Cybercriminals take advantage of crisis and confusion. For example, when Notre Dame de Paris cathedral burned last year, hackers created fake-donation campaigns to steal citizens’ donations.
Thus, since the beginning of the COVID-19 epidemic, Orange Cyberdefense’s CERT has witnessed an increase of attacks using COVID-19 as a bait. Hackers use mostly:
We recommend staying alert concerning any suspicious demand.
Common red flags that should alert you:
Make sure to know the usual communication channel of your company (dedicated email address, the person in charge of communication, etc.). It is important to have a second communication channel (phone, instant messaging) that will allow you to verify the information and if someone in your company really sent it.
Check the authenticity of the message received, whatever the channel you receive it from: email, SMS, instant messaging, social media, etc. Elements to check are, in particular: the sender, the content of the message (spelling error or bad translation), urgent demand or unusual one… (see the previous question).
In case of doubt, we recommended to:
If someone asks you about personal matters, about your health for instance, it is important to verify that the sender has the right to obtain such information (thus, you need to know quite well the processes of your company).
In case of doubt concerning actions taken (link clicked, website visited, file attached downloaded), even if you do not witness any abnormal activities, notify your internal security service.
Also, make sure to update your antivirus and operating system.
If you have opened a suspicious attached file, disconnect your computer from the network (file and Wi-Fi). Inform your cybersecurity team right away.
If you have entered your credentials, you need to change your passwords (every app with the same login codes are concerned). Also, please contact your cybersecurity team as soon as possible.
Follow your company’s instructions concerning remote working, in particular: use the VPN access provided and follow the rules concerning Wi-Fi and Bluetooth. Deactivate wireless networks when not in use.
Remote working implies to use your professional mobile phone more frequently:
All the experts of Orange Cyberdefense are mobilized to support you during these uncertain times. We hope that these advices will help you to work from home peacefully, allowing you to take care of yourself and your close ones.
*Computer Emergency Response Team