Our Phishing Awareness Campaign

Over the last week or so, the team at Cygenta and I have been busy pulling together the first campaign for the CV19 volunteers group, which is focused on phishing awareness. This campaign will go to frontline and back office staff in healthcare organisations in the UK, Germany, France, Spain, Italy, Portugal, Russia, Poland, Greece, Sweden, Slovakia, Finland, Norway and the Netherlands. It will also be made available for use in CV19 sister groups in Australia, Brazil, the USA and Dubai.

You can see all of the resources and download them here.

Cyber criminals are seeking to exploit the COVID-19 pandemic, with many social engineering attacks using the crisis as a theme in one way or another. The UK’s National Cyber Security Centre (NCSC) has detected more UK government branded scams relating to COVID-19 than any other subject, as they outline in this pdf joint advisory with the US Department of Homeland Security. According to Google, criminals are sending 18 million COVID-19 phishing emails a day to Gmail users, with some speculating that the pandemic is the biggest phishing topic we have ever seen.

With this in mind, my team and I knew that phishing should be the focus of the first awareness campaign that we would deliver as part of our volunteer work with the CV19 group. The healthcare workers that we know have been recipients of phishing messages both at work and on their personal devices and now, more than ever, we want to help the healthcare sector be as secure as possible. 

Posters for the CV19 phishing awareness campaign

Many phishing attacks take advantage of people’s anxieties, concerns, desire to help and the special offers and support that corporations are extending to healthcare workers. Attackers do this because when a target’s judgement is clouded by emotion, they are more likely to click a link, download an attachment or transfer money without considering the fact that the communication might not be genuine. Therefore, this campaign raises awareness of these scams and the way they target our emotional responses. The aim of this campaign is to encourage people to be vigilant of communications and to take a minute to check it’s right. 

Video for the CV19 phishing awareness campaign

We have intentionally avoided heavy use of fear-based messaging, because such messaging can often be counter-productive. We want to engage and empower people, not add more fear into a climate where there is already enough anxiety. 

For this awareness campaign, we have created three posters, three flyers and a video. These are targeted at frontline and back office healthcare workers in the UK and Europe and are freely available for all to download and use.

You can see all of the resources and download them here.