March 18, 2020

How to Protect Your Business from Coronavirus Phishing & Cyber Scams

by: John Araneo

In the midst of the Coronavirus pandemic, cybercriminals have taken heed of the opportunity to exploit the global health crisis for profit and fraud. Among the new collection of virus-themed scams are phishing campaigns, social engineering attacks, charity-focused emails and more. 

As more businesses seek out emerging news regarding the grave situation and exercise remote work procedures to mitigate the spread of Coronavirus Disease 2019 (COVID-19), Align encourages them to practice vigilance with regard to suspicious emails and cyber activity. 

In today's blog, we're proffering readers a look into the most malicious and sophisticated scams we're witnessing from the front lines, including the following campaigns listed below:

Coronavirus: Secrets for Surviving a Pandemic 

Do you want access to the secrets for surviving a pandemic? 

Criminals are luring in victims with missives such as the above example, dangling the opportunity to access secret knowledge for ensuring survival during the outbreak of COVID-19. A key element to these sales pitches is that recipients must perform an action, such as purchasing a book or watching a video. Fraudsters leverage the former device as a means to empty your wallet and steal your credit card details. Sensitive banking information is then recycled future-forward to make fraudulent purchases on your behalf, risking draining your personal or corporate assets.

Other malevolent social engineering attacks send persuasive emails that contain a hyperlink to an article on new developments regarding COVID-19. Upon clicking the article's link, recipients are directed to a fake website or login page where they can enter a username and password. Unbeknownst to the victim, they have immersed themselves in a phishing scam, during which bad actors aim to uncover your account credentials. 

Click Here to Donate 

Firms should be wary of charity-focused emails that are impersonating reputable organizations such as UNICEF, Centers for Disease Control & Prevention (CDC) and GlobalGiving. In this scenario, criminals are preying on people's empathy, suggesting that your charitable donation can help expedite the design of vaccines and support emergency response efforts. While some of these manipulative messages request payments in Bitcoin cryptocurrency, others even contain a QR code to simplify the process of stealing your money. 

Virus-Themed Emails

Coronavirus Scams, COVID-19 Cybersecurity

An entirely new collection of virus-themed emails has surfaced, and they are targeting hedge funds and the broader investment community. Many of these communications exploit fear while promoting their products and solutions. 

For example, malicious actors may target survivalists and anxious users to offer discounts or access to hand sanitizer, face masks and other resources growing scarce during a health crisis. These communications heighten paranoia in an attempt to evoke action and access your business' mission-critical network. 

Speaking of critical systems and networks, let's switch gears to discuss work from home (WFH) and the sound measures businesses can employ to operate securely and smoothly.

Remote Access & Risky Business 

Empowering employees to work remotely or work from anywhere (WFA) with access to critical infrastructure has numerous benefits for businesses. To name a few:

  • Significant cost-savings
  • Enhanced communication 
  • Increased flexibility
  • Modernized collaboration
  • Improved service levels


The industry has seen tectonic shifts in IT infrastructure innovation over the past few years. Primarily due to the explosive growth and sophistication of the public cloud, which has crossed the tipping point and is now largely considered the optimal construct upon which contemporary IT networks are built, expectations have changed.

If you are operating in an inferior legacy environment, you undoubtedly lack the typical controls and functionality of a modern IT infrastructure. Furthermore, your firm is a step behind in safeguarding sensitive business assets and preventing data exfiltration and other cybersecurity risks.

If you're seeking information on remote work solutions that offers access to 24x7x365 support, we recommend reaching out to one of our Managed IT experts. Contact us today by clicking here

Managing Coronavirus-Related Cybersecurity Risks

We urge organizations to employ cybersecurity best practices and proceed with the utmost caution in today's turbulent cyber climate. We anticipate these scams will increase in frequency and sophistication rapidly, so long as hackers can profit. 

To help safeguard your corporate assets and prevent your investment firm from falling victim to cybercrime, we offer the following guidelines and resources:

  • If you haven't already, ensure your company has implemented multi-factor authentication (MFA). Deploying a multi-factor authentication solution bolsters account security across applications and adds an additional layer of identification.
  • Reach out to your Managed Service Provider (MSP) and ask what systems they have in place for proactive monitoring of suspicious activity. Alternatively, if you have an in-house IT department, ask the appropriate team member for those details.
  • Approach emails with extreme caution that make alarmingly extravagant claims or abrupt requests, convey urgency, ask you to download something, or request payment.604-1000x-1000
  • Never click on hyperlinks in electronic communications from an unknown source. If the sender is someone you're familiar with, contact that person directly to confirm they, in fact, sent you the email.
  • Preventing cybercriminals from infiltrating your network starts with your first line of defense, your staff. Align's clients are better equipped at dealing with current and emerging risks because they have created a robust culture of security through leveraging our Security Awareness Training.
  • When offering telecommuting to your workforce, make sure you have the proper tools, systems and protocols in place. Firms should also test remote capabilities before promoting them company-wide to identify any gaps and make improvements where necessary.
  • To help educate your network on the growing dangers and risks associated with scams related to COVID-19, consider sharing this article with your team, partners and clients.
  • The Federal Financial Institutions Supervisory Council (FFIEC) issued a news release on pandemic preparedness. Access it here
  • Familiarize your team with our Service Desk's contact information:
  • Explore more information on Align's Cybersecurity Advisory Practice.
  • Access daily updates from the World Health Organization (WHO): https://www.who.int/emergencies/diseases/novel-coronavirus-2019
  • CDC Guidance to Plan and Respond to COVID-19: https://www.cdc.gov/coronavirus/2019-ncov/specific-groups/guidance-business-response.html 

Have you been a victim of a cyber scam or phishing email related to COVID-19? 

If so, we advise you to contact the Align Cybersecurity team at help@align.com or via phone at +1 855-IT-ALIGN (1-855-482-5446).

 

Continue Reading

Related Articles

★★★★★

“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC