NEWARK – When the coronavirus pandemic began to cause widespread business closures that sent hundreds of thousands of workers to home offices, Connor Swalm knew that those businesses would soon be under an increased threat from hackers.
“We noticed pretty much right away that there has been a huge increase in successful coronavirus phishing scams,” said Swalm, a co-founder of the 18-month-old, Newark-based cybersecurity firm Anchor Security Team.
Swalm explained that hackers have increasingly been sending out phishing emails, or messages that mask their intent in order to gain access to a target’s sensitive information, tailoring them to themes amid the health crisis. Some of the most-used schemes inform a target that they have been in contact with someone who was diagnosed with COVID-19 and asks them to click a link to learn more, while another has a target click a link or download a file regarding their stimulus check or U.S. Small Business Administration loan. Those attacks are looking to gain access to personal or financial information about customers or clients, which can be sold to identity thieves, or to install keyloggers, which could allow a hacker to gain control of a computer for further attacks.
One of Anchor’s core offering is a service that sends test phishing emails to a company’s employees, with those who fall for them receiving “Learn Moments” instructions on how to avoid such attacks in the future. Swalm said that Anchor decided to begin offering that training for free to those most at risk during the pandemic: small businesses and the self-employed.
“They want this kind of training but often aren’t sought out by larger companies that provide it or they are priced out of participating,” Swalm explained. “As long as the coronavirus is still a useful scam and people are working from home, we’re going to give them our tools for free.”
Swalm noted that small businesses and the self-employed have been increasing targeted by hackers in recent years, despite the lack of attention in the press that large company’s incidents receive, because they are “low-hanging fruit.”
“An estimated 60% of small businesses that get hacked end up closing within a year,” he said. “These small businesses and individuals can’t afford the reputational harm; they can’t afford a remediation crew that’s going to cost thousands of dollars to make sure they’re still not hacked and wipe all their devices. So, we’re trying to prevent people from getting kicked while they’re already down.”
Unfortunately, pandemic-related phishing attacks aren’t the only hacks to worry about, Swalm said. Spear phishing attacks, or messages that impersonate someone close to the target, have also increased and become cleverer as more employees work from home. For instance, a hacker might create an email address matching a boss’s name but changing one letter, which may be enough to fool a basic inbox filter and a worker not looking closely.
Anchor is also advising that employees double-check their home internet network security and ensure that all computer security updates have been completed.
“I’m guilty of putting some of them off too, but more now than ever we need to keep the security patches that are coming out up to date on our devices,” Swalm said.
Swalm said that Anchor has unsurprisingly been able to adapt to working from home rather than their space at the University of Delaware, which closed its campus in March. He added that they’ve been busier than ever amid the pandemic, although much of that work has been self-imposed as Anchor tries to help businesses and grow their brand, he said.
To register for Anchor Security Team’s free phishing training, visit anchorsecurity.io/free. To attend one of its free upcoming webinars, visit its Facebook page at facebook.com/anchorsecteam/.
By Jacob Owens
