COVID-19 scams abound; here's how to avoid them
With all you have to manage in today's rapidly-changing business landscape, there's one more to add to the list: protecting your business from coronavirus online scams. Online scams that are tied in with today's headlines about the pandemic abound and are multiplying every day. That's because hackers know the public is hungry for information about the pandemic and the related economic and business upheaval, not to mention opportunities to help them through this crisis. Our collective concern and insatiable appetite for information make your business vulnerable to attack.
At Locknet® Managed IT, educating clients about how to protect themselves from breaches, hacks, and other attacks on their security is what we do every single day. So, to help everyone through these emerging challenges, we're sharing our top tips with you, so you can protect your business from online scams, including COVID-19 scams.
Steps to protect your company from COVID-19 scams
Prepare for many phish in the proverbial sea
In troubled times, phishing attacks increase significantly. When it comes to phishing, cybercriminals masquerade as someone else via email with the intention of gathering information that allows them to compromise your network, your customer data or other resources.
While the COVID-19 pandemic has everyone’s attention, cybercriminals are taking full advantage and turning up the heat. The FBI’s Internet Crime Complaint Center (IC3) indicates that online crime has quadrupled, spiking 400% during the pandemic. According to the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA), cybercriminals and advanced persistent threat (APT), groups are targeting individuals and organizations with a much wider range of ransomware and malware. The techniques used to prey on people’s desire for information regarding the COVID-19 outbreak, with phishing emails and SMS messages using the virus as a lure to trick people into revealing credentials or downloading malicious software. These phishing attempts appear to come from trustworthy senders, such as government organizations and they use fear and financial incentives to try to get users to respond. Some of these schemes involve donation solicitations, government stimulus payments, and the ‘World Health Organization,’ or with a subject line such as “2019-nCov: Coronavirus outbreak in your city (Emergency).” And just last week alone, Google reported more than 18 million daily malware and phishing emails related to COVID-19, this is on top of more than 240 million daily spam messages it also sees related to the virus.
The CISA has also observed criminals scanning for known vulnerabilities in remote working tools and software, which is evidence that they are looking to take advantage of the increase in people working from home. This includes exploitation of the increased use of video conferencing software, such as Microsoft Teams, where phishing emails with attachment names such as ‘zoom-us-zoom_##########.exe’ and ‘microsoft-teams_V#mu#D_##########.exe’ aim to trick users into downloading malicious files.
The CISA also expects the frequency and severity of COVID-19-related cyberattacks will increase over the coming weeks and months. In the coming years, phishing attacks will also grow more sophisticated, to the point where it can be extremely difficult to tell if an email is legitimate or not. However, you can put phishing attacks to a stop by partnering with the right IT experts, who can give you the tools and knowledge you need to not only identify phishing attacks but even capture and prevent those illegitimate emails from getting into your employees' email in boxes.
Institute multi-factor authentication
Multi-factor authentication (MFA) offers a higher level of protection for confirming the right people are accessing your system. That way, if an employee falls for a phishing email and unknowingly provides their login credentials to a hacker, there's an additional barrier to them gaining access to your network. MFA is now commonplace on many online platforms, and it just makes good sense to have it in place to confirm the identities of your users. If you don't require MFA from users yet, now is most certainly the time.
Help your staff know and follow best practices
When it comes to coronavirus online scams, knowledge is power. These scams are abundant and increasing daily, so it's essential to train staff to recognize potential attacks. Failure to do so and your network could become vulnerable at the click of an errant link—it's that easy. Security training is a vital part of a comprehensive network security strategy. At Locknet Managed IT, we customize training for each client so that your staff has the intel they need to identify suspicious communications and thwart attacks on the front end.
Coronavirus online scams: you can protect your company
COVID-19 is wreaking havoc on the business world and the world at large in so many ways, but it doesn't have to compromise your network security. Our experts are ready with the tools and training you and your staff need while weathering this storm. Contact us for more information about how we can help you protect your network from COVID-19 scams and other online scams during and beyond this crisis.
