We hear a lot about cybercrime this time of year. Tax season leaves many people vulnerable to attack because they’re relying on their tax return to pay a bill or relieve some stress on their bank accounts. The promise of more money, more quickly, in a scam email, often leads to trouble. People also have a natural fear of the IRS and can fall victim to impersonators claiming they’ve committed a crime but can now resolve it with a cash payment.
Unfortunately, tax stress isn’t the only thing that makes people more vulnerable to scams. Any event that heightens fear and anxiety is a boon for online scammers. The outbreak of coronavirus will be no different, and business leaders of all sizes, as well as individuals, need to be on alert.
The U.S. Secret Service has issued guidance around coronavirus-related phishing scams:
“Cybercriminals are exploiting the coronavirus through the wide distribution of mass emails posing as legitimate medical and or health organizations. In one particular instance, victims have received an email purporting to be from a medical/health organization that included attachments supposedly containing pertinent information regarding the coronavirus. This led to either unsuspecting victims opening the attachment, causing malware to infect their system, or prompting the victim to enter their email login credentials to access the information resulting in harvested login credentials.”
The guidance also notes that a rise in remote work, which many companies are now exploring, increases the risk of cyberattacks due to increased reliance on email for communication.
Phishing emails are an easy method of attack under any circumstance, but as we navigate this new world of increased remote work in a time that so many are anxious about the spread of disease, we need to be particularly vigilant.
Companies of all sizes and working environments (remote or on-site) should reiterate to employees cybersecurity best practices. This includes not clicking on links embedded in emails and entering credentials and/or opening or downloading suspicious attachments. Employees should also verify by phone conversation any requests for wiring of funds. Now more than ever, cybercriminals will attempt to impersonate business owners and HR reps.
It’s certainly not time to panic (about a lapse in cybersecurity ruining your business or coronavirus in general), but it is time to make plans for the current challenge before us, and that includes reviewing cybersecurity preparedness plans.
Be safe, be smart, and most of all, be secure.