Organizations continue to increase remote workforces and leverage technology as they navigate the challenges of maintaining business as usual during the current COVID-19 pandemic. But as the amount of people working from home increases, so does the inherent cybersecurity risks associated with remote connectivity. Studies have shown that remote workers spend more time online, which means a higher exposure to attacks. Pair the increased exposure to the fact that they are most likely using an employer provided device with network access and you can see why cyber-attacks and scams are trending up.
The recent attack targeting the World Health Organization (WHO) illustrates how hackers are modifying their attacks to take advantage of remote workforces. The group targeting WHO did their homework, creating a URL that mirrored the online portal to the WHO internal file system, replicating the user experience of logging on to the network from home with the hope end users would log on to the bogus portal. While this attack was prevented, this same group has gone after the United Nations and major universities, and is prime example of how cyber criminals are adjusting their strategies to the “new normal”.
In addition to the increased targeting of remote workforces, cyber criminals are taking full advantage of the COVID-19 pandemic. The ugly truth is whenever there is an emergency, scammers will use the uncertainty and concern of the public to their advantage and it’s no surprise that tens of thousands of domains containing the words coronavirus and/or COVID-19 were purchased dating back to January for what can be assumed as criminal purposes. In response to the rise in COVID-19 fraud reports, the FBI issued a public service announcement (Alert I-032020-PSA) outlining schemes including:
- Fake CDC Emails – Emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other “official” entities offering information on the virus through links or attachments.
- Malicious Websites and Apps – Websites and mobile apps that claim to track COVID-19 cases were one of the first reported malware scams, with the most talked about malware replicating the John Hopkins coronavirus tracker of global infection rates and deaths.
- Phishing Emails – These emails are on the rise with the recent CARES Act, be wary of emails asking for personal information in exchange for stimulus check information, as well as charitable contributions, financial relief options, airline vouchers, and rent/mortgage assistance.
- Counterfeit Products – Material hoarding has created opportunities for scammers to sell counterfeit products that claim to prevent, treat, diagnose, or cure COVID-19 including hand sanitizers, personal protective equipment, and medicine.
The full alert is available online at https://www.ic3.gov/media/2020/200320.aspx.
Additionally, the Better Business Bureau has published an alert warning consumers of the first COVID-19 smishing (fraudulent texts) campaign. Scammers are texting under the guise of the federal government with instructions to register for a mandatory COVID-19 tests. The alert provides important instructions on what to do if you receive the text including not clicking and not responding to instructions on disabling the texts (this confirms the number is active for scammers).
The full alert is available online at https://www.bbb.org/article/news-releases/21903-scam-alert-mandatory-covid-19-test-texts-are-a-scam.
Best Practices
As the old adage goes, the best offense is a good defense, and now is as good a time as ever to share best practices and resources to protect your end users from falling victim to an attack. In addition to our recent article, Cybersecurity Best Practices for Working from Home amid the COVID-19 Pandemic, the Schneider Downs Cybersecurity team advises the following common ways to identify a phishing threat:
- Too Good to be True – Usually the email will include some type of draw that will grab your attention. In the case of the latest scam, a mention of tax savings would be eye-catching.
- Sense of Urgency – There is usually an expiration date on the aforementioned draw or a warning that you will be locked-out from the online account if the matter is not addressed within a certain period of time.
- Bogus Hyperlinks – While they can appear to lead to a legitimate website, a bogus hyperlink could actually contain only a slight change or variation that will lead you to a fake website or to download a malicious file.
- Phishy “From” Addresses – The email address of the sender can easily be spoofed in a similar way to a bogus hyperlink. We recommended that you hover over the address to check for errors or variations in spelling or formatting.
- Email Tone – It is also important to consider the tone of the email. If it appears to be from a sender that you know, is their pattern of language and email signature consistent with previous correspondence? If it seems out of the ordinary, don’t open the email.
- Attachments – Any attachment should warrant additional scrutiny. It is prudent to never open unsolicited attachments. If you use password-protected PDFs frequently, the Schneider Downs Cybersecurity Team reminds you to refrain from including your password in the email message.
- Unusual requests – Many phishing schemes will prompt the reader to send gift cards, cashier’s checks, money orders etc. This should be a red flag that the request is not legitimate.
Download our How to Avoid COVID-19 Scams infographic to keep security awareness top-of-mind during this pandemic.
How Can Schneider Downs Help?
The Schneider Downs cybersecurity practice consists of experts in multiple technical domains. We offer a comprehensive set of information technology security services including penetration testing, intrusion prevention/detection review, vulnerability assessments, and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact us at [email protected].
Please visit our Coronavirus resource page at schneiderdowns.com/our-thoughts-on/category/Coronavirus for related content.