Health officials, businesses, school districts, and communities have learned a lot about COVID-19 since it blanketed the world in March. So have cybercriminals. Fear and uncertainty associated with the virus, along with millions of employees working remotely, have formed a perfect storm for criminals looking to cash in. Fund members should continue to monitor pandemic-related scams and take steps to protect their network and their employees.
Cybercriminals constantly find new ways to exploit victims during the pandemic. These trending scams are more personal in nature. They can still impact your organization, however, if employees are targeted while using work devices or email addresses.
Phishing emails are using news of widespread vaccine distribution as bait. Some emails offer prioritized access to the vaccine. The recipient is directed to provide personal information, and in some cases, financial information to pay for this access. Other emails make the bizarre claim that taking the vaccine will “turn you into a monkey.” Recipients are then directed to a malicious website with “proof” of this claim.
Romance and relationships
Hackers are posing as lonely people in quarantine looking for companionship. They reach out to users on social media platforms such as Facebook and Twitter, as well as dating apps like Tinder and Bumble. They start by empathizing about the difficulty of finding love during the pandemic. As they build trust, they ask for the victim’s personal information. In many cases, the hacker claims to be infected with the virus and asks for financial support because they lost their job or don’t have insurance.
Family member in need
Spoofed phone number scams are on the rise. In these cases, a hacker makes their phone number look like the victim’s number, often with the same area code and first three digits. They claim to be a family member financially impacted by the virus or infected with the virus and in need of medical care. These scams are often directed at older people who might view the similarity in phone numbers as an indication they can trust the caller. In all cases, the hacker is after sensitive personal or financial information.
It didn’t take cybercriminals long to start taking advantage of COVID-19 fear and uncertainty. They continue to target victims with scams that have worked throughout the pandemic.
Contact tracing cyber scam
State and local governments use contact tracing applications to anticipate COVID-19 hotspots and prepare communities. Cybercriminals are taking advantage of the technology’s widespread use. Victims receive a text message that claims to come from a contact tracing system and warns them they were in contact with someone who tested positive for COVID-19. The message instructs victims to visit a website and learn how to protect themselves. Once there, the site infects their device with malicious code. Remember that federal, state, and municipal contact tracing programs do not send random text messages to the public. If you receive a suspicious message, contact the Texas Department of State Health Services.
WHO fraudulent link
In this phishing attack, the user receives an email that appears to be from a World Health Organization (WHO) representative. The email offers a personalized health report that identifies the user’s coronavirus risk factors and shares prevention tips. A link in the email directs the user to a fake WHO website. They are then tricked into creating an account by entering an email address, a password, and in some cases a Social Security number in exchange for their health report. If the user applies the same password to multiple accounts, they give criminals access to the information in those accounts.
CDC malicious attachment
In this scheme, the user receives an email that supposedly comes from the Centers for Disease Control and Prevention (CDC). The email contains an attachment that claims to provide “official advice from the government on how to stay safe during the coronavirus outbreak.” Once opened, the attachment injects the computer with malware that attempts to steal passwords and banking information by recording the user’s keystrokes.
Promote good cybersecurity hygiene
Your organization and your employees are likely more comfortable with remote work at this point in the pandemic. Remember, however, the same technology that allows employees to connect to your network, meet virtually with colleagues, and access the information they need to do their jobs can open doors for cybercriminals. These time-tested best practices are as relevant today as they were in March:
- Be cautious with Wi-Fi. Some employees might be tempted to use open Wi-Fi connections near them to do their work. Unfortunately, many public Wi-Fi options are unsecured. Wherever they choose to work, employees should use a password-protected Wi-Fi connection.
- Use a virtual private network (VPN). A VPN is a secured gateway into your network. Your IT department should scale up VPN capabilities and require employees to use VPNs when connecting to the network. IT should also turn on multi-factor authentication for VPN connections. Make sure employees know who to contact for technical support, including assistance using VPN technology and multi-factor authentication.
- Watch out for imposters. Hackers might try their luck at impersonating IT department staff. In this scenario, an employee receives a call like, “Hey, we noticed you were having trouble with your VPN. Could you go ahead and give us your username and password?” Remind employees that tech support will not likely reach out to them unsolicited. They should familiarize themselves with what official communication looks like from your IT team and remain vigilant.
- Keep equipment safe and secure. Many employees are sharing space with their families while working remotely. It’s important to remember our children are digital natives who are good at modifying electronic devices. They could install apps or other software that open work computers and tablets to attack. Make sure employees maintain physical control of their devices or have restricted access so others cannot install unwanted programs.
Expert help from the Fund
The Fund provides Privacy and Information Security coverage to members with Liability coverage. Members who suspect they have been the target of cybercrime should call the Fund immediately at 855.295.8344 to report a claim. If you have questions about cybersecurity education or consultation, contact Privacy and Cyber Risk Consultant Lucas Anderson.
Editor's note: This article was originally published in March 2020 and has been updated for accuracy and comprehensiveness.