Hackers never take a day off and the coronavirus pandemic has created the perfect “work” environment for them. There has been an alarming rise in online scams with hackers taking advantage of the sense of fear and urgency for people to protect themselves. And as the outbreak pushes businesses to utilize their disaster recovery plans, hackers are quickly creating sophisticated scams to attack them too.
With employees now working from home at a scale never before imaginable, criminals are increasingly finding ways to infiltrate a business through its remote workforce. Hackers are boosting the use of phishing emails and phone calls as the primary tactic to steal money or install malware during this worldwide crisis. They are trying to capitalize on the possibility of employees letting their guard down amid the heightened emotions and frequent communication…it only takes one email masked as a reputable source to trick someone into taking action that creates an adverse event for a business.
Your business may be responding 24/7 to the Coronavirus pandemic, but it is critical to remind your staff about the role they play in protecting the business from data breaches, cybercrime, scams and fraudulent activities. Here are a few ways hackers are targeting businesses:
Urgent Request from Senior Executive
Hackers are using the CEO scam, which has been around for some time, but are adapting it to the current crisis. They send a bogus email to trick employees into fulfilling an emergency request from a senior executive to make a purchase, transfer funds or open an attachment that downloads malware. The pandemic has created both a health and economic crisis resulting in a multitude of urgent communications. This could make it easy for an employee to let their guard down and not question an urgent request that they might otherwise follow up on. And with so many people working remotely, the problem is more challenging since there is no opportunity to speak with the executive and ask about the request face-to-face.
News from WHO, CDC or Public Health Departments
Consumers have reported receiving fraudulent emails from the World Health Organization, Centers for Disease Control and even local public health departments. But, it’s important to tell employees to be on alert for these types of scams since they are being used to target businesses too. These emails may have attachments or links which can be used to steal confidential information or infiltrate your network. Staff looking for accurate and legitimate information should go directly to the source and not use links in an email that cannot be verified.
This scam relies on human nature and the ability of an intruder to manipulate an employee to perform a task that breaches your company’s system. It’s based on the CEO scam, but the email or call is from an associate claiming to be from the IT department. IT departments are on over-drive trying to keep businesses running and staff in other departments are distracted in a rapidly changing work environment. In this scenario, fraudsters may ask for a password or send a link for updated software. They may use phrases which include some factual information, such as, the name of someone who works at the company -- “Henry asked me to call and give you the link to the new software that will let you access the network”.
Remind your employees to follow the same type of precaution for online identification that they use to allow someone access into a brick and mortar location. Inform them to contact the IT staff separately to confirm the request is valid before taking action.
Robocalls and Supply Scams
Those Robocalls aren’t just directed at consumers; businesses are being targeted too. They come in the form of messages like this recording from the FTC that targets “a small business that has been affected by the Coronavirus,” warning them to “ensure your Google listing is correctly displaying. Otherwise, customers may not find you online during this time.” The call is not from Google. Staff should simply hang up on these illegal calls.
Another scam designed to steal money is the Supply scam. Employees should be wary of emails with links to websites selling supplies, especially those selling items that are in short supply and high demand related to the pandemic. These emails can look like valid messages from well-known retailers so recommend your employees research the internet to find the URL address for the retailer they want to visit.
Your workforce is the best defense to help protect your business, but they need to be trained and educated frequently so that the line of defense is as solid as possible. The Federal Trade Commission is a great resource and recommends businesses use the resources at the National Institute of Standards and Technology (NIST) to help your business make a safe transition to a remote workplace; start with their updated Telework Cybersecurity page.
Come across a bogus pitch? You can report it to the FTC as well as any possible COVID-19 frauds.