Cybercriminals are among the first to capitalize on global crises to sow discord, spread false information, and seek financial gain. Today, COVID-19 is being used in various malicious campaigns such as email spam, ransomware, malicious domains, video-teleconferencing (VTC) hijacking, and others.
During emergencies, hospitals and other healthcare institutions on the front lines will be highly targeted by hackers and fraudsters since they are more likely to pay during an emergency.
Let’s Take a Look at Some COVID-19-Related Scams:
- Phishing Emails
COVID-19-themed phishing scams are becoming more common. In such a scam, an attacker impersonates someone or an institution you trust and sends you a message that appears to be urgent. The intention is to scare and trick you into giving your personal information.
Be cautious of email subject lines like “COVID-19 vaccine available now”. As of this writing, the vaccine is still under development, so you need to exercise due diligence lest you be misled by such false claims. Emails with a false premise like this often come with an attachment that purportedly contains instructions from the US Department of Health and Human Services (HHS) on how to obtain a vaccine for free.
Remember that legitimate sources of critical health and medical information won’t use unsolicited emails to make such announcements.
- Mobile Phone Ransomware
The quickest way to check for news updates, connect with loved ones, and do online transactions is through our mobile devices. Because attackers know this very well, they have created malicious applications that appear to be helpful during the coronavirus crisis but actually install malware instead.
Recently, security researchers at DomainTools reported an Android app posing as a coronavirus tracker. In reality, once the app is downloaded, it will encrypt and lock the victim’s phone and demand Bitcoin as ransom.
- Fake Suppliers
To be able to keep up with the supply-and-demand flow of healthcare products, businesses need to constantly be on the lookout for new suppliers. Fraudsters take advantage of this by setting up fake websites and social media accounts that advertise the sale of face masks, ventilators, or other household sanitation products.
According to reports, scammers tricked a German company into purchasing €15 million worth of masks by cloning the website of a Dutch company. The German firm gave a down payment of €1.5 million for masks that were never delivered. Unfortunately, the German buyer only discovered that they had been scammed when they were told by the Dutch company that no order had taken place.
- Hijacking and Hacking of Communication Platforms
More businesses and individuals are using communication and collaboration platforms like Zoom and Microsoft Teams for meetings, and to keep tabs on each other. Hackers are riding along this rising trend by exploiting the vulnerabilities of these communications channels. Zoom recently was a victim of “Zoombombing.” Based on a report by the FBI, Zoombombing is when hackers disrupt video conferences with pornographic, hate, and other explicit images and words.
How to Defend Your Business
While these threats are scary and dangerous, you can still protect your business against them. Follow these tips to ensure safety:
- Use security tools to protect your IT resources as well as your employees. This especially comes in handy with your remote workforce.
- Provide managed cloud storage solutions for company documents so your staff won’t use unsecured free versions.
- Enforce endpoint security policies that allow only work devices or officially scanned employee devices to connect to the corporate network.
- Implement multi-factor authentication (MFA) to strengthen password security. Make sure other authentication methods include fingerprint or facial recognition scans, and security questions.
- Ensure that your employees enable automatic updates for all home and mobile systems and software.
- Allow customers and supply chain partners to communicate with you securely by using measures such as intrusion prevention, encryption, and data protection.
Charles IT offers robust and dynamic security solutions and strategies for businesses, especially during these difficult times. It’s not too late to protect your organization, your staff, and your customers. Give us a call today.