COVID-19 & Cyber Risk

Tips for Handling Scams & Phishing

 

Cyber criminals have always preyed on vulnerabilities, whether it be within your network or emotions of individuals. Unfortunately, the fallout associated with the COVID-19 pandemic has invited both.

While keeping health and safety top of mind is the priority in avoiding COVID-19 exposure, companies and employees need to be aware of a different kind of risk that is heightening during these times — cyber attacks.

Phishing Scams Use COVID-19 Stress to Attack

Phishing expeditions leveraging the COVID-19 fear and anxiety are well under way. Threat actors behind malware are disguising spam emails as official COVID-19  notifications pretending to be the  World Health Organization (WHO), Center for Disease Control (CDC), and other health and welfare organizations. Additionally, other common scams may be related to potential vaccines, other cures, prepaid tests, local infection maps, etc.

These malicious emails are trying to mimic safety messages to trick individuals into clicking on malicious links or documents to deploy variations of malware. If you don’t normally receive emails from WHO, for example, be very cautious and skeptical with how you handle.

Tips to Protect Yourself Against Phishing Scams

Here are some tips to protect yourself (and the Federal Trade Commission (FTC) has so many more):

  • Be vigilant and report suspicious emails via your internal business protocols or externally to the either the Anti-Phishing Work Group or the FTC. Signs of a phishing email:
    • The email looks like it’s from a company you may know and trust, such as Netflix. It even uses a Netflix logo and header, but it may have spelling errors or if you hover over the “From” address, it may be from an email address spoofing Netflix.
    • The email says your account is on hold because of a billing problem.
    • The email has a generic greeting, “Hi Dear.” If you have an account with the business, it probably wouldn’t use a generic greeting like this.
    • The email invites you to click on a link to update your payment details.
  • Never give out company credentials, personal information, or financial information in response to a COVID-19-related email.
  • Any COVID-19-related email with an attachment or link should be treated with suspicion and verified using known contact information before responding. You can hover over the link to check If the email appears to be from a reputable institution, go directly to the official website to verify.
  • Don’t visit untrusted websites related to COVID-19. There has been a significant rise in website registrations related to COVID-19 that are being used to either steal information from visitors or infect them with malware. Websites www.cdc.gov and www.coronavirus.gov are the authority.
  • If the tone of the email creates urgency or is anxiety-inducing, proceed with caution.
  • If donating to a charity, verify its authenticity. The FTC provides good resources for this.

As always, reach out to us if you have any questions related to cybersecurity and your business. It’s a sensitive time, and we’re here to help.

For more information, contact:

Gerald Johnson

Senior Vice President

gjohnson@holmesmurphy.com

515-223-6826