“In hindsight, I probably should’ve realized my boss’ urgent request to purchase face masks was a scam.” News flash: Criminals utilize societal events such as floods, fires and pandemics to exploit consumer fear. This year, the COVID-19 pandemic has provided cyber criminals with a unique opportunity to take advantage of millions of vulnerable remote connections from employee home networks to their corporate networks. In addition, these criminals take advantage of what consumers can logically expect to receive via email to conduct phishing attacks. In response, the FBI’s Internet Crime Complaint Center (IC3) issued an advisory that warns online education and remote work platforms of an increase in cyberattacks as more public and private organizations rely on virtual tools because of the COVID-19 pandemic.
If you have noticed an uptick in the number of spam emails you are receiving, you are not alone, and your perception reflects reality. IC3 has reviewed thousands of complaints related to COVID-19 scams, including phishing campaigns against first responders, ransomware attacks targeting healthcare institutions, and fake COVID-19 websites that download malware onto victim devices when accessed. Phishing strategies have been on the rise this year, with new malicious email campaigns popping up each day. Emails containing advice on preventing the spread of COVID, “alerts” from the World Health Organization, and dummy invoices for medical supplies have been used as a cloak for malware. When employees open the emails, they permit an attacker to gain access to their personal information and compromise the security of their employer’s network. As for the emails themselves, messages may contain either a malicious attachment or a link to a malicious website. Clicking on either the attachment or the link may cause malware to be downloaded onto the device.
Coronavirus-related phishing schemes require businesses to be proactive in their approach to combating cybercrime. Specifically, employers must be vigilant in educating their employees to minimize the risk of COVID related cybercrime. Phishing attacks pose serious risks to the security of computer networks. Cyber criminals may target email accounts, using different strategies to acquire user credentials and access to a computer network. In sum, when an email account is compromised, networks become vulnerable and any sensitive information contained therein may end up for sale on the dark web or held for ransom.
Contemporary business management mandates acquisition of basic institutional knowledge regarding cybersecurity. This means not only developing a basic understanding of risk, but also implementing basic strategies to protect assets. Working knowledge and deployment of multifactor authentication, data encryption, password strength requirements, and routine software updates should be deemed essential. The Federal Trade Commission (FTC) has a wealth of information related to cybersecurity for small businesses and we encourage all administrators to view and/or review the materials available there. If you rely on a third-party administrator, acquire enough information to ask the right questions to ensure your network is protected.
Cyber criminals will often try to create a false sense of urgency to open an email message. Be suspicious. Do not click on questionable attachments or links. Utilize external message flagging, so that users have notice that a message is from an external source and can use extra caution. If your network is compromised, immediately disable any unauthorized connection. Passwords must be changed. Generally, the longer the password, the more difficult it is to compromise. Moreover, do not assume your employees will be as vigilant as your network administrator—educate, educate, educate.
If you are less than certain whether your company’s cyber security policies are sufficient to protect your network from contemporary cyber security threats, you are encouraged to reach out to an expert to evaluate them and deploy appropriate countermeasures. Please contact Benjamin Dill (firstname.lastname@example.org) at 804-377-1272 or Steve Setliff (email@example.com) at 804-377-1261 with any questions you may have.