The United States Department of Homeland Security, as well as other cybersecurity organizations, have formally released an alert warning about the new COVID cyber threats and strategies cyber hackers are using to gain access to confidential information.
Titles containing key words involved in the pandemic have been linked to phishing scams to gain access to personal information such as usernames and passwords, which opens a new risk to companies and their employees. Many of these emails can be formatted to look as though they are coming from trustworthy sources, such as a company’s HR department or a well-known news website. Titles that have been linked to this threat include:
- 2020 Coronavirus Updates
- Coronavirus Updates
- 2019-nCov: New confirmed cases in your City
- 2019-nCov: Coronavirus outbreak in your city (Emergency)
Emails are not the only area under attack. Text messages are also being utilized by scammers to lure an unsuspecting victim to click on a link provided. This is often with financial incentives such as government rebates or financial support packages. Because of the economic impact the pandemic has had, many people are more incentivized to fall for SMS phishing scams, which could result in loss of personal information such as name, address, email log ins and banking information.
The pandemic forced many operations to implement a quick telework infrastructure. This opened the door for hackers to exploit not only VPN and IT systems, but also commonly used communication tools such as Microsoft Teams, Zoom and Citrix. People are now receiving several video call invitations daily and are more likely to blindly click on the link as opposed to checking the legitimacy of the invitation. Links such as these can be disguised to look harmless when they are actually phishing emails that include malicious files. These files could cause a major security risk to both the employee and the employer.
Many of these calls are not password protected, and attackers have been known to hijack the teleconferences to gain insight into classified information. This can lead to an increase in risk for malware, phishing emails and potentially ransomware. Today more than ever password protecting your teleconferences as well as educational programs for all employees is a must. In addition, it is also important to have protocols in place in the event of a cyberattack.
If you have any questions or concerns, or need assistance in identifying your cyber security risk, please contact your Henry+Horne Advisor.