As reported by Threatpost, researchers from IBM are warning of an ongoing phishing attack that’s targeting the credentials of more than 100 high-profile executives at a German multinational corporation that’s tasked with procuring coronavirus medical gear for Germany. The company, left unnamed by researchers, is part of a task force created March 30 by the German government and the private sector to procure personal protective equipment (PPE) for healthcare workers on the front lines of COVID-19, such as face masks and medical equipment.
The task force consists of nine companies, including car manufacturer Volkswagen, pharmaceutical company Bayer, airline Lufthansa, chemical firm BASF and shipping company DHL, who are leveraging their access to foreign markets to purchase and deliver PPE to German ministries.
Phishing scams are still very common, but particularly clever attempts are increasing and can deceive even those who are aware of them. In the moment, reading something which mounts pressure on you to verify or give up information can easily make you trip up and overlook a scam with no clues. You simply cannot trust all emails no matter what the body of the message says.
Verifying authentic emails has never been more important but remains the best bet in beating the fraudsters. Companies that don\’t have the proper security procedures in place can often leave themselves vulnerable to a social engineering attack, and constant delivery of training is vital to make people aware of the problem and raise a zero trust policy. If you have fallen for a scam like this, it’s a race against the clock to reverse the damage caused, such as changing passwords that are reused elsewhere.