As a follow up to our previous article on the subject of Cyber Security During a Pandemic, we thought we’d share with you some of the topics used in phishing scams, so that you are better prepared, should you become the target of one.
As always, our central piece of advice for those seeking to protect their business’ data is preparedness is the key to prevention. Even though some scams target individuals, they should still be considered carefully by businesses that have employees working from home. Understanding what type of scams are out there will make it much easier to spot one. We encourage our clients to regularly engage their staff in training, no matter how much of a tech expert an employee appears to be. Statistics on phishing show that anyone is susceptible to falling for a well-crafted scam.
Here are the latest COVID-19 related phishing scam topics that prey on an individual’s concerns over the pandemic crisis:
The Supplier – This type of email usually contains an offer to sell their target fake medicine, vaccines, or masks that are in high demand. These fraudsters offer to send you a quantity of fake or non-existent items that, they claim, will protect you or cure your illness. Often, they are pleasant in tone, but ask the target to “act quickly before stock runs out.”
The Official – Some phishing scams may come in the form of a statement or request from someone impersonating the Centers for Disease Control (CDC), World Health Organization (WHO), or similar agency. They may even use domain names similar to those of the CDC and WHO. These emails often have an urgent and alarming tone to them, and ask you to submit information or payment via a donation or even bitcoin. Sometimes, they contain an attachment claiming it to be tips on how to stay safe. When a victim opens the attachment, they will, unknowingly, download malicious software that will infect their computer with a virus or malware.
Both the CDC and the WHO have put out statements that condemn these scams and warn citizens against them.
The Stimulus – Perhaps the most ruthless of them all is the one that fraudulently promises government relief to those who are suffering. This type of scam impersonates a government agency, like the IRS, and asks the victim for bank information so that they can receive any government issued funding from the recently passed United States CARES Act, which will distribute up to $1,200 for individuals and up to qualified $2,400 for couples who filed their taxes the previous year. This bill also includes relief for small businesses that may be struggling to pay employees after totally or partially shutting down their operations. This scam has been reported in many forms, from text messages demanding you fill out a questionnaire, to social media posts claiming you can receive more than your share if you “follow one simple trick”. It is important to only listen to federal government guidelines on the distribution of CARES Act relief checks.
The best way to combat these phishing scams is through training and educating your employees on how to spot them. Our blog page has many useful articles on phishing, ransomware and other cyber security threats.
If you have any questions relating to this risk or need help with any cyber risk related issues, please contact Jon Edwards, Partner, Cyber Risk Advisory, at 732-395-4281 or [email protected].