There is no rest for the weary. As business owners and employees trying to work remotely worry about connectivity and business continuity, cybercriminals are hard at work capitalizing on fears with phishing emails that are designed to steal information and money. Concern is so high that the FBI, Secret Service, and World Health Organization have all recently issued warnings.
As the number of people working from home increases, cybercriminals are standing by trying to find security loopholes and gain access to your employee’s devices, and your company information and computer systems.
To combat this, you want to train your staff to really screen their emails and notify them to be careful not to click on links offering Coronavirus Tips or other outbreak information unless you are certain of where it has come from and you know it is safe to open.
Many of the bogus emails will often appear to be sent by WHO or the CDC and will announce they have new information on the virus, or the availability of a vaccine, or they are collecting for a charity to help COVID-19 victims. Don’t fall for this. Instead, visit respected sites like the CDC and the WHO directly for updates to find out the latest information.
It is important to realize that when we are stressed, distracted, concerned, or afraid we may be anxious to get more information, and we may not take the same precautions when looking for that information. Understand that at this moment in time, we are all feeling a bit vulnerable, so put proper protocols in place for how you will research and access the information that you need and avoid turning into a “click” happy consumer of information.
Making matters more difficult, there are many companies that are sharing legitimate information as it relates to COVID-19, school closures, remote work arrangements, etc. and these “safe” emails are co-mingling with malicious emails seamlessly. As a consumer, you need to be hyper vigilant and use common sense before clicking on any email, even ones that look pretty convincing.
In the example above, this email appears to have come from the CDC and it even gives a warning to not click or open attachments, and then it gives you an attachment to click on. Once you do, any number of things can happen, but primarily this can open the door to cybercriminals who will start to try to identify your captured log-ins and passwords.
Not all the emails seek credentials, though. Some just distribute malware which unknowingly opens the door to download malicious software onto your computer. These types of downloads are capable of watching and monitoring all the activity on your device including any log in or sensitive information and if you are connected to a business network? Jackpot for the hacker.Gaining access to your corporate computer system is one of the cybercriminal’s chief goals. To avoid getting scammed we suggest:
1) Slow down and think before you click. If something doesn’t seem right about an email, just delete it—ideally before you open it. You’re better off not taking the risk.
2) Examine links by hovering your mouse over them to examine the full address, looking for misspellings or suspicious domains. If something in the URL is misspelled, it is fair to say it will lead to a fake site. The same goes for something like “gmail.net” instead of “.com,” or an international domain such as “.ru.”
3) Security experts have noticed an increased amount of successful malware attacks against cell phones, compared to computers. Remember to be vigilant no matter which device you are working from.
4) You can’t assume that a website is safe simply because it starts with “https.” This only means that the connection is secure between you and the site, not that the site itself is a good idea to connect with.
5) Attachments are not your friend. They can contain malware. Also, don’t type confidential info into a form that is attached to an email.
6) Your financial info should be under lock and key at all times. Be suspicious of any email that asks for an account number, credit card number, or transactional information. This should be a serious red flag.
7) Auto updates are always a good thing. For your computer, for your phone, your tablet, etc. These updates can improve your device’s chances of stopping malware.
8) Make sure you have some decent security tools like a robust antivirus program and make sure you are up to date. These tools can help but they can’t stop you from clicking on something you shouldn’t. It’s sad but it’s true that during difficult and stressful times, cybercriminals find ways to capitalize on our weaknesses. Knowing what to look out for will go a long way to keep you, your employees, your information, and your company safer from hackers.
If you need help, give us a call.