Executive Summary

As people around the world are faced with fears and concerns over the COVID-19 pandemic in the first quarter of 2020, criminals are also taking note. And unfortunately, they are using this as an opportunity to try and steal money and personal information by generating social engineering scams via email, text, and phone calls. 

The results of Fortinet Threat Intelligence Insider Latin America for the first quarter of 2020 reveal an increase in attempts to lure unsuspecting victims into going to malicious sites, clicking on malicious links, or providing personal information over the phone under the auspices of COVID-19. Many of these scams attempt to impersonate legitimate organizations by offering fake informational updates and even promises of access to vaccines..

An unprecedented number of unprotected users and devices are now all online at the same time. In any home, right now, there are likely one or two people connecting remotely to work through the home internet connection. There may also be kids at home engaged in remote learning part of the time and connected to their friends the rest. And the entire family is engaged in multi-player games, talking with their friends in online chat rooms and over social media, as well as streaming music and video. 

It’s a perfect storm of opportunity for cybercriminals.

Fortinet reported an average of about 600 new phishing campaigns per day in March 2020.

The Fortinet Threat Intelligence Insider Latin America reported a significant rise in viruses, many of which are included in these malicious phishing attachments. During the first quarter of 2020, we have documented a 17% increase in viruses for January, a 52% increase for February, and an alarming 131% increase for March compared to the same months in 2019. 

In the first quarter of the year, Latin America and the Caribbean region suffered approx. 3 million attempts of virus attacks.

Tips

It is essential that organizations take measures to protect their remote workers and help them secure their devices and home networks. Here are a few critical steps to consider:

  • Educate your remote workers – and their families – about things like phishing and malicious websites and how to stop them. Fortinet has made a number of user training resources free of charge, including the first two levels of our NSE training program.
  • Perform a review of your security tools.
  • Make sure that remote workers have a VPN solution in place. For more advanced security, consider adding tools to detect and defuse live threats.
  • Ensure that your corporate headend is also protected, enabling multifactor authentication. Also consider a NAC solution to ensure that authenticated devices only have access to the network resources they require, and to automatically respond to devices that misbehave.
  • Given that so many attacks are phishing-based, it is critical that your secure email gateway is capable of detecting and filtering out phishing attacks and spam, and eliminating malicious attachments.
select country