Just when we thought our COVID-19 anxieties couldn’t reach a higher peak, cybercriminals are actively exploiting the pandemic using a variety of new scams.
And it’s no surprise. With uncertainties running high and a workforce collaborating online and working remotely, unfortunately it’s an ideal scenario for cyber attacks.
For busy IT professionals already dealing with a surge of remote workers, this makes it even more challenging to enforce safe computing habits and close potential security gaps.
From fake tweets and phishing emails promising new insights into the virus, even cures, to counterfeit medical supplies or assistance funds, attackers are trying anything possible to encourage clicks, website visits, and downloads. In fact, data shows a 350% increase in phishing websites since the outbreak. Designed to steal personal and financial credentials, these malicious websites are offering everything from free Netflix subscriptions and safety masks to financial donations.
In the U.S., the Federal Bureau of Investigation (FBI) issued a recent public service announcement, warning of a rise in new attacks. The UK’s National Cyber Security Centre (NCSC) has also warned that attacks could increase and stepped up efforts to remove malicious phishing websites. CERT France, the French national government computer security incident response team, issued a warning about a new ransomware gang targeting local governments using a version of the Mespinoza ransomware strain, also known as Pysa ransomware.
Moving business forward, safely and securely, has become the cybersecurity challenge of the day.
Let’s take a look at a few of these cyber crime scams and ways to prevent attacks.
Stay alert for these COVID-19 cyber scams
Industry-targeted attacks: A far cry from the earlier promise by ransomware attackers to stay hands-off the healthcare industry until the crisis resolves, cybercriminals are once again targeting this sector as well as specific vertical markets. The scams play to the potential need for COVID-19 tips or support that are vital to businesses and organizations. In addition to healthcare — medical testing facilities, manufacturers and suppliers, financial services companies, higher education, and public service agencies have been front and center in these attacks.
Remote-worker scams: Since COVID-19’s outbreak, more people than ever before are working remotely to stay safely isolated — in fact, one survey showed 85% of companies say at least 50% of their employees are now remote. Unfortunately, this presents new targets for scams and attacks on employees spending much more time working and collaborating online.
You can read about these and other COVID-19 scams in our recent Avast blog.
Tips to keep your employees and customers safe
While the volume of COVID-19 scams and attacks, can cause even the most seasoned IT pro to feel overwhelmed. Never give up on educating users. Recognizing phishing tricks and fake websites are a key defense in preventing cyber attacks.
Here are a few best practices to share:
Never click on links in unknown emails or open unfamiliar attachments. Typos and misspelled emails or unfamiliar email addresses are a few signs of scams. Even if you know the sender, always check its legitimacy first.
For COVID-19 updates and news, be sure to check your sources and only refer to those with a good reputation for accuracy and verifiable facts.
Avoid downloading and installing any software or apps specifically related to coronavirus (or any current news cycle topic).
Always check website links for strange typos, added numbers, or anything that doesn’t seem right.
Think about how the information is being shared with you. Facebook posts, WhatsApp charts and Tweets can be written and doctored by just about anyone.
Be aware of urgent requests for action or information, typos and misspelled emails, unfamiliar email addresses.
Learning to recognize scams and phishing attempts will help you stay one step ahead of attackers. Check out these Avast tips below: