Most malware, according to the 2020 Verizon Data Breach Investigations Report, is delivered by email phishing scams. Nearly half of the respondents in Proofpoint's 2020 State of the Phish report were affected by phishing-induced ransomware, and about 35% suffered from some other phishing-related malware infection.
The pandemic has exacerbated the issue. Bad actors have taken advantage of the demand for information about the pandemic and set up thousands of suspicious domains that steal credentials or install malware. In April, Google said that its mail servers identified 18 million daily malware and phishing emails related to COVID-19 on top of the more than 240 million daily spam messages related to COVID-19.
Solution: Advise users to exercise extreme caution with any unfamiliar sites asking for login information, and remind them to never click on links or download attachments from untrusted sources. Implore them to check for encrypted website connections, use Whois to verify site ownership and avoid storing sensitive information on untrusted websites. Employees should know that reputable companies never ask for password or credit card information by email.