Learn more about the case Connelly v. United States. ...
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.
While COVID-19 scams are nothing new, the recent surge of new cases presents a fresh coat of paint for threat actors to modify pandemic-related scams with new narratives focused on vaccine passports, vaccination mobile apps, travel policy changes, COVID-19 financial relief and returning to the office/school.
With the recent surge on COVID-19 cases due to the Delta variant, there is a growing state of confusion on the changing recommendations and requirements from the federal government, public health officials and private business, which is opening the doors for scammers to continue to capitalize on the pandemic for financial gain.
We know that software solutions and cybersecurity education are standard process now in most organizations, especially since the shift to remote work accommodations – but a friendly reminder never hurts, because as we have all seen, it only takes one email and click to have devastating effects. Some of the latest angles scammers are using include vaccine passports, malicious websites, new financial relief and returning to the office/school.
Since the vaccine was introduced, there have been several reports of fraudulent vaccine cards being sold to non-vaccinated individuals who were concerned not having proof would prevent them from travel or activities. The search for fake vaccine cards is only heating up as multiple universities are requiring students to be vaccinated, as well as several countries requiring vaccinations for travel, including Canada, who recently fined a couple who used fake cards $16,000 each.
Simple way to avoid this scam... avoid websites or individuals that sell vaccine cards. Not only is this illegal, but chances are the website is malicious and a channel for threat actors to attack. If you have questions about vaccine passport or proof requirements, your best bet is is to contact your state or local government through their official website or phone number.
Perhaps the most aggressive vaccine passport initiative occurred last week when New York announcing proof of vaccination being required for daily activities including dining out and health clubs. Along with the announcement of the upcoming requirement, came the introduction of two mobile apps that individuals can use for a digital vaccine passport, Excelsior Pass and NYC Covid Safe. The introduction of vaccine apps will undoubtedly result in several malicious apps being introduced that can contribute to cyber incidents through mobile malware. As always when downloading a mobile app, use best practices to ensure you are downloading a verified and secure app, such as:
With the country and international traveling reopening over the last few months, many people are understandably visiting travel sites including airlines, cruise lines and hotels/resorts for information on COVID-19 policies and requirements. As the second surge increases, chances are volume to these sites will only increase with people concerned about booked trips or looking to book at cheaper rates. No matter what camp you are in, you can keep your guard up and information secure by utilizing the same cybersecurity best practices you should be using online every day, including:
As the government introduced a number of COVID-19 stimulus packages, threat actors used the angst around these to target people through phishing, smishing and vishing campaigns. Fraudulent communications requesting personal information (social security numbers, credit card numbers, bank accounts, etc.) under the guise of COVID-19 themes have flooded our inboxes and phones since the pandemic began.
While these contain all the red flags that we are trained to spot including requesting private information, pushing a sense of urgency, and typos that are easily spotted, the anxiety surrounding the financial aspects of the pandemic is surging with the start of Child Tax Update, the federal foreclosure moratorium and student loan deferral extensions and the endless articles speculating new stimulus payments for clickbait. Remember, always be suspicious of unsolicited communications in any form requesting personal information, no matter what the message is about.
While organizations have hammered the importance of cybersecurity (at least we hope) to their remote team members through the pandemic, the impact the COVID-19 surge is having on return to office plans has opened up a new door for threat actors. Many of us are expecting communications from our leadership on updates to policies and returning to the office, as well as a large portion who are most likely job searching on their employer's devices with the economic upswing or in response to employers forcing a full-time return to the office. Regardless of your employees’ reasons, we encourage you to protect your organization by reminding your team of email cybersecurity best practices, including:
These same attacks are also targeting parents and college students who are anxiously awaiting information for back-to-school policies, especially now with many college campuses announcing campus vaccination requirements. So to our parents and students out there, follow these same steps to help keep your personal information and network secure.
With all the uncertainty we face as the different COVID-19 varients are seemingly placing the return to normal a few steps backwards, the one certainty is that threat actors will continue to exploit the COVID-19 pandemic for financial gain. Remember, while the themes and narratives may change, their strategies and warning signs are mostly the same – so stay diligent and safe out there!
COVID-19 Federal Resources
Related Articles
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind
Learn more about the case Connelly v. United States. ...
Learn more about the case Connelly v. United States. ...
We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask us
[email protected]
p:412.261.3644
f:412.261.4876
[email protected]
p:614.621.4060
f:614.621.4062
[email protected]
p:571.380.9003