Coronavirus cases are steadily growing across North America while millions of people are getting used to the new normal of social distancing and self-quarantine. And guess what? Hackers are having a field day.
On March 16th, cybercriminals tried to break into the Department of Health and Human Services’ website looking for network vulnerabilities. Meanwhile, phishing attacks have surged as more and more employees feel a heightened sense of security working from home—and spend more time looking for updated and reliable information about COVID-19. “For malicious people, preying on collective fear and misinformation is nothing new,” the Electronic Frontier Foundation wrote last week. “Mentioning national headlines can lend a veneer of credibility to scams.”
Bad actors have created scam emails with urgent calls to action (“URGENT: Help Hospitals Find COVID-19 Ventilators!” or links to maps that grab your attention. New platforms for online videoconferencing and telecommuting also pose a risk, as cybercriminals can capitalize on the avalanche of messages about new logins and meeting reminders. In addition, hackers have tried the usual attempts to impersonate someone you know (or a platform you trust) while offering up advice about the coronavirus and social distancing.
Hospitals and health care workers have even been targeted with phishing emails that purport to come from medical suppliers or the World Health Organization (WHO) or Centers for Disease Control and Prevention (CDC). These encourage quick action to process an order of masks or check a PDF or document attachment to confirm vital information. But all it takes is one click on a scam like that to install malicious software on a computer or network—or give hackers instant access to a protected IT infrastructure.
Even in these trying times, the best protection against scams, hacks, and data breaches remains the same: heightened vigilance by human beings looking out for their digital safety and the security of their company.
This can take many forms:
1. Confirm the sender’s email address.
It’s easy for a hacker to mimic someone’s display or contact name—always double confirm what shows up with the actual email address the message was sent from to make sure the sender is who he or she is claiming to be.
2. Look for misspellings, bad grammar, or unusual phrasings in subject lines and body copy.
Even though coronavirus-related phishing schemes are proliferating right now, the good news is that they aren’t much different from past attempts. Paying extra attention to every detail of a message—capitalization, punctuation, paragraph structure, any language that seems out of the norm, makes detecting fake ones easier.
3. Don’t download unfamiliar attachments or click on unfamiliar links.
If you aren’t expecting a specific file from a specific sender, don’t open anything attached to an unknown message. This goes for links, too. Encouraging email recipients to click on a collaborative Google Doc or Sheet file is a common way to redirect them to a malicious website. If you’re using a desktop or laptop, hover your mouse over the link to confirm the target URL matches what’s written. And if you have time to type out a website yourself, you can avoid secret redirects.
4. Activate multi-factor authentication (MFA) on every account you can.
Many phishing schemes try to get you to re-enter your password for common apps or social media accounts—all in hopes that hackers can steal your password. Using multi-factor authentication can mitigate this since MFA requires something you know (your password) with something you have (a unique code delivered via text message or email).
5. Use only private, protected Wi-Fi networks and virtual private network (VPN) connections.
Security experts consider signing in to sensitive office networks with public Wi-Fi or unsecured network connections akin to “swimming in shark-infested waters”—it’s only a matter of time before you get bit. Always use private, password-protected Wi-Fi networks to work from home, and talk to a trusted IT provider about setting up a VPN that can minimize the risk to devices and data.
COVID-19 has changed the way we live our day-to-day lives—and heightened the need for enhanced protection as we navigate new IT territory. Encourage your employees to help with cybersecurity by being vigilant for phishing attempts and taking extra measures to protect their computers, their digital identities, and their information.
Need help with new IT requirements in the wake of COVID-19? Unsure what to look for in scam emails? Want to build an extra layer of protection around your business and the important data it relies on? Contact CMIT Solutions today. We’re here for you—and together we’ll make it through these trying times.