Last Updated: 9th April, 2020
COVID-19 Phishing Emails Simulation: The world remains a peculiar place at the moment. With this, we find that we enjoy much time to focus and reflect upon issues. Things that used to seem trivial, like washing your hands thoroughly indefinite times a day, have become common. Shops that used to urge people to uncover their faces now frown at anyone not wearing a mask.
Emotions are intense, anxiety is high, and things have definitely changed. It’s against this backdrop that we find ourselves asking what actions are sensitive or not.
Typically, whenever there is a global news story or event, we see criminals jump on the bandwagon and manage the phishing machine in action. The COVID-19 pandemic is no exception with a severe spike in specific COVID-19 phishing templates.
To prevent employees from falling victim to these scams, one of the most effective methods has been to send simulated phishing emails on the particular topic to raise awareness and train employees into being able to recognize the scams and not fall victim.
At these sundry times, there’s a question as to whether it is appropriate or not to send simulated COVID-19 phishing emails.
COVID-19 Phishing Emails: It’s Just A Prank Bro
Pranks are usually fun and harmless. When I was young, Whoopee Cushions were extremely popular. Similar in design to a balloon, you’d inflate one and place it on someone’s seat. When they sat on it, the cushion would let out a raspberry sound that would embarrass and bewilder them until they ensure everyone around them laughing.
But a prank is barely undoubtedly a prank when everyone can laugh about it afterward. We frequently see YouTube videos where someone desperately yells, “It’s just a prank bro” like a get-out-of-jail card after appreciating a practical joke too far.
Conceivably one of the most egregious examples in recent times was in June 2019 where Kanghua Ren, known to his followers as ReSet, swapped the creme filling in the middle of an Oreo biscuit for toothpaste and offered it to a homeless man on the streets of Barcelona. The destitute man vomited after munching the biscuit.
A Barcelona court found Mr. Ren guilty of violating the moral integrity of the destitute man. He is unlikely to serve any time behind bars, however, as Spanish law traditionally allows sentences under two years for first-time offenders in nonviolent crimes to be suspended.
COVID-19 Phishing Emails: We’re On The Similar Side
You see, a prank that targets an unsuspecting and unwilling participant can be seen as cruel and offensive. While the same prank amongst friends can be taken to indeed further extremes without any offense at all, and that’s kind of how I feel about simulated COVID-19 phishing emails.
They represent a tool to help instruct and discipline employees. Regardless of the template being used, be it COVID-19 or any other, there will perpetually remain the likelihood of someone being offended.
It’s a good time to evaluate what is causing people pain in a time like this. Is it genuinely the template, or is it the manner in which the security team has been testing their employees? Do the simulated COVID-19 phishing emails seek to educate and inform, or are they delivered in a manner to engage people out and humiliate them?
In the fullness of time, you identify your company and culture better than anyone else. Some countries and regions around the world may feel it’s insensitive to use a COVID-19 template, others will not. Empathy is key and, after all, we’re all on the similar side. Our objective is to secure the organization and help instruct employees.
Consequently, if you’re considering conducting a phishing simulation, start by warning employees. Provide information about how cyber-criminals are exercising this traumatic time to their advantage.
Tell them you are going to help prepare by sending COVID-19 and other simulations, and you’re going to ramp up other testing.
Most importantly, withhold it in the spirit and tone of collaboration to collectively help secure your organization, because ultimately, whatever your viewpoint is on whether it’s appropriate to use a COVID-19 phishing template, the reality is that the criminals will definitely continue to manipulate them.