Covid-19 Cybersecurity Threats
Cybersecurity is a priority for any business. Since the beginning of the pandemic, there are more cybersecurity attacks now than ever. Google sees roughly 240 million coronavirus-related spam messages per day. Phishing attacks are up 667% since February. To avoid Covid-19 cybersecurity attacks and keep your company safe, be on guard and know what red flags to look for.
Covid-19 Cybersecurity Threats to Watch For
With the coronavirus still in full swing, many business owners and individuals have a lot to worry about. Scammers are feeding off that fear and worry. But, if you know what kinds of tactics to look for, you can protect your business from those cybercriminals. To avoid falling victim to hackers, keep your eyes peeled for these cybersecurity threats.
With so many focusing on the coronavirus and currently working from home, hackers are exploiting insecurities and posing as loan specialists, health officials, and national authorities. For example, cybercriminals are pretending to be from the World Health Organization (WHO) and Centers for Disease Control and Prevention (CDC) to trick you into clicking on insecure links and attachments.
Many cybercriminals have changed their tactics to use COVID-19 related materials on health updates, fake cures, fiscal packages, emergency benefits, and supply shortages.
Typical giveaways that an email may be suspect include:
- Poor grammar, punctuation, and spelling
- Design and quality of the email isn’t what you would expect
- Not addressed to you by name but uses terms such as “Dear colleague,” “Dear friend” or “Dear customer”
- Includes a veiled threat or a false sense of urgency
- Directly solicits personal or financial information.
Of course, if it sounds too good to be true, it probably is.
Examples of phishing campaigns include:
- COVID-19 themed phishing emails attaching malicious Microsoft documents which exploit a known Microsoft vulnerability to run malicious code.
- COVID-19 themed phishing emails attaching macro-enabled Microsoft word documents containing health information which trigger the download of Emotet or Trickbot malware.
- Multiple phishing emails luring target users to fake copies of the Centre for Disease Control (CDC) website which solicit user credentials and passwords.
- A selection of phony customer advisories purporting to provide customers with updates on service disruption due to COVID-19 and leading to malware download.
- Phishing emails claiming to come from various government Ministries of Health or the World Health Organization directing precautionary measures, again embedding malware.
- COVID-19 tax rebate phishing lures encouraging recipients to browse to a fake website that collects financial and tax information from unsuspecting users.
Even if the email looks genuine, you should always hover over links with your mouse and inspect them before you click to ensure they are going to a legitimate website. If you’re unsure about an email, have a member of your security team (if applicable) look at it for you. It’s better to be safe than sorry with Covid-19 cybersecurity.
There are some key steps you should take to reduce the risk to your organization and your employees, particularly with remote working:
- Raise awareness amongst your team warning them of the heightened risk of COVID-19 themed phishing attacks.
- Share definitive sources of advice on how to stay safe and provide regular communications on the approach your organization is taking.
- Make sure you set up strong passwords, and preferably two-factor authentication, for all remote access accounts; particularly for Office 365 access.
- Provide remote workers with straightforward guidance on how to use remote working solutions including how to make sure they remain secure and tips to identify phishing.
- Ensure that all provided laptops have up-to-date antivirus and firewall software.
- Run an easily accessible helpline or online chat where your employees seek advice or report any security concerns including potential phishing.
- Encrypt hard drive data on laptops used for remote work due to the risk of theft.
- Disable USB drives to avoid malware risks and offers employees an alternate way of transferring data such as a collaboration tool.
Another common scam in this Covid-19 cybersecurity age is fake websites. Bogus websites began popping up left and right when the coronavirus pandemic started. Don’t expect them to go away anytime soon.
Cyber criminals like to link to these bogus websites in their phishing attempts (e.g., links in emails). The problem is, they also like to make bogus websites look like legitimate ones. Scammers may do this by using similar domain names to those of legitimate websites (e.g., http://www.example.com versus https://www.example.gov). Or, they may add company logos to fake websites to make them look more realistic.
Luckily, there are things you can do to make sure the website you’re visiting is legitimate. Before clicking away, check the link. Again, hover over the link before you click. Does the link seem long? Does it have a lot of random text, characters, or numbers? Do your research and compare the contents of the link to an actual link from the website.
In addition to checking your links, you should also take a few other precautions to verify the website is secure:
- Check to see if the website has a secure connection (look for the lock icon in the search bar.)
- Look for “https” in the URL instead of “http” (the ‘s’ stands for secure.)
- Check for contact information on the website.
- Watch for signs of website malware (e.g., suspicious pop-ups and fake-looking ads.)
Another thing to watch for is fake ads. You may see a bogus ad while searching for information online or on an insecure site.
Cybercriminals use fake advertisements to trick people into providing their information for things like coronavirus loans, stimulus checks, and more.
Like with phishing emails, the ads may have a sense of urgency to them. For example, a bogus advertisement for a small business loan may say something like “Act now before funds run out.”
Do not click ads on unfamiliar websites and pages and never provide any business or personal information online if it’s not a secure website.
Phony Calls and Texts
Fishing attacks are not limited to email. With 5 billion people sending and receiving text messages, there are plenty of targets for cybercriminals to attack. The evolution of technology provides scammers with the ability to phish through text messages and robocalls.
If you receive a strange text or voicemail from an unknown sender or caller, do not respond or click on any links.
For text messages, the general rule of thumb is to use the same precautions as you would with coronavirus-related phishing emails. Don’t click any links (especially if it’s a random phone number.) Watch for spelling and grammatical errors, and don’t provide any personal information.
When it comes to phone calls, use caution. Don’t give away any personal information over the phone, especially your Social Security number or bank account information. If you feel like a call is suspicious, trust your gut and hang up.
Protect Your Business from Coronavirus Cybersecurity Threats
Eventually a scammer will try to get you to fall for an attack, especially during a crisis. Luckily, there are plenty of ways to dodge these cybersecurity attacks and keep your business safe from hackers.
To protect your business:
- Think twice before you click a link or an attachment. Look for suspicious signs.
- Watch for red flags, e.g., sense of urgency in an email.
- Be leery of providing personal or business information.
- Report scams if you see one.
- Provide security training for employees.
- Use encryption for sensitive business information.
- Have security measures in place, e.g., firewalls).
The more prepared and educated your business is against Covid-19 cybersecurity attacks, the better. You can’t stop cybercriminals from coming after you, but you can take measures to avoid security breaches.
Let us Help. If it’s time to upgrade to a more robust security system for your business, protect your cash flow with an accounts receivable loan from Allied Financial Corporation. Contact us today.