Cyber Criminals Capitalize on COVID-19 with Phishing Campaigns
Mar 30, 2020
With social distancing and “stay at home” orders being enforced across the nation to contain the COVID-19 virus, many businesses across all sectors have adapted to a new lifestyle of working from home. This new method of conducting business has left many organizations to tackle an onset of new challenges including, WIFI connectivity, migrating to the Cloud, employee training, productivity, and cyber security to name a few. This increase in digital dependence enhances the cyber risk that many SMBs now face as they become vulnerable to cyberattacks.
Bad actors have taken advantage of this pandemic to lure targeted victims who are panicked and want more information on what is occurring with COVID-19. More phishing campaigns, both through email and phone, as well as fraud scams have been used to steal personal and financial information. In this article, we will discuss the main three ways hackers are targeting victims.
Cybercriminals have used the World Health Organization (WHO) and Centers for Disease and Control (CDC) as senders in their phishing emails with information regarding COVID-19. In an attempt to steal credentials and infiltrate a users’ device, they include attachments with more information addressing the virus that users click or download. These attachments contain malware or ask specific questions to reveal personal information in order to read the document.
The $2.1 trillion bipartisan economic relief plan, that was signed by President Trump, offers American households who were affected by COVID-19 financial assistance needed in terms of a one-time check based on income. With many people feeling financial stress during this unprecedented time, hackers have capitalized on this to create phishing emails and calls using the stimulus package as a way to capture personal information in exchange for a payout. The FBI Internet Crime Complaint Center warned Americans stating, “While talk of economic stimulus checks has been in the news cycle, government agencies are not sending unsolicited emails seeking your private information in order to send you money”.
Attacks on healthcare professionals
Doctors and nurses who are at the frontlines of COVID-19
around the world are combatting difficult decisions as to which patient will
get the needed healthcare equipment to survive based on past medical history.
Medical equipment such as ventilators have become scarce and cyber criminals
are using this and the current stress in the supply chain, as a way to target healthcare
professionals with scams. Unusual vendors and unidentified third-party
brokers selling sanitizing products and personal protection equipment are signs
of scams that healthcare workers and businesses in the healthcare industry
should be aware of.
Although cyberattacks and scams aren’t new during times of stress or disasters, the COVID-19 is an unprecedented and long-lasting disaster that the government and the Federal Emergency Management Agency wasn’t prepared for. The lack of resources has left the nation and businesses of all sizes in a vulnerable state. Training employees on online user best practices and how to identify and report phishing attempts, as well as relying on a managed security services provider or your dedicated SOC team to protect and prevent against potential threats, will help strengthen your cyber security defenses.
Protecting Businesses Who are Vital to our Economy
This pandemic has placed a significant strain on the global economy and our local communities, disrupting the daily life of millions. At the forefront, Secuvant is focused on keeping our employees safe, while continuing to operate and serve businesses across the country who are vital for our economy. Our team is well-positioned to continue business operations throughout the duration of this pandemic and identify, prevent, and protect our clientele through our cyber security solutions and advanced tools. If you have any questions on how to best protect your business during this challenging time, please contact one of our security professionals at firstname.lastname@example.org or 855-732-8826.