You might think you can spot a phishing email a mile off. But gone are the days of “Nigerian princes” asking you to wire them money. Hackers have become more sophisticated in their techniques. Their new tactics are clearly working as, according to CISCO’s 2021 cybersecurity threat trends report, 86% of organisations reported at least one employee clicked on a phishing link in 2021.

One tactic to look more realistic is referring to current events. This could involve anything from pretending to be an organiser of a major sporting event offering free tickets, to setting up fake donation links to support victims of a natural disaster. Whatever the cover story, hackers are only interested in money or personal information that might help them with future hacks.

Real-world examples of current-event hacks

COVID-19 provided plenty of material for hackers to work with. For example, the UK’s National Cyber Security Centre (NCSC) identified phishing attacks where scammers, disguised as legitimate organisations, shared links to “important information.” However, these URLs linked to websites that could infect devices with viruses, malware and spyware.

Natural disasters also provide opportunities for scammers. During the recent California wildfires, scammers were posing as CEOs, sending emails to finance and administration staff authorising them to send gift cards and financial aid to victims. 

How to avoid falling victim

Here are some ways you can protect yourself against current event-based scams:

  • If an email claims to be from an authoritative source, check the sender’s email address. It might appear legitimate, but the smallest change can give it away. For example, an email from “mediainquiries@who.org” might look legitimate, but a quick Google shows the correct email is “mediainquiries@who.int.”
  • If an email includes a link, verify the source first. And be aware of links that have http:// instead of https:// before their URL. This shows they’re less secure.
  • Do not download any attachments unless you verify the sender is legitimate
  • If you have a phishing simulation programme, consider including current events within this, to help train your staff to look out for them