The coronavirus pandemic is the most important issue Americans are facing today. As of this writing, there are over 2,000 confirmed COVID-19 cases in the San Francisco and San Jose areas combined. This has forced many employees to take their work home to avoid the virus and slow down the rate of infection
Online scams are rampant
With the panic that the pandemic has created, cybercriminals are exploiting the situation to launch social engineering attacks to steal confidential data and money from unsuspecting victims.
When people read something that contains the term “coronavirus” or “COVID-19,” they will usually let their guard down because of the virus’s threat to their survival. This leads them to believe anything they read online. In fact, victims have already collectively lost $12 million from COVID-19-themed impostor schemes, robocalls, and phishing attacks.
The Internal Revenue Service (IRS) recently warned about scams over email, phone, and social media requesting personal information while promising economic impact payments in return.
Cisco Talos has also detected a suspicious increase in new COVID-19-related domains, which are used for phishing scams. The websites were found to be selling vaccines or drugs that allegedly protect against or cure COVID-19. Other scammers claimed to be selling in-demand supplies such as face masks, surgical kits, and household cleaners.
How to protect your business from COVID-19 scams
With your employees working from home where security isn't top tier, they are more likely to fall for such scams. This not only puts their personal data at risk, but your sensitive company information as well. Your data could be sold for a profit on the dark web, or used against you in a business email compromise (BEC) attack.
Teach your employees to protect themselves from COVID-19 scams online by following these best practices:
#1. Inspect the email thoroughly
There are many warning signs of an email scam that you should be aware of, such as:
Fraudulent links inside emails – Inspect the authenticity of a link by hovering over it. The link will look fraudulent most of the time, but cybercriminals are now using links that resemble the real URL. For instance, the URL www.irs.gov in an email can lead to www.irs.gov[.]xyz to lower suspicions.
Suspicious-looking sender addresses – Email addresses can also be spoofed to fool users. For instance, scammers can use addresses that appear to be legitimate, but with misspellings, like “[email protected][.]gov” or “[email protected][.]gov”.
Generic greetings and grammatical errors – Scam emails tend to be filled with spelling, punctuation, and other grammatical errors, which should be a giveaway of their inauthenticity. These emails are also likely to use generic greetings such as “Dear sir/ma’am” or “To whom it may concern”.
Calls to act immediately – Banking on the dangers of COVID-19, scam emails are trying to create a sense of urgency or demand immediate action. They will ask the recipient to provide personal information immediately, or face consequences like account deletion.
#2. Do not give out personal information
Coronavirus-themed online scams often involve claims of being a legitimate government entity requesting confidential information such as Social Security numbers, login credentials, and other personal data. Keep in mind that the government will NEVER contact you through email to request for your information. Do not respond to the email and delete it immediately.
#3. Use multifactor authentication (MFA)
MFA uses multiple methods to verify a user’s identity, such as a one-time SMS code, a fingerprint or facial scan, or a smartphone prompt. Even if one of your employees falls for a COVID-19-themed phishing email, the attacker’s login attempt would be futile unless further identity verification steps are completed.
#4. Stick to legitimate sources
Use legitimate channels if you need to stay updated regarding the latest COVID-19 developments. These consist of established news agencies, health websites, and government websites.
Your business is more vulnerable than ever to cyberthreats because of the COVID-19 pandemic. To secure your company in these dangerous times, USWired’s managed services will maintain, monitor, and administer your network 24/7/365. We will also protect your IT infrastructure from all known threats, so you can focus on growing your business. Learn more about what we can do for you by downloading our FREE managed services eBook today.