The novel coronavirus—or COVID-19—pandemic has led to an unprecedented economic disruption at a global level.
Businesses around the world are being forced into telecommunication solutions by government orders, meaning many companies and organizations are seeing a sudden, rapid increase in the number of employees working from home.
However, this new normal has brought the same cybersecurity perils, and now more than ever, employees need to be vigilant of cyberattacks.
Why you're a target
Cyberattacks have always been a threat to businesses. Now that more employees are relying on telecommunication, the opportunity for scammers to strike has subsequently risen.
In other words, cyberattackers now see more victims to prey upon.
In March, the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) issued a warning urging organizations to "adopt a heightened state of cybersecurity when considering alternate workplace options for their employees," with government agencies noting a growing number of coronavirus-themed scams preying on people's fears and insecurities in regard to the pandemic.
Truly, nothing is beneath them.
What to look for
As mentioned, coronavirus-themed scams are designed to take advantage of people's worries.
Generally speaking, these scams will try to get the user to take some sort of action, such as getting them to click a link or download an attachment under the guise of providing information about the pandemic such as treatment or a cure (which does not yet exist).
Other scams may try to trick users into believing the messages are from an online shopping source, like Amazon or eBay, or a financial institution, like a bank or mortgage lender. These emails will try to get sensitive information like login credentials or credit card info.
What you can do
Just like any other phishing email, the key in these attacks is fooling users. But there are a number of precautions users can take to protect themselves and their data.
- Know the facts about COVID-19. As mentioned above, some emails will claim to have information about a vaccine that doesn't exist or will try to pose as an official source like the World Health Organization. Don't trust any unsolicited email trying to provide information about the pandemic. Instead, rely on official sources such as who.int, cdc.gov, or reputable media sources. If a message pretends to be one of these sources, make note of the sender's email address and make sure the domain matches the organization's official site.
- If you didn't ask for an attachment, don't open it. Unless you specifically requested an attachment, you should never open it. Don't trust any message that asks you to open a PDF or spreadsheet for more information. If you didn't ask for it, send it to the trash.
- If a stranger messages you, don't open it. Do you know who the sender is? Organizations like Amazon and eBay will never ask for your login credentials, and organizations like the WHO and the CDC will not email the general population en masse. If an unknown sender is trying to get you to take some action like opening an attachment or following a link, don't click anything. Just send the message straight to the trash.
- Use a strong, reputable antivirus/anti-malware app or software. Good cybersecurity software will help keep you alerted if something does go wrong. Of course, be sure to keep these programs updated, so they will keep their databases current to catch new threats. Outdated programs will fail to recognize them.
- Use a strong password. Your password is the first line of defense, so make sure it's a strong one. Too many users rely on weak, ineffective passwords that take only a short time for intruders to crack. Use a password-management tool to generate a strong password, or check your password with Dashlane's How Strong Is My Password? tool.
- Have a backup plan. What if something does go wrong? How will you move forward? Create a contingency plan just in case the worst comes to pass. Have an IT response team ready to locate the threat, neutralize it, and assess the damage. Find out exactly how cyberattackers got into your system and prevent it from happening again. Be ready to handle any negative responses you get from clients or the media. And of course, be proactive and protect your business with a cyber liability policy.
- Inform others. Make sure all your co-workers—as well as any friends and relatives—are aware of these threats. Some may not be so cyber-savvy, so make sure to inform others of these scams and offer a friendly reminder to guard their personal info.
Have scammers tried to trick you with a coronavirus-themed message? Let us know in the comments!