TASB buildings are temporarily closed. Staff members are working remotely and are available by email or phone.

TASB Risk Management Fund

Cybercriminals Look to Cash in on Coronavirus

May 06, 2020 Lucas Anderson

COVID-19 cybersecurity criminal

The rapid, global spread of COVID-19, commonly known as coronavirus, has generated uncertainty and fear among employees across industries. Additionally, the health and safety measures recommended by the Centers for Disease Control and Prevention (CDC) and the World Health Organization (WHO) have seen millions of workers leave their offices for work-from-home or other telecommuting options.

Situations such as these are ideal for criminals to launch cyberattacks. Hackers often prey on fear and uncertainty to socially engineer unsuspecting victims into following their instructions. Emotional vulnerabilities, coupled with employees who are using telecommuting technologies for the first time, underscore the importance of securing your network against opportunistic cybercriminals.

Recognize coronavirus phishing attempts

Three widespread fraudulent email (phishing) attacks capitalize on the fear associated with coronavirus to access sensitive personal information. Remind your employees to be on the lookout for attacks such as these:

Contact tracing cyber scam

State and local governments use contact tracing applications to anticipate COVID-19 hotspots and prepare communities. Cybercriminals are taking advantage of the technology’s widespread use by launching scams that exploit fear associated with the pandemic. Victims receive a text message that claims to come from a contact tracing system and warns them they were in contact with someone who tested positive for COVID-19. The message instructs victims to visit a website and learn how to protect themselves. Once there, the site infects their device with malicious code. Remember that federal, state, and municipal contact tracing programs do not send random text messages to the public. If you receive a suspicious message, contact the Texas Department of State Health Services.

WHO fraudulent link

In this phishing attack, the user receives an email that appears to be from a WHO representative. The email offers a personalized health report that identifies the user’s coronavirus risk factors and offers prevention tips. A link in the email directs the user to a fake WHO website. They are then tricked into creating an account by entering an email address, a password, and in some cases a Social Security number in exchange for their health report. If the user applies the same password to multiple accounts, they are giving criminals access to the information in those accounts.

CDC malicious attachment

In this scheme, the user receives an email that supposedly comes from the CDC. The email contains an attachment that claims to provide “official advice from the government on how to stay safe during the coronavirus outbreak.” Once opened, the attachment injects the computer with malware that attempts to steal passwords and banking information by recording the user’s keystrokes.

Promote good cybersecurity hygiene

Some employees might be working remotely for the first time during the coronavirus outbreak. The technologies that allow them to connect to your network, meet virtually with colleagues, and access the information they need to do their jobs can open doors for cybercriminals.

Promote these best practices to ensure your employees’ work-from-home experiences don’t jeopardize the organization’s network security or sensitive information:

  • Be cautious with Wi-Fi. Some employees might be tempted to use open Wi-Fi connections near them to do their work. Unfortunately, many public Wi-Fi options are unsecured. Wherever they choose to work, employees should make sure they are utilizing a password-protected Wi-Fi connection.
  • Use a virtual private network (VPN). A VPN is a secured gateway into your network. Your IT department should scale up VPN capabilities and require employees to use VPNs when connecting to the network. They should also turn on multi-factor authentication for VPN connections. Make sure employees know who to contact for technical support, including assistance using VPN technology and multi-factor authentication.
  • Watch out for imposters. Hackers might try their luck at impersonating IT department staff. In this scenario, an employee receives a call like, “Hey, we noticed you were having some trouble with your VPN. Could you go ahead and give us your username and password.” Remind employees that tech support will not likely reach out to them unsolicited. They should familiarize themselves with what official communication looks like from your IT team and remain vigilant.
  • Keep equipment safe and secure. While working from home, many employees will be sharing space with their families. It’s important to remember that our children are digital natives and are very adept at modifying electronic devices. This could include installing apps or other software on work computers and tablets. Such modifications could create vulnerabilities on business devices. Make sure employees maintain physical control of their devices or have restricted access so that others cannot install unwanted programs.

Telecommuting is a great opportunity to remain productive when so many of us are stuck at home. But, as always, the technologies that improve our lives and create new conveniences also create new vulnerabilities. If your employees familiarize themselves with threats and best practices, they can help you protect your network security and your organization’s sensitive data.

Expert help from the Fund

The Fund provides Privacy and Information Security coverage to members of our Property and Liability programs. Members that suspect they have been the target of cybercrime should call the Fund immediately at 855.295.8344 to report a claim. Members that have questions about cybersecurity education or consultation are welcome to contact Privacy and Cyber Risk Consultant Lucas Anderson at lucas.anderson@tasb.org or 512.505.2893.

Editor's note: This article was originally published in March 2020 and has been updated for accuracy and comprehensiveness.

Tagged: coronavirus, COVID-19, cyber, "cyber security", cybersecurity