The COVID-19 pandemic is the most pressing concern affecting all Americans these days. For us in New Jersey, this pandemic hits even closer to home, given that New York is now the epicenter of the outbreak. Because of this, most businesses in the Hanover, Morristown, and Madison areas now have employees working from home, relying heavily on the internet for work and for socializing.
Cybercriminals are now taking advantage of this prevailing situation. You have a compelling issue of the pandemic, and you have an unprecedented number of people online every day, connecting to their office systems. Human nature being what it is, people generally won’t be on guard when they see the words “coronavirus” or “COVID-19” in their email. Whether out of curiosity or concern, people will more likely click on an email or link with those words. Some of them can even be your staff members.
As early as February, the World Health Organization (WHO) and the US Federal Trade Commission (FTC) released a report on the use of COVID-19 for phishing scams and malware attacks.
As early as February, the World Health Organization (WHO) and the US Federal Trade Commission (FTC) released a report on the use of COVID-19 for phishing scams and malware attacks. Many of these scams and attacks targeted people in the United States and United Kingdom; furthermore, there's also a rise in the number of spam campaigns using fake news that reference COVID-19.
This is why the US Department of Homeland Security (DHS) already raised a warning about the increasing number of scams involving COVID-19 and issued several security tips. Make sure to forward the following reminders to your remote workforce, so that none of them will fall victim to such scams.
#1 Do not click on unsolicited email
One of the most common forms of phishing attacks through email is an unsolicited email. The source will sound official, and the topic will mention the COVID-19 pandemic. If you’ve never received an email from the sender before, do not open the email.
#2 Beware of scams using social engineering
Social engineering is a tactic that manipulates people into giving away their sensitive information or performing other actions that compromises their security. Some of telltale signs of a social engineering scam are:
- The display name and the email address are mismatched;
- The email address has a subtle misspelling (ex. “firstname.lastname@example.org”);
- The email contains suspicious sites and links;
- The email contains a lot of grammatical errors; and
- The message conveys a sense of urgency, specifically to click on a link or provide information.
#3 Be cautious with revealing information
The objective of phishers is to extract useful information from you. So do not respond to an email that solicits your personal or financial information.
#4 Use trusted sources only
If you’re seeking updated, fact-based information on COVID-19, make sure you rely only on legitimate, official channels, especially government websites.
#5 Verify authenticity of charities
Make sure that a charity is authentic before making a donation. Check out the FTC’s page on Charity Scams to help you verify a charity’s authenticity. It also provides practical tips on how to donate.
#6 Learn more on risk management for COVID-19
The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) released their insights on risk management for COVID-19. In particular, they provide valuable information on cybersecurity threats, the vulnerabilities they exploit, and what you can do to mitigate such threats.
The effects of this pandemic on businesses will continue for several weeks, if not months. As long as you and your employees are working from home, your business remains vulnerable to various online scams exploiting COVID-19. Now more than ever is the time to partner with a trusted managed services provider like Online Computers. We provide cybersecurity solutions and staff training needed to keep your network safe. Contact us now, so you can remain business as usual during these difficult times.