Avoiding COVID Cybersecurity Scams

Whether trying to reach you through personal or professional channels, scammers are everywhere, and they’re even more keen to strike amid the COVID-19 pandemic. When causing chaos is the name of the game, an unexpected transition to remote work provides the ideal environment for malicious actors to make an attempt on your information.

Just in the last month, cyberattackers have weaponized the spread of misinformation and public anxiety. Malicious messages have popped up in the form of emails impersonating the NHS, WHO, and other expert medical organizations; text messages in the United Kingdom allegedly sent by “GOV.UK” promising tax refunds; and memos advertising protective masks and hand sanitizer from false websites.

In the last few weeks, we’ve discussed the motivations behind an uptick in cyberattacks, how to secure your remote work environment, and why now more than ever, communication is key. This week, it’s time to review the most common scams in the COVID crisis, and how to keep an eye out for them.

Just Too Good to Be True

A wide variety of social disruptions means an even wider variety of cyber threats to address. Most recently, hackers have made use of phishing emails to imitate health officials or federal authorities with advice on how to stay safe during the pandemic; in reality, they’re attempting to attain sensitive personal data or trick their victims into downloading malware.

Some of these emails may look sophisticated, but phishing scams always have a giveaway. Suspicious email addresses, spelling errors, or requests for money are common characteristics of a scam. And if you receive a supposed contact from a federal or state organization providing guidance on how to respond to COVID, it’s always better to go directly to the organization’s official website rather than clicking on links.

Cybercriminals have also set up fake websites that advertise false remedies or medical supplies to fight the virus, preying on consumer anxiety to obtain bank details or install malware on their computer.

As with phishing scams, fake websites often have suspicious or over-complicated URLs and spelling, grammar, or design errors. The chances are also fair that if a site is seemingly offering “miracle” health solutions and high-demand products at low prices, it’s probably a scam.

Two of the more innovative scams out there include COVID apps and tracking maps. The apps claim to have the ability to track the spread of the virus in your area, when in reality they install malware onto your device and take control of it. There are no official apps that have this functionality. Those that claim to are probably malicious.

Similarly, the COVID maps are usually circulated on social media or through email, supposedly highlighting all of the cases in your area. Cybercriminals embed malware in the image that can steal your personal data, login credentials, and other sensitive information—so think twice before you click!

Maintaining Vigilance

In these turbulent times, it’s understandable to miss the signs of a scam. Cybercriminals are counting on you to be unprepared and unprotected, and in today’s world, it’s important to take the proper security measures and prove them wrong.

With our Fully Remote Audit, you’ll experience a variety of processes, tools, and evaluations that ensure the same rigor and quality we deliver in our on-site audits, with a decade of successful implementation. 

And with a Free Remote Worker Risk Assessment offered throughout the COVID-19 pandemic as part of your IT Security Assessment, you’ll learn how to address remote workplace vulnerabilities with full coverage of vulnerable technical aspects, as well as all relevant personnel, policies, and procedures.

For more information, contact us today.

Posted in BAI Security Blog, Malware, Security Risks and tagged , , , , , .