Due to the exposure of COVID-19, hundreds of thousands of people in the U.S. are having to adjust from working around other people to working within the confines of their homes. Now they may also be exposing themselves to another type of risk – cyber-attacks.

Email phishing attacks are by far the most effective means that attackers use to gain entry into an entity's network. A phish is a link, attachment, or other containment in an email that is used to implant malware in a computer that can give hackers an opportunity to demand a ransom or steal data once the user clicks to open the phish. Email phishing is so successful because it only takes one person to accept an invitation to open a link or attachment sent by email to open a worm or virus that will work its way through the entire systems network. This is called spear-phishing, as it uses one infected host to spread to others. And attackers are very adept at making these emails look official – they may look like they are from the entity's management, a supplier or vendor, a partner relationship, or some other work-related entity. Other successful email phishing attacks contain links to a joke, gif or emoji attachments, invitations to events or contests, etc.; anything that would entice someone to open the link or attachment.

Now that there are so many businesses in practically every sector encouraging employees to work from home due to the coronavirus outbreak, email phishing expeditions are ramping up. Some of these employees are working from home for the first time, some won't have adequate space to have a separate office, others may be juggling home-schooling and work at the same time, or caring for sick or elderly family members in the home, or any other number of situations that are outside the norm for the employee or their family. Thus, employees working from home may be especially vulnerable, as there have been reports of phishing emails posing as important alerts regarding COVID-19, or as emails from a company executive or president about the coronavirus. In fact, Proofpoint Threat Research, a leading cybersecurity company, just revealed that coronavirus-related email lures now represent the greatest collection of attack types united by a single theme that their research team has seen in years, if not ever. The types of threats observed include phishing for credentials, malicious attachments and links, spam and malware, among others, all of which leverage coronavirus lures. People working from home during this pandemic have multiple things to think about and distract them, and may inadvertently click on a link they might otherwise have been extra cautious about.