As if we needed anything else to make life more complicated during the COVID-19 pandemic, there’s breaking news that evil hackers are still as terrible as ever. Because of this, Atlanta-based cybersecurity video training platform Curricula is now offering a free coronavirus phishing test to companies so that employees can avoid being victims of bad actors looking to take advantage during vulnerable times.
CEO Nick Santora says the company decided to create the test not simply to find ways to draw business, but to address an actual need for defense against coronavirus-specific phishing attempts.
“Depending on articles you’re reading,” Santora told Hypepotamus, “there’s been somewhere from a 300 to 500 percent increase in phishing attacks focused on the coronavirus pandemic. That’s nothing to sneeze at.”
It’s true, according to the news: CNN recently aired an interview with cybersecurity consultant David Kennedy who says his company has seen an increase of more than 500 percent in attacks directly related to remote workers than before the pandemic. Wired says the ramp-up has been happening since January.
With more remote employees making it more challenging to keep networks secure, there are more opportunities for less-diligent workers to open themselves to attacks — and with people who don’t normally work from home navigating more distractions during the workday, there’s a bigger chance defenses will slip.
What makes this crisis all the more alluring to cybercriminals is the fact that stimulus checks are now being dispersed by the federal government. When there’s that much money flying around at once, more fraudsters pop up looking to take more than their fair share.
Santora started hearing from Curricula customers being hit by a variety of attacks, asking if they had solutions specific to the situation. “It was one customer after another,” he says. “We figured it was time to act.”
The simulator was built with a few scenarios. One mimics a warning coming from the World Health Organization, pretending to notify organizations that they were on “high alert,” and that the message they were reading required confirmation by all employees.
The other pretends to be a message from U.S. Treasury Secretary Steven Mnuchin, telling individual employees that their stimulus checks are ready, but they must to register via email for a place in line.
“The government isn’t going to send you an email to register for your check,” Santora points out. “That’s not the way this works.”
Santora says there have been questions about the ethics of a simulation during this crisis — is this really the best time to put out phishing tests for fraud? Despite the questions, he says, the point of Curricula’s software is to help prevent breaches from happening by simulating them, rather than simply tricking people for the fun of it.
In fact, Santora advises that companies take this time to reassess their vulnerabilities.
“Get ahead of the curve before the event happens,” he says. “It’s about protecting your company in one of the most vulnerable times we live in. Hackers don’t care about anything but themselves.”
Click here to sign up for the Hypepotamus newsletter, and you’ll get two weekly emails covering the tech startup community in the Southeast, with all the latest jobs, news, events and announcements.