
  • Exposed data – Exposed information, such as user name and password, make it easy for cybercriminals to take over accounts. Don’t let your users use compromised credentials, especially not during the COVID-19 pandemic.

The Current State of Cyber Attacks and Account Takeover Related to Covid-19

Phishing scams preying on the fear and confusion surrounding coronavirus started as soon as the virus started hitting the headlines back in January. Since then, hackers have continued to refine their techniques to exploit this ongoing crisis. Hacking threats have been on the rise, with one security firm reporting a 15% increase in hacking threats each month since the outbreak started. On March 12 and 13, Brno University Hospital in the Czech Republic suffered a ransomware attack, forcing them to cancel operations and relocate patients to nearby hospitals.

There have been reports of thousands of new scam and malware sites being created daily. Emails are being sent to employees trying to trick them into downloading malicious software or handing over their credentials. For example:

  • A phishing email has been identified in which the sender poses as the World Health Organization (WHO).
  • The recipient is encouraged to download a document which details guidance and advice on Covid-19.
  • The content of the document is legitimate but the victim will be asked to enable macros.
  • If they agree, a banking trojan is downloaded onto the computer, according to this article.

Other emails have been circulating that pretend to detail information on a coronavirus vaccine. A Russian hacking group posing as Ukraine’s Center for Public Health was also found to be responsible for sending phishing emails to targets in Ukraine. Coronavirus ransomware attacks have also been documented. It appears that cybercriminals are targeting people in countries most severely affected by the virus, including Italy, China, and South Korea. The exact countries being targeted are expected to evolve as the situation advances.

Protecting Your Employees from Account Takeover during COVID-19 Pandemic

Many businesses are operating under reduced capacity or with limited funds and as such, taking proactive cybersecurity measures in terms of new staff and costly dedicated software may be unfeasible right now. This does not mean you are powerless.

Try to stay up to date with the latest developments on coronavirus related cyber-attacks. Familiarize yourself with emerging attacks and educate your workforce over email. Tell employees what to look out for, and when they should notify the IT department. It may also be a good idea to communicate to your customers what communications they can expect from you, as well as some cybersecurity tips. Lastly, make sure your employees are not using exposed passwords.

If you are a small business, you can leverage Enzoic’s tools or free password strength meter to help protect your employee and customer accounts from account takeover.

account takeover protectioninsider threat

Search

password audit (1)

Browse blog categories

  • Account Takeover (24)
  • Active Directory (36)
  • all posts (120)
  • Continuous Password Protection (21)
  • COVID-19 (7)
  • Cracking Dictionaries (6)
  • Credential Screening (20)
  • Cybersecurity (53)
  • Data Breaches (25)
  • EdTech (3)
  • Enzoic News (13)
  • Financial Services Cybersecurity (3)
  • Healthcare Cybersecurity (11)
  • Law Firm Cybersecurity (2)
  • NIST 800-63 (25)
  • Password Security (19)
  • Password Tips (43)
  • Regulation and Compliance (9)

Stay up to date

Research, news, and more right to your inbox

More

  • Learning about strong, but unsafe passwords
  • What is a credential stuffing attack?
  • What is account takeover (ATO) fraud?
  • Eliminating password reuse to prevent ATO fraud
  • Developer Documentation (APIs)

Recent blog posts

  • Busting the Myths Surrounding Password-Based Security
  • Enzoic Offers the Motion Picture Association a Premier Approach to Password Security
  • The Reality of Compromised Credentials
  • [ Sign Up for a Free Account ]
  • Contact Us
  • 1-720-773-4515

Enzoic ©2020 | Privacy Policy | Acceptable Use

Enzoic’s password auditor provides a great baseline for assessing password vulnerability. Get next level of compromised credentials protection and try the full Enzoic for Active Directory at no cost.

Cookies

This website uses cookies to improve your experience. Continue to use the site as normal if you agree to the use of cookies. To find out more about our use of cookies or to opt-out, please see our Privacy Policy.

More Information
This site is for EDUCATIONAL PURPOSES ONLY.
Your password will be sent securely to the Enzoic servers to check if it is compromised. We do not store your password or use it for any other purpose. If you are not comfortable with this, do not enter your real password.
What is this?

Password Check is a free tool that lets you determine not just the strength of a password (how complex it is), but also whether it is known to be compromised. Billions of user passwords have been exposed by hackers on the web and dark web over the years and as a result they are no longer safe to use. So even if your password is very long and complex, and thus very strong, it may still be a bad choice if it appears on this list of compromised passwords. This is what the Password Check tool was designed to tell you and why it is superior to traditional password strength estimators you may find elsewhere on the web.

Why is it needed?

If you are using one of these compromised passwords, it puts you at additional risk, especially if you are using the same password on every site you visit. Cybercriminals rely on the fact that most people reuse the same login credentials on multiple sites.

Why is this secure?

This page, and indeed our entire business, exists to help make passwords more secure, not less. While no Internet-connected system can be guaranteed to be impregnable, we keep the risks to an absolute minimum and firmly believe that the risk of unknowingly using compromised passwords is far greater. Since our database of compromised passwords is far larger than what could be downloaded to the browser, the compromised password check we perform must occur server-side. Thus, it is necessary for us to submit a hashed version of your password to our server. To protect this data from eavesdropping, it is submitted over an SSL connection. The data we pass to our server consists of three unsalted hashes of your password, using the MD5, SHA1, and SHA256 algorithms. While unsalted hashes, especially ones using MD5 and SHA1, are NOT a secure way to store passwords, in this case that isn’t their purpose – SSL is securing the transmitted content, not the hashes. Many of the passwords we find on the web are not plaintext; they are unsalted hashes of the passwords. Since we’re not in the business of cracking password hashes, we need these hashes submitted for more comprehensive lookups. We do not store any of the submitted data. It is not persisted in log files and is kept in memory only long enough to perform the lookup, after which the memory is zeroed out. Our server-side infrastructure is hardened against infiltration using industry standard tools and techniques and is routinely tested and reviewed for soundness.

More…
  • Visit our FAQ to learn more
  • Contact us for press or sales inquiries
  • Add a free password strength meter to your website