As if COVID-19 isn’t enough for businesses and employees to navigate, cybercriminals are cashing in with new coronavirus-related schemes. The 2020 cyberthreat landscape has evolved as hackers and phishing schemes seek to capitalize on the current situation to get access to personal, financial, and corporate data. Hackers and other bad actors are launching complex coronavirus-related scams that are making it more difficult to keep your employees and company data and devices safe. We’ve taken a deep dive into some of the latest emerging threats to help you educate your team and have outlined strategies that can help keep your business secure.
Phishing Attack Increase
Phishing attacks are on the rise. Phishing schemes use emails, texts, or other communications to lure users to download malware or share confidential information. Today’s phishing scams are leaning into the fear and need for information about coronavirus. The U.S. Secret Service issued a warning about an increase in phishing emails that look like they’re coming from reputable organizations such as the CDC or World Health Organization.
The briefing notes, “In one particular instance, victims have received an email purporting to be from a medical/health organization that included attachments supposedly containing pertinent information regarding the coronavirus. This led to either unsuspecting victims opening the attachment causing malware to infect their system or prompting the victim to enter their email login credentials to access the information. This type of incident enables further occurrences of cyber enabled financial crimes such as Business Email Compromise (BEC), PII theft, ransomware and account takeovers.”
Solution: Implement cyber security training, and make your employees aware of anti-phishing best practices. Email security solutions, such as those offered by Mimecast or Trend Micro, can also help identify potential risks.
Refunds, Cancelations, and Fake Cures Create Financial Crime Opportunities
In the wake of social distancing to help flatten the curve, many routine activities have been affected. Vacations, upcoming tradeshows, and sporting events have been canceled or postponed. That’s led to a flurry of communication between organizations and consumers or businesses—and that’s created another opportunity for related scams.
The Washington Post noted that as of April 1, 2020, “The explosion of scams includes robocalls, texts, and emails posing as government officials or businesses offering refunds for missed vacations or virus-testing kits. The average loss for a consumer duped by one of these scams is nearly $600, the agency reported, which adds up to nearly $5 million nationwide.”
A related scheme was recently identified and addressed by the Department of Justice. A website that was designed to look authentic purported to send users “cures” or “vaccines” (neither of which currently exist) from the World Health Organization. Users provided personal information, including a $4.95 “shipping” payment, as part of the scheme. It’s currently under investigation and points to the need to be vigilant for similar scams.
Solution: Be wary of any communications regarding financial issues or health-related information. Verify that communications are coming from the organization—by calling a publicly available telephone number, checking that the website uses a valid SSL certificate, or ensuring an email address is legitimate. Never share personal or financial information that’s requested during an unsolicited phone call and use antivirus software to help block phishing and malware attempts to steal data.
Coronavirus Map Scam
As people anxious for information about the spread of coronavirus seek reputable information, the Johns Hopkins University map has provided a vetted, trustworthy source of details on infections and more. Unfortunately, industry experts report that malware impersonates the site and compromises personal information. Encourage employees to beware of downloading any apps, including to their smartphone or mobile devices, that aren’t company approved or don’t come from Google Play or the Apple App Store.
Solution: Develop clear company policies and employee educational initiatives about links, downloads, and apps. Make users aware of common threats, and encourage them to seek information only by going directly to the map or other trusted information sources directly in their browser. Leverage the features of Web protection solutions to help prevent further related attacks to all end points, including mobile devices and connected home devices.
Fraudulent Requests for Donations
One deeply unfortunate risk that’s occurring is one that preys on people’s desire to help those in need. As many face difficult times, scammers are sending emails or establishing fundraising campaigns that look legitimate. They purport to be raising money to help with causes such as food for those in need or to help first responders. But the money is really ending up in criminals’ pockets, and the payment details that users supplied may now be compromised.
Solution: Vet requests for money and ensure they’re going to reputable organizations. If in doubt, don’t donate until you can verify.
Fake Websites Seek to Compromise Credentials
According to Trend Micro, another scam that individuals and companies need to be wary of is fake websites. In several cases, sites look like they have been created by government agencies and ask for personal information in order to get on a waiting list for vaccines, information, or financial assistance. Some of these sites encourage users to log in using their company credentials, which could endanger company systems and other secure networks.
Solution: Train employees what to look for and forbid sharing credentials with any third party without prior approval. Look for SSL certificates and generally be wary of log-in prompts.
Fraudulent Work-from-Home Tools
Decrypt reports that the U.K. and U.S. cyber security agencies have issued a warning for businesses and employees that fraudsters are trying to lure users into downloading malware or providing financial information in exchange for work-from-home tools. They note, “These fraudsters, the advisory warns, are imitating remote workplaces—such as Zoom—to exploit the burgeoning demand in work-from-home solutions. Instead of the software, victims are lured into downloading malware.”
Solution: Proactively provide your team with the work-from-home tools they need, as well as training on how to use them. Have an official location where users can download software or access the tools they need, and an IT team member or external partner who can provide support when needed.
Business-to-Business Scams Are on the Rise
Sourcing products and supplies is another area where companies must be vigilant, notes the Washington Post, saying, “Predictions about the long duration of the pandemic, expected to last at least several months, is also likely spurring phishing gangs to invest in developing more elaborate scams, such as posing as medical suppliers and conning hospitals and clinics into buying nonexistent goods from them.” As supply chain disruptions impact other industries, these scams may impact businesses acquiring physical items or digital licenses.
Solution: Educate buyers within your organization about the potential risks. Streamline your acquisitions by working with partners such as Connection that are trusted, approved vendors.
Coronavirus Assistance Scams
In the face of widespread social distancing, the government has provided several assistance programs, from stimulus checks to individuals to Small Business Administration loans and other programs for businesses. TechRepublic reports that this may be the latest frontier for cyber exploitation. They write, “While this move by the government was lauded by many, cyber security experts noticed that almost immediately, cybercriminals kickstarted efforts to either steal the money coming to people or set up scams using potential stimulus checks as ways to steal people’s information.” Individuals and businesses should be wary of emails, phone calls, or unsolicited websites—even if they appear to be from a government agency or reputable financial organization—facilitating assistance.
Solution: Encourage your team to be extremely wary of any requests. Where possible, have your IT team partner with any accounting staff or others who may be working on behalf of your business for coronavirus relief to ensure that any forms they’re filling out or requests they’re responding to with banking or other business information are legitimate.
We’re Here to Help
While your IT team and employees are already dealing with a lot, it’s important to keep common COVID-19 related cyber security threats and scams on your radar. Raising awareness among employees about common challenges and leveraging a variety of the security tools that are at your disposal can help prevent these scams from impacting your business—and you don’t have to go it alone. Connection’s experts can help you audit your existing cyber security precautions. Call us at 1.800.800.0014 to explore technology solutions to increase security, and provide customized guidance to help keep your data and employees safe during these difficult times.