In just a few short months, the COVID-19 outbreak has reshaped workplaces across the country. Whether they were ready to or not, companies have been forced to shift to a remote work strategy that allows their employees to maintain social distancing, while also performing key work functions. Unfortunately, the crisis has also created opportunities for a new breed of cyber scams.
Why are Cyber Scams on the Rise Due to COVID-19?
With so many organizations making a rapid shift to remote working, cyber hackers have seized the opportunity to attack vulnerable network infrastructure that was never intended to accommodate large numbers of employees working from home. From unsecured home internet connections to compromised personal devices, there are numerous cybersecurity gaps to be exploited if companies don’t put much thought into their remote work policies.
But even when they do create a secure virtual work environment, organizations often fail to make their newly remote employees aware of the increased threat of cyber scams. These scams are incredibly opportunistic, taking advantage of any crisis to leverage confusion and uncertainty in an effort to gain access to personal and financial information. Since the coronavirus pandemic impacts so many people, cyber hackers have been able to repurpose a diverse range of existing, more personalized scams to focus on a much broader audience.
Common Cyber Scams Occurring During COVID-19
In early April, the US Department of Homeland Security (DHS) and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint statement along with the UK’s National Cyber Security Centre (NCSC). It highlighted some of the most common COVID-19 strategies cyber criminals and advanced persistent threat (APT) groups have deployed in recent months. While the attacks on newly and rapidly deployed remote access and teleworking infrastructure are certainly a cause for concern, some of the most effective strategies rely on social engineering techniques that capitalize on curiosity and fear to trick unsuspecting victims into taking actions that compromise their own security.
Phishing schemes, which use misleading or confusing email messages to encourage people to either click on a link or download an attachment, are one of the most consistently successful forms of social engineering attacks. These email messages typically claim to be from a trusted source, such as a prominent retail company, financial institution, or government agency. They use urgent language to prompt the reader to take action, usually warning them of some problem or offer a time-sensitive benefit. In many cases, they look legitimate enough that people are taken in and either click on the link provided or open an attached file.
At that point, it may already be too late. The attachment invariably contains some form of malware that will infect the user’s device and potentially try to worm its way into any connected devices. In the case of clicking on a link, the destination website could potentially install malware cookies that begin monitoring and collecting data from the device. The site may also be designed to look like a sign-in portal, prompting users to enter their personal account information. Once this data is provided, cyber hackers have everything they need to directly access the user’s account, which they can either use themselves or sell somewhere on the dark web.
Another popular form of cyber scam involves registering new domain names that are related to commonly searched terms and setting up fake websites disguised as charities or other beneficial organizations. These scams typically try to convince people to donate money via credit card or bank transfer. Not only do the scammers pocket the donation, but they can also sell or use the financial information (credit card numbers or bank accounts) to commit additional fraud. Many websites claiming to be COVID-19-related charities use social media accounts to reach large numbers of unsuspecting people who want to donate to relief efforts. Other scammers are utilizing fake GoFundMe campaigns designed to look legitimate in an effort to play on people’s emotions.
4 Ways to Avoid Cyber Scams During COVID-19
Fortunately, organizations looking to protect themselves from COVID-19 cyber scams can take a number of key steps to keep their employees and networks secure. Many of these steps focus on employee education, because the fact remains that even the most secure network can be exposed to a data breach if the people using it don’t realize how their actions could compromise network and cloud security efforts.
1. Beware of Unsolicited Emails
While most email servers filter out the majority of phishing schemes, some of the more sophisticated forms still find their way into the inbox. Context is a helpful tool when evaluating the legitimacy of these messages. If a company that has never sent a message before is suddenly requesting that the user log into their account for some reason, that should be a warning sign that something is amiss.
2. Avoid Links and Attachments
Phishing schemes rely on links and attachments to transmit malware. Unless the message was a direct response to some previous action (such as a recent order or log-in), email links and attachments should generally be avoided. When in doubt, it’s best to go to the supposed sender’s official website to log in through a secure location and determine whether or not the message was legitimate.
3. Don’t Share Vital Information
As a general rule, people should not provide any personal information to a source that isn’t 100% trusted. Between the COVID-19 crisis and the recent passage of new government assistance legislation, there is no shortage of cyber scams looking to leverage these events to trick people into entering their information on fraudulent websites or even over text and phone messages.
4. Use Multi-Factor Authentication
Implementing some form of multi-factor authentication is one of the most effective ways of safeguarding sensitive data. That’s because even if a social engineering strategy like phishing manages to compromise log-in credentials, the cyberattackers will still be unable to access the account because they lack the second form of authentication. Most services offer some form of multi-factor authentication, either through biometric data or a randomly generated (and time-sensitive) password sent via email or text.
Enhance Your Remote Workplace with DSM
As Florida’s preferred cloud provider, DSM is committed to helping organizations confront the pressures of COVID-19 by providing secure colocation and cloud hosting for the remote workplace. Our experienced network and cloud security team can help clients identify and mitigate the risks associated with malware, ransomware, and other cyber threats.
To learn more about how our managed threat detection, duo-enabled multi-factor authentication, and external vulnerability scans can keep your remote workforce safe from cyber scams, contact us today and share your organization’s unique cybersecurity needs.