The current COVID-19 pandemic is changing the business landscape. The most immediate being the sudden increase in the amount of people working from home. It is no surprise that this change has significantly increased the attack surface, forcing companies to strengthen their cybersecurity measures to ensure they do not become the next victim of cybercriminals. During this new time of uncertainty, cyber criminals are taking advantage, particularly of people who are not used to working remotely, with email and text scams. By exploiting current tragedies and well-publicized global issues, scammers are tricking remote employees who are anxious about the events taking place.
So far there have been thousands of reported COVID-19 phishing attempts, andje this number is increasing rapidly with over 50 new reports daily. One of the most common scams those new to the remote workforce should be looking out for are emails and SMS messages asking for donations to help the National Health Service (NHS) buy Personal Protective Equipment (PPE) and to fund the fight against COVID-19 as a whole. Current estimates suggest that scammers have already stolen millions using this technique.
Another similar scam is text messages and emails, apparently from the UK government, issuing fines to people for leaving their house more than once daily during the lockdown. Because these messages are fake, the “fines” are paid directly to the scammers. By following the links in a scam email, bank details, accounts and passwords can be stolen, allowing hackers to empty bank accounts completely.
As the economy struggles to recover from the pandemic, people are continuing to lose their jobs. Many scammers are targeting unemployed workers, offering them jobs, but demanding an advance fee for vetting or background checks. The problem is these positions do not exist and the scammers are pocketing the money they receive. Online shopping scams have also adjusted to take advantage of the pandemic, particularly as more people are relying on these services while they practice social distancing. Because these products are in very high demand, people are paying for face masks, gloves, and hand sanitizer, which never arrive.
The uncertainty created by COVID-19 and the global shutdown is providing scammers with plenty of new opportunities to take advantage of the situation. Much of the population is unfamiliar with working from home, leaving them vulnerable to the techniques used by hackers. And because official advice about the pandemic appears to be unclear and confusing, it is no surprise that people are being tricked by messages that look they come from official sources.
How to defend against scammers
In order for organizations to protect themselves and their employees, a good place to start is to implement security awareness training with a concentration on phishing attacks. These types of trainings help to engrain in remote workers that they should not click on suspicious and unfamiliar links or navigate to untrustworthy sites.
The novel coronavirus has introduced many complications into our daily way of life and as with any event of this scale, the criminal element will seek to exploit it. We, along with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) are seeing not only an increase in phishing and social engineering scams—engineered to prey upon peoples’ panic in a time of uncertainty—but also widespread misinformation campaigns with various goals ranging from geopolitical to financially motived. It’s more important than ever the businesses review their cybersecurity plans to ensure they have a layered approach to defending their network against would be intruders.