The COVID-19 pandemic is forcing changes on us and our workforce. Working from home, expanding use of collaboration solutions, and leveraging the cloud to stay productive are all positives we can carry forward. However, there has also been a significant increase in phishing attacks and online fraud. Criminals are specifically targeting people working from home, hoping their targets have lowered their guard.
The Department of Justice and the Internet Crime Complaint Center (IC3) have issued warnings about the increased phishing attacks using fake CDC emails, fake charitable contribution requests, homemade “cures,” untested vaccines, fraudulent testing kits and other counterfeit treatments and equipment. Healthcare industries, those manufacturing and distributing PPE and other critical necessities, are also being specifically targeted.
The issued warnings, dated March 20 and 23, include some good, basic, security awareness reminders including:
- Do not open attachments or click on links from a sender you do not recognize.
- Never provide personal information of any kind in response to an email or robo-call, always contact the company via known website or phone number.
- Do not click on links in emails, whenever possible type the address into your browser by hand.
- Watch for misspellings or slightly off spelling. A common phishing technique is to create a fake domain or email address that is just slightly different from the actual domain or email address.
- Due diligence in online transactions is critical. Check to ensure that you’re dealing with an authorized or reputable provider, and verify claims via independent research before assuming that any offer is what it seems to be – claims that seem too good to be true often are too good to be true.
- Put a cover on the laptop camera when not in use.
- IT departments should recheck the security configuration of conference room cameras and phones to make sure these devices cannot be remotely activated and the default passwords have been changes.
- Use your "work from home" time to improve your cyber security in your home office by updating your internet router and Wi-Fi with the latest patches and firmware. Take a look at your Wi-Fi password, if you haven't updated it in the last 12 months, change it out for a 15 character password.
These attacks and the fraud attempts are not new, only updated to fit the current crisis. It’s expected that the volume of phishing attacks and online fraud will increase along with social anxiety about the pandemic.
An investment of a little time in security awareness now may pay significant dividends as we progress through the crisis. Reassure and remind your team members they need to stay vigilant as cyber criminals target those at work and home. Most of the increase in attacks is simple fraud, but we have also seen criminals using CDC and COVID-19 “tracking sites” to distribute ransomware to victims.
During this time it's important to stay safe, both in person and online. Our team recommends a review of the available online tools, videos, reminders and personal touch points you can use to remind your team to remain vigilant. If you have questions or would like information or assistance, please contact one of RubinBrown's Cyber Security professionals.
Readers should not act upon information presented without individual professional consultation.
Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.