JHA_HeaderImage_Blog_v6

COVID-19 and Cybersecurity: How Real are the Threats?

Posted by Viviana Campanaro

Wed, Apr 29, 2020 @ 09:30 AM

Blog-2020-04-29

2020 takes a significant place in the history books. A global pandemic of unprecedented proportions has changed the lives of millions of people as they entered a new way of life and social distancing became the norm. Political campaigns during this Presidential election year in the US have taken a back seat to health and economic initiatives to sustain our country during the Coronavirus outbreak.

The internet has become our lifeline. Until recently, warnings about the health and security risks of too much use were prevalent, but now, social media and the internet have become our proverbial new normal. Hashtags like #StayHome, #socialdistancing and #Quaranteam are a sign of our times: families are working and learning at home, medical patients are quarantined from loved ones, physical gatherings are strongly discouraged, travel has significantly declined, gas prices and car insurance are at an all-time low. As virtual workers and learners, more people are navigating technology in more ways than ever before.

Sadly but not surprisingly, the internet has also provided much opportunity for scammers and attackers to exploit our new normal. In these times of COVID-19 and cybersecurity, the threats are real.

Phishing Continues to be a Problem

  • COVID-19-themed phishing lures are targeting both individuals and corporations, redirecting victims to malicious links or asking them to open malicious attachments with a range of malware.
  • Emails pose as credible sources such as the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO). These organizations ask that we be aware of messages that look like internal organizational alerts, news about local cases of the virus, charitable solicitations, and fake virus testing products.
  • Recently it was reported that an attachment used in a new Coronavirus phishing campaign installs Ransomware. This is malware that encrypts your data and requests payment to decrypt it.
  • The FBI's Internet Crime Complaint Center (IC3) has warned of an ongoing phishing campaign delivering spam using fake government economic stimulus checks as bait to steal personal information.

Fraudulent Offers

  • A new Android app that promises to deliver up-to-date figures on the coronavirus pandemic includes a strain of malicious software that locks up a user’s phone and demands an extortion fee.
  • With many people being laid off or working from home due to the pandemic, criminals may be able to recruit more “money mules” under the pretense of a work-at-home job offer, according to cybersecurity researcher Brian Krebs.

Credit Card Scams are on the Rise

  • Scammers are suggesting they will seek to conduct “carding” (trafficking of credit card, bank account and other personal information) against online retail locations as brick and mortar locations temporarily close.
  • Fraudsters have reportedly used coronavirus as a new tactic in scam robocalls in the US. These calls have attempted to defraud victims by claiming to sell “at home testing kits” or claiming that they can receive their government stimulus funds early if they provide credit or debit card information. 

To ZOOM or not to ZOOM

  • The video conferencing app ZOOM was reported to having security flaws that allow uninvited participants to join conference calls (“zoombombing”). While the company has announced it will address the issue, users are cautioned against having confidential or sensitive calls that could be overheard or disrupted by unauthorized individuals. At a minimum, ensure your meetings are password protected to reduce the likelihood of disruption.

Warning from Federal authorities

The US Federal Trade Commission (FTC) has issued a warning regarding new COVID-19 themed scams. The agency advised the public to protect their computers and their phones by using security software and installing updates. The FTC urges businesses to use multifactor authentication and create backups to protect against data loss.  Also, the United States Department of Justice announced its first action in federal court to combat against online fraud related to the COVID-19 coronavirus outbreak.

Here are 5 things you can do to avoid a Coronavirus scam:1

  1. Ignore offers for vaccinations and home test kits. Scammers are selling products to treat or prevent COVID-19 without proof that they work.
  2. Hang up on robocalls. Scammers use illegal sales call to get your money and your personal information.
  3. Watch out for phishing emails and text messages. Don’t click on links in emails or texts you didn’t expect
  4. Research before you donate. Don’t let anyone rush you into making a donation. Get tips on donating wisely at ftc.gov/charity.
  5. Stay in the know. Go to ftc.gov/coronavirus for the latest information on scams. Sign up to get FTC’s alerts at ftc.gov/subscribe.

I encourage everyone to stay safe and vigilant during these trying times. To echo the general sentiment, we will get through this together, if we work together.

1Source:  Federal Trade Commission – Keep Calm and Avoid Coronavirus Scams https://www.consumer.ftc.gov/sites/www.consumer.ftc.gov/files/keep_calm_infographic_en_letter_508.pdf

Topics: Cybersecurity

Subscribe to Email Updates

Recent Posts