Coronavirus cyber scams are thriving – here’s how to avoid them
In the weeks since the COVID-19 pandemic hit, we’ve seen communities mobilize like never before. Organizations big and small are working around the clock to ensure that medical facilities, small businesses, and vulnerable populations have the resources they need to weather this storm.
A global crisis can bring out the best in people. Unfortunately, it also brings out the worst in cybercriminals.
Hackers and phishers are taking advantage of the COVID-19 pandemic by churning out fraudulent emails, text messages, and robocalls that trick consumers into clicking on malicious links or opening attachments in order to steal personal information or money. These scams capitalize on fears around the disease, claiming to offer information, vaccines, or information about government assistance. They may even pose as a charitable organization raising money for victims.
Now more than ever, it’s important to stay vigilant and protect yourself and your business from cybercrime. Here’s how:
Think before you click
Before opening, responding to, or clicking a link within an email, ask yourself these questions: Is this email expected or from a known sender? Does it use urgent language or time-sensitive offers? Does it contain attachments? These are often clues that the message is a scam.
Ignore texts, emails or calls about vaccinations or government checks
According to the Federal Trade Commission, there are no products proven to treat or prevent COVID-19 at this time, and you do not need to sign up or provide information in order to receive government assistance as long as you filed your 2018 and/or 2019 tax return.
Don’t rely on your email’s spam filter
Phishers are often one step ahead of your email provider, figuring out how to trick content filters by posing as reputable senders, sending multiple emails, and even swapping out alphanumeric characters (think: the number one instead of the letter “l”). Remember: your judgement is the first line of defense.
Perfect your passwords
Using a strong password is always essential to protecting yourself online, and it’s a good time to check in on yours to make sure they’re as bulletproof as possible. TheNational Institute of Standards and Technology (NIST) advises that you choose the longest most complex password permissible on a website or application. Make your password more complex—but still memorable for you—by substituting @ for the letter “a,” or an exclamation point in place of the letters “l” or “i.” Also, avoid using the same login and password for multiple accounts.
Use multi-factor authentication
The national cybersecurity site, NICCS, recommends the use of multi-factor authentication (MFA) to ensure that the only person who has access to your account is you. MFA requires two or three types of credentials to authenticate your identity. These credentials can be something you know (a password or pin), something you have (a security hardware token, a code delivered by phone or by text), or a unique aspect of who you are (a fingerprint, voice recognition or facial recognition). We require that all of our Abacus Private Cloud customers implement MFA because it is a low-impact way to exponentially improve security.
Make staff education a priority
Keep your remote workforce up to date on COVID-19 related scams, reminding them of security best practices and how to stay extra vigilant during this time. Some helpful references include Threats Abound: How to Protect Your Remote Workforce and our Ransomware Checklist.
Do good, but be smart about it
We all want to help those in need during this critical time. Do your homework to make sure you know where your money is going. The FTC provides great advice on avoiding charity scams, and organizations like BBB Wise Giving Alliance and Charity Navigator can help you with your research.
Stay safe while you #stayinside, and remember to reach out to our team of experts with your security questions and concerns during this uncertain time.