In the midst of the Coronavirus pandemic, cybercriminals have taken heed of the opportunity to exploit the global health crisis for profit and fraud. Among the new collection of virus-themed scams are phishing campaigns, social engineering attacks, charity-focused emails and more.
As more businesses seek out emerging news regarding the grave situation and exercise remote work procedures to mitigate the spread of Coronavirus Disease 2019 (COVID-19), Align encourages them to practice vigilance with regard to suspicious emails and cyber activity.
In today's blog, we're proffering readers a look into the most malicious and sophisticated scams we're witnessing from the front lines, including the following campaigns listed below:
Coronavirus: Secrets for Surviving a Pandemic
Do you want access to the secrets for surviving a pandemic?
Criminals are luring in victims with missives such as the above example, dangling the opportunity to access secret knowledge for ensuring survival during the outbreak of COVID-19. A key element to these sales pitches is that recipients must perform an action, such as purchasing a book or watching a video. Fraudsters leverage the former device as a means to empty your wallet and steal your credit card details. Sensitive banking information is then recycled future-forward to make fraudulent purchases on your behalf, risking draining your personal or corporate assets.
Other malevolent social engineering attacks send persuasive emails that contain a hyperlink to an article on new developments regarding COVID-19. Upon clicking the article's link, recipients are directed to a fake website or login page where they can enter a username and password. Unbeknownst to the victim, they have immersed themselves in a phishing scam, during which bad actors aim to uncover your account credentials.
Click Here to Donate
Firms should be wary of charity-focused emails that are impersonating reputable organizations such as UNICEF, Centers for Disease Control & Prevention (CDC) and GlobalGiving. In this scenario, criminals are preying on people's empathy, suggesting that your charitable donation can help expedite the design of vaccines and support emergency response efforts. While some of these manipulative messages request payments in Bitcoin cryptocurrency, others even contain a QR code to simplify the process of stealing your money.
An entirely new collection of virus-themed emails has surfaced, and they are targeting hedge funds and the broader investment community. Many of these communications exploit fear while promoting their products and solutions.
For example, malicious actors may target survivalists and anxious users to offer discounts or access to hand sanitizer, face masks and other resources growing scarce during a health crisis. These communications heighten paranoia in an attempt to evoke action and access your business' mission-critical network.
Speaking of critical systems and networks, let's switch gears to discuss work from home (WFH) and the sound measures businesses can employ to operate securely and smoothly.
Remote Access & Risky Business
Empowering employees to work remotely or work from anywhere (WFA) with access to critical infrastructure has numerous benefits for businesses. To name a few:
- Significant cost-savings
- Enhanced communication
- Increased flexibility
- Modernized collaboration
- Improved service levels
The industry has seen tectonic shifts in IT infrastructure innovation over the past few years. Primarily due to the explosive growth and sophistication of the public cloud, which has crossed the tipping point and is now largely considered the optimal construct upon which contemporary IT networks are built, expectations have changed. If you are operating in an inferior legacy environment, you undoubtedly lack the typical controls and functionality of a modern IT infrastructure. Furthermore, your firm is a step behind in safeguarding sensitive business assets and preventing data exfiltration and other cybersecurity risks.
Managing Coronavirus-Related Cybersecurity Risks
We urge organizations to employ cybersecurity best practices and proceed with the utmost caution in today's turbulent cyber climate. We anticipate these scams will increase in frequency and sophistication rapidly, so long as hackers can profit.
To help safeguard your corporate assets and prevent your investment firm from falling victim to cybercrime, we offer the following guidelines and resources:
- If you haven't already, ensure your company has implemented multi-factor authentication (MFA). Deploying a multi-factor authentication solution bolsters account security across applications and adds an additional layer of identification.
- Reach out to your Managed Service Provider (MSP) and ask what systems they have in place for proactive monitoring of suspicious activity. Alternatively, if you have an in-house IT department, ask the appropriate team member for those details.
- Approach emails with extreme caution that make alarmingly extravagant claims or abrupt requests, convey urgency, ask you to download something, or request payment.
- Never click on hyperlinks in electronic communications from an unknown source. If the sender is someone you're familiar with, contact that person directly to confirm they, in fact, sent you the email.
- Preventing cybercriminals from infiltrating your network starts with your first line of defense, your staff. Align's clients are better equipped at dealing with current and emerging risks because they have created a robust culture of security through leveraging our Security Awareness Training.
- When offering telecommuting to your workforce, make sure you have the proper tools, systems and protocols in place. Firms should also test remote capabilities before promoting them company-wide to identify any gaps and make improvements where necessary.
- To help educate your network on the growing dangers and risks associated with scams related to COVID-19, consider sharing this article with your team, partners and clients.
- The Federal Financial Institutions Supervisory Council (FFIEC) issued a news release on pandemic preparedness. Access it here.
- Familiarize your team with our Service Desk's contact information:
- Email: email@example.com
- (US) Phone: 1-855-482-5446
- Explore more information on Align's Cybersecurity Advisory Practice.
- Access daily updates from the World Health Organization (WHO): https://www.who.int/emergencies/diseases/novel-coronavirus-2019
- CDC Guidance to Plan and Respond to COVID-19: https://www.cdc.gov/coronavirus/2019-ncov/specific-groups/guidance-business-response.html
Have you been a victim of a cyber scam or phishing email related to COVID-19?
If so, we advise you to contact the Align Cybersecurity team at firstname.lastname@example.org or via phone at +1 855-IT-ALIGN (1-855-482-5446).