Cybersecurity Risks Related to COVID-19
Cybersecurity Risks Related to COVID-19
To help you, our customers, manage the impacts of COVID-19, we would like to share information from the Department of Homeland Security (DHS) and the Federal Financial Institutions Supervisory Council (FFIEC). We encourage you to follow these links to ensure your organization is aware and prepared for opportunistic cyber thieves.
The Cybersecurity and Critical Infrastructure Agency (CISA) of DHS issued Awareness Alert AA20-073Ai, “Enterprise VPN Security,” to advise organizations of cybersecurity considerations and mitigations for enterprise virtual private network (VPN) solutions enabling teleworking employees to connect to an organization’s information technology (IT) network. If you are having your employees telecommute, be sure that your systems are patched and secure!
CISA issued a Cyber Alert, “Defending Against COVID-19 Cyber Scams,” reminding individuals to remain vigilant for scams related to COVID-19. Cyber actors have been sending emails with malicious attachments or links to fraudulent websites attempting to trick recipients into revealing sensitive information or donating to fraudulent charities or causes. We encourage you to caution staff and customers in handling any email with a COVID-19-related subject line, attachment, or hyperlink. Additionally, please advise your customers and staff to be very cautions with social media posts, texts, or calls related to COVID-19. As more and more people practice Social Distancing and/or Self-Quarantine, the use of digital means to conduct business will increase accordingly. Because of this, extra caution is warranted!
CISA Issued guidance for “Risk Management for Novel Coronavirus (COVID-19),” outlining physical, supply chain, and cybersecurity issues that may arise from the spread of COVID-19. As organizations explore various alternate workplace options in response to COVID-19, CISA recommends examining the security of information technology systems by taking the following steps:
Secure systems that enable remote access.
Ensure Virtual Private Network and other remote access systems are fully patched.
Enhance system monitoring to receive early detection and alerts on abnormal activity.
Implement multi-factor authentication.
Ensure all machines have properly configured firewalls, as well as anti-malware and intrusion prevention software installed.oTest remote access solutions capacity, and increase capacity, as necessary.
Ensure continuity of operations plans or business continuity plans are current.
Increase awareness of information technology support mechanisms for employees who work remotely.
Update incident response plans to consider workforce changes in a distributed environment.
The document also provides recommendations for infrastructure protection and managing supply chain risks.
Thank you for being our customer and know that your bank is here for you!
Thank you to Bank Rate, Inc. for the following information!
The novel coronavirus is causing more than just physical harm to some people. It’s also inflicting severe financial harm, as scammers try to bilk the well-intentioned or uninformed of their cash.
“This is a prime opportunity for hackers to exploit fear, isolation and uncertainty for their own gain,” says Tom Kellermann, head cybersecurity strategist at VMware’s Carbon Black.
Coronavirus scams come in many forms, but the upshot of all of them is that they want your money, or your information so they can get to your money. Even if – and maybe more so – you’re trying to help out those who have been hurt by the coronavirus, you’re not immune from these scammers, who are looking for any possibility to trick you into revealing your personal financial details.
Below are three common scams that are being reported, and some tips for how you can avoid getting caught up in them.
3 coronavirus scams to avoid
Many scams can be separated into three large areas, depending on the appeal they make.
1. Watch out for scammy websites
Fraudulent websites can come in a variety of types, but a couple major ones include the following:
- IT-themed sites that purport to help you work remotely.
- Coronavirus-themed sites that purport to track the disease or help the afflicted.
Naturally, having an effective internet connection is vital to doing your remote work effectively, and scammers have become sophisticated enough to target those who are working at home.
“The problem is that scammers are tracking which companies are requiring their employees to work from home and jumping on the chance to trick those employees into giving up information and downloading malware by posing as IT helpdesk agents,” says Attila Tomaschek, a researcher at ProPrivacy, a network security firm.
“Company websites often include contact information for their employees, so scammers usually have no issues making direct contact with their potential victims,” says Tomaschek. “A scammer can send an email requesting you to download a file or click on a link for information on how to access the corporate network.”
Tomaschek details other scenarios where a scammer may get on the phone with a victim and request remote access to help with a setup. And it’s not just for IT either.
“We have seen multiple phishing scams where attackers are sending false information about healthcare, sick leave, and HR policies and encouraging people to click on links in order to hijack their computers,” says Annie Klomhaus, COO of Yonder, an AI software company that identifies disinformation.
The end goal: your sensitive data or that of your company.
Fake coronavirus sites are another problem. They’re 50 percent more likely to be fraudulent than a regular site, says Check Point Software Technologies, as scammers try to take advantage of interest and fear surrounding the infection.
For example, scammers have targeted popular maps tracking the infection rates with malware asking a viewer to download software that then potentially compromises your computer.
“Johns Hopkins’ popular COVID-19 dashboard has been a go-to source for people who want to stay up to date on the virus,” says Penny Crosman, an executive editor at American Banker.
But fraudsters have developed a program that produces a map that looks like the legitimate one. “The software has embedded malware,” says Crosman, “that steals usernames, passwords, credit card numbers and other data stored in the user’s browser.”
Spoof donation sites are also taking advantage of the kind-hearted who want to help victims. The fake donation sites may put malware on your computer or intercept your credit card details.
“If you send money through a fake donation site, not only will your donation go directly to a criminal, but you are seriously putting yourself at risk of compromising highly sensitive personal and financial data,” says Tomaschek.
2. Steer clear of products that claim to prevent the disease
Another way scammers will try to bilk you is by promising to sell you a preventative measure or cure for COVID-19. You might receive an email offering one or the other, but it’s likely a phishing scam designed to steal your sensitive information and then rip you off.
“Reports of potential consumer and medical scams [are] abound in these trying times,” says Scott Grissom, chief product officer at LegalShield, a provider of privacy protection plans.
The Federal Trade Commission (FTC) warns consumers explicitly about such scams: “There currently are no vaccines, pills, potions, lotions, lozenges or other prescription or over-the-counter products available to treat or cure Coronavirus disease 2019 (COVID-19) – online or in stores.”
“Consumers should avoid products that specifically claim to be effective against the coronavirus,” says Grissom, warning that allegations of such a product “could be a red flag.”
Researchers are working feverishly to find an effective treatment, cure or vaccine. Should one become available, governmental authorities will notify the public.
“Any link you click on or any attachment you download in a phishing email will lead you to a phishing site or infect your device with malware designed to compromise your system and harvest sensitive data like your online account logins and passwords, credit card and bank account details,” says Tomaschek.
In addition, the FTC and the Food and Drug Administration have been working to get bogus cures off store shelves. They’ve issued warning letters to sellers of unapproved or mislabeled products that claim to treat the diseases, including teas, essential oils and colloidal silver.
One prominent online promoter of alleged remedies, conservative radio host Alex Jones, was issued a cease-and-desist letter from the New York attorney general last month.
3. Be on guard against “safe” or “guaranteed” investments
Scammers often promise higher-return investments that they say are safe, especially from the downturns in the market due to the coronavirus and the response to it. You need to be especially careful around such claims. Unless an adviser is putting your money in an FDIC-backed bank account, any promises of gains without the potential for loss are empty.
With the harrowing fall in markets over the past month, scammers are out in force, looking for those who are uninformed or who want to believe that there’s a safe and profitable investment option. Some may even be impersonating the FDIC and promising “no risk” investments.
The FDIC is warning people about scammers using its name for fraudulent purposes, and says that the agency does not send unsolicited mail asking for money or personal information. And it will never ask for personal financial details such as bank account information or credit card numbers.
A bank account from an FDIC-backed bank is the safest possible investment you can have in a crisis, since the money is guaranteed by the federal government, up to a limit of $250,000 per person per account type at each bank. While interest rates have dipped, you can still maximize your interest by selecting a bank account from among the nation’s highest-yielding accounts.
While some market-based investments are lower risk than others, if you have your money in the market – stocks, bonds or funds, for example – it can go down sometimes, exposing you to loss.
And if you’re in dire need of cash, for example, to make a mortgage or payment during this crisis, many lenders are willing to be more flexible and work with you right now. Many banks are also stepping up to waive fees and help consumers stay on track with their personal loans despite losses in income.
How consumers can stay protected from these scammers
“Unfortunately, COVID-19 scams will continue to spread as long as nefarious actors can profit from them,” says Klomhaus.
So that means consumers need to protect themselves as best as possible, and common sense is among the best defenses.
“If you telecommute, remember the same, usual precautions you use to protect sensitive data in the office also apply at home,” says Doug Graham, chief security officer, Lionbridge, an AI training data company.
“Be careful when visiting informational sites that could be fake copies of common sites,” he says. “Often, there are typographical errors in the domain name to make it look like the real site.”
“You should also be wary of anyone claiming to be a company helpdesk agent that is excessively pushy or unwilling to properly identify themselves,” says Tomaschek. “Instead of engaging with such an agent over the phone or through an email that just doesn’t seem right, email or call your corporate IT department directly to get the help you need.”
“Beyond hyper-awareness, people should be making sure their software is up to date on both home and work computers, using multi-factor authentication for signing in to any service, and use a virtual private network (VPN) to encrypt their data and keep their internet connection protected,” says Kellermann.
And if someone approaches you about an investment that seems too good to be true, then it usually is. There are no “get rich quick” investments that don’t involve substantial risk.
If you have doubts – or have met a pushy salesperson – contact a registered financial adviser that is a fiduciary paid by you. If it’s a scam, your adviser will be able to identify it and set you on the best course of action for your personal financial situation.
When the markets are roiling and you’re losing money and under pressure, it can be tough to think clearly – and that’s exactly what scammers are trying to prey upon.
“People are understandably concerned about their health and the lack of clear information out there can make us hungry to learn more from whatever source we can – which can make opening attachments or clicking on outbound links more tempting than usual — but everyone needs to remain mindful and stay smart,” says Graham.