Cyber Security & COVID-19
Matthew Pankey
04/01/2020
What a ride the month of March has been for us all. Bring it on, April. I wanted to take some time and emphasize a few cyber security items as the scammers, aka bad guys, are out in full force ready to take advantage of anyone who will listen to them. It’s enough to make you very, angry, I mean make your blood pressure go through the roof mad. I urge you to please be aware and please share this information with your loved ones, especially the elderly who are often targeted with financial scams. Know that they are out there, ready to steal from you using any means possible, including the COVID-19 outbreak. I don’t write this to scare you, but rather, to educate and equip you so you can work to keep your information and finances safe.
As more of America’s workforce is forced to work remotely during the COVID-19 Crisis, it is imperative that organizations and consumers stay aware of its specific Cybersecurity risks. Social Engineering is still a major threat while practicing social distancing/isolation directives. Remember to always think before you click and do not give out any personal or financial information over the phone unless you initiate the call!
Workforce / Consumers Cybersecurity:
Malicious actors will take advantage of public concern surrounding COVID-19 by conducting phishing attacks and disinformation campaigns. Phishing attacks often use a combination of email and bogus websites to trick victims into revealing sensitive information. Disinformation campaigns can spread discord, manipulate the public conversation, influence policy development, or disrupt markets.
Defending against Cybersecurity threats and scams
- Secure your Home network with WPA2/WPA3 Encryption and follow your employer’s security policies and procedures.
- Dispose of sensitive data securely.
- Avoid clicking on links in unsolicited emails or text messages and be wary of email attachments. If a friend sends you a text with a suspicious link that seems out of character, call them to make sure they weren’t hacked.
- Be cautious of being pressured to share any information or make a payment immediately.
- Use trusted sources – such as legitimate, government websites for up-to-date information. See: www.coronavirus.gov; www.fda.gov; www.epa.gov; and www.cdc.gov
- Examine URL addresses closely for misspellings and proper domains (for example, an address that should end in “.gov” instead ends with “.com”, “.cc”, or something similar)
- Do not share personal or financial information in an email, and do not respond to solicitations for this information. Including usernames, passwords, date of birth, social security numbers, financial data, or any other personal information. Remember, government agencies will never call you to ask for personal information or money.
- Verify charity authenticity before making donations (for example, by calling or looking at its actual website before donating).
- Do not respond to calls or texts from unknown numbers, or any others that appear suspicious
- Review the Cybersecurity and Infrastructure Security Agency’s tips on Avoiding Social Engineering and Phishing Attacks, see: https://www.uscert.gov/ncas/tips/ST04-014
- Review the Federal Trade Commission’s blog post on Coronavirus Scams, see: https://www.consumer.ftc.gov/blog/2020/02/coronavirus-scammersfollow-headlines
- If you are a victim of Internet scam or cybercrime, then visit the FBI’s Internet Crime Complaint Center: www.ic3.gov
A Few Current Known Scams:
- The FBI's Internet Crime Complaint Center (IC3) issued an alert warning of coronavirus-related phishing attacks, particularly surrounding economic stimulus checks. The news that the US government is likely to send upwards of $1,000 to most Americans has created a golden opportunity for scammers, especially since the delivery method for the cash is still uncertain.
- “Look out for phishing emails asking you to verify your personal information in order to receive an economic stimulus check from the government,” the FBI says. “While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money.”
- “Be cautious of anyone selling products that claim to prevent, treat, diagnose, or cure COVID-19,” the Bureau says. “Be alert to counterfeit products such as sanitizing products and Personal Protective Equipment (PPE), including N95 respirator masks, goggles, full face shields, protective gowns, and gloves.”
- Fake CDC Emails
- Phishing emails and robocalls claiming to be charitable organizations, general financial relief, airline carrier refunds, fake cures and vaccines, and fake testing kits
- Netflix (or similar services) Text Message scams capable of installing malicious programs on your mobile device
- Extortion emails threatening to infect you with Coronavirus
- Scams promising $1K checks for economic relief
Matthew Pankey
Cyber Security Director
For updates on our response to COVID-19 click here.
Additional Resources:
https://www.justice.gov/opa/pr/justice-department-files-its-first-enforcement-actionagainst-covid-19-fraud
https://www.consumer.ftc.gov/features/coronavirus-scams-what-ftc-doing
https://www.consumer.ftc.gov/blog/2020/03/online-security-tips-working-home
https://www.fcc.gov/covid-scams