Every year, the holiday season proves to be the busiest couple of months for essentially everyone, even for cybercriminals and their online shopping scams.
In fact, we could say “especially for cybercriminals.”
Thanks to online shopping trends, an annual spike in online activity between November and December presents a field day during which scammers can do their thing. That’s a habit that’s only likely to stick around (and/or increase) as more people opt out of fighting crowds in favor of one-tap couch couponing.
So, before you fire up your preferred browser, open up all those tabs, and cash in on all those great deals, take note of these online shopping scams that you should be on the lookout for.
Fake Sites
Phony websites that are built to mimic big, well-known brands are a common sight around Christmas time. On these fraudulent websites, you’ll find low prices, unrealistic promises, and unbelievable deals that are often too good to be true.
As it turns out, it’s because they are.
Instead of big savings, you’ll find yourself in big trouble when you fall for this deceptive front for malware, phishing, and other malicious cyberattacks. The best way to tell whether or not you’re on a fake page or the real thing? Fake ones are typically riddled with popup ads, misspelled words and links, sloppy design, and unusual, overreaching information requests.
Phishing
Deal-related promotion emails are a common sight for anyone with an email address in 2021, especially around the holidays. This clutter of messaging presents the perfect opportunity for scammers to sneak their way into your inbox. Scam filters don’t always catch them, though, so the need to be extra vigilant when it comes to which emails you open and read is extra crucial. Red flags for holiday sale-related phishing emails include:
Fake Digital Ads
Pop-ups. We’ve all seen them, and they’re still around today. While some of them are trustworthy, many of the ones you see while shopping for everything on your wish lists are bound to include what you’ll find on a fake site that’s likely hiding behind the link on them. Remember: anything that features an unrealistic price, misspelled links or words, or suspicious branding/design should be avoided.
Online shopping should be convenient without putting you at risk of your financial info being stolen. Taking advantage of something popular and in-demand during a high-traffic time of year is classic cybercriminal behavior, and these online shopping scams are shining examples.
Do you want some help training your team on how to better recognize behavior like this during the holidays and beyond?
Email scanners are an important piece of technology used to automatically detect and reroute potential threats (like a phishing attack) that attempt to infiltrate your inbox from unknown and/or suspicious sources. If you’ve ever had to “check your spam folder or quarantine” after a trusted source has sent you a message, that’s an example of an email scanner doing its job… and doing it well!
But as always, cybercriminals are always working to stay one step ahead of the measures put between them and their goal. Your trusted email scanners are no different.
You don’t want to fall victim to a phishing attack that looks like it belongs with the other meeting invites, newsletters, and company updates in your inbox. So, if a cybercriminal does end up making it past your email’s security protocols, here are a few things to be wary of.
Simply put, a phishing attack is designed simply to trick. And sometimes, even the sophisticated technology designed to resist these tricks falls for them, too. And when the technology fails, it’s on the user to ensure that the cybercriminal’s last intended step is not followed through.The only way to guarantee that involves a combination of the most effective cybersecurity technology and modern cybersecurity awareness training for those who interact with it. We can help with both. Click here to learn how Blue Layer can protect your business and your employees.
You don’t have to look far to see that interest in bitcoin is on the rise and in the news more and more every day. All this talk of “wallets,” “meme coins,” and “mining” is sure to have caught your attention at one point or another, leading you to wonder whether or not it’s worth a second look.
Of all the cryptocurrencies being talked about today, Bitcoin (BTC) is the one you’ve likely heard the most about, thanks to its accessibility and the groundbreaking headlines it’s made in recent months. Unfortunately, the hype surrounding it has also caught the attention of cybercriminals, and they haven’t hesitated to capitalize on it—even for a moment.
Since cryptocurrency is still considered to be in its infancy stages, there’s a lot of mystery and misinformation surrounding the growth of this decentralized asset. This can make it difficult for newcomers to discern fact from fiction on something that can already be a challenge to understand, so we’re here to help you clear the air and make only the smartest and safest decisions regarding where your money goes.
While BTC is something worth looking into, it’s not something worth ditching your cybersecurity due diligence for. Here are some common phishing attacks to look out for while adding to your new crypto wallet.
Suspicious Log-In Emails
This is a classic phishing strategy that uses a fake email alerting users of a suspicious sign-in attempt to their wallet. Emails like these will appear to be from reputable Bitcoin-related websites and ask for users to click on a malicious link that will prompt them to enter their private login information. Once this information is provided, the cybercriminals on the other end will have access to the user’s account, giving them the ability to empty their wallet.
Phishing campaigns like these are known for using popular social engineering tactics to make their attempts look as legitimate as possible, and it’s working. One report found that the click-through rates on Bitcoin phishing emails are higher than that of other phishing scams.
Sextortion Emails
Instead of asking for login credentials, BTC sextortion emails claim to have evidence of a users’ browsing history to blackmail them into providing payment in the form of Bitcoin wallet deposits. Beware: sometimes, these cybercriminals do research on their intended victims to increase their chances of eliciting the response they want. Don’t fall for this common social engineering tactic!
Google Docs Scams
This is another scam that exploits the Google Doc functionality that many of us know and use every day to trick BTC miners into giving up thousands of dollars worth of crypto. First, users receive an email notifying them that they have been mentioned in a Google Doc by a familiar party informing them that hard-to-come-by mining equipment has become available for a limited time. Then, after the provided link is clicked, they are led to a very convincing website that offers rare equipment in exchange for Bitcoin. Of course, this page is fake, and once payment is processed, funds are lost.While this particular incident targeted miners and not the everyday investor, it should still be noted that scams like these exist and are becoming increasingly convincing. Click here for a more detailed look at how this scam works.
Outdated Bitcoin Wallet Software Exploitation
When a software update is released for any platform, it can often include important security measures that are put in place to thwart cybercriminals from exploiting vulnerabilities that might have been identified in earlier versions. One scam like this found a user supplying their login credentials to a malicious source to the tune of roughly $16 million.
The lesson? Always be wary of credential requests and always use the most up-to-date software.
As cryptocurrency continues to grow, we can only expect attempted attacks on investors to do the same. Always stay on your guard and practice smart cybersecurity habits whenever interacting with technology, especially when it comes to something that you may be new to and especially when it involves your hard-earned money.
Do you have questions about what smart cybersecurity habits look like? Just looking for some help making sense of it all? Click here to learn how Blue Layer can protect your business and your employees.
Does your organization use Google Docs to accomplish work? Do you frequently send and receive documents to and from people outside of your organization? If you answered “yes,” then you might be at risk for another new phishing scam that exploits another familiar tool that your team is accustomed to working with every single day.
Recently, cybercriminals have been producing malicious phishing websites that look identical to the Google login page that we’re all very familiar with and hiding them behind false, yet convincing, invitation emails and landing pages.
Here’s how it works.
First, a person might receive an email from what they believe to be a trusted source directing them to a Google Docs link that looks like the ones you’ve received countless times before.
After clicking the link, they are directed to a custom HTML page that looks like another familiar Google Docs share page. That page will lead the person to “Click here to download the document” to which they think they are receiving access.
Once that second link is clicked, they will be directed to a login page that has been made to look like the Google login portal. However, it’s here that they will find the actual malicious site where their credentials are to be compromised.
Get a more in-depth look at these types of attacks and how they are created here: Attackers Take Advantage of New Google Docs Exploit
This is another prime example of how phishing targets users by exploiting their trust in a source that would otherwise be trustworthy. Attacks like these prove all tools (even the ones that you think are the most secure) can be made a target and that we should always assume cybercriminals can compromise anything in the absence of our constant vigilance.
Do you want to make your team’s vigilant ability to recognize bad content razor-sharp? Add awareness training to your cybersecurity mix, and you’ve got a team that can’t be fooled, no matter how convincing the phishing attacks that they encounter might be.
It never fails: just when you feel like you have a grasp on current cybercrime trends, hackers are already coming up with something new that you have to worry about protecting yourself from and educating your employees about. This week, we’re talking about vendor email compromise (VEC).
What is a vendor email compromise?
VEC is a type of business email compromise (BEC) that goes after a company’s critical supply line information instead of targeting the employees themselves, as we see with things like CEO fraud.
What is the result of a successful vendor email compromise?
Tremendous cost, according to KnowBe4. The average cost of a VEC attack? A whopping $183k! Not to mention compromised vendor information and business financial details.
Is your business at risk?
According to the same linked article from KnowBe4, the chances of getting hit during any given week have increased by over 80% between Q3 of 2020 and January of this year. That’s a giant leap in a small amount of time, meaning that your entire team should always be as vigilant as possible.
Unfortunately, cybercriminals will never stop working on new ways to make something appear to be what it is not. It doesn’t help when they are particularly good at their job, making it harder and harder to combat them day-to-day. Especially when their attacks start to look like an email you might receive on a normal workday!
So, if your business works with vendors that sound like they could be vulnerable to the attack that we’ve described, then you should pursue cybersecurity awareness training for all of your employees that work directly with financial transactions. It will help them understand the scams they’re up against and how to avoid falling into the traps set in front of them.
Click here to learn how Blue Layer can help protect your business today.
Try, for a moment, to remember a time before deepfakes—when technology had not yet allowed us some of the everyday conveniences that we enjoy today: when you could not order things and receive them the same day; when you could not have a face-to-face conversation with anyone, anywhere at the push of a button; and when verifying your identity in any other way than appearing in person was simply unfathomable.
Now, things are different.
Now, technology like video verification makes things like online banking (another phrase that meant nothing only 20 years ago) even more convenient, if you can believe it.
What is video verification?
Video verification is a technique used by businesses to verify the identity of customers attempting to access their account information, either with a video interview facilitated by the business itself or with customer-submitted photos or videos.
Sounds foolproof in theory, right? How could a cybercriminal possibly work around having to verify themselves in real-time on camera? Thanks to the evolution of deepfakes, it’s becoming more and more likely that they can… and will.
What are deepfakes?
In short, deepfakes are any media that is fabricated by AI or deep learning methods. More simply put, it’s a new and improved way for cybercriminals to trick their victims (businesses and individuals alike) into seeing what isn’t really there.
The most troubling form of media that the rise of deepfakes has manipulated is found in an example that indicates just how sophisticated this technology really can get: video deepfakes. According to KnowBe4, “Face swapping or puppeting is where the deepfake AI maps the face of the source images and generates a 3D face model based on the photos it is fed. The model maps out the features and then when fed a source video, it will map it over.”
See Deepfakes in Action: The Best (And Scariest) Examples Of AI-Enabled Deepfakes (Forbes)
What are the risks?
Recently, deepfakes have been used to spread hoaxes and other types of misinformation by recreating the likeness of popular opinion leaders and celebrities. Now, there’s a very real concern that they could be used to commit fraud in the form of duping the remote verification technology that helps to make our lives so convenient. This could result in sensitive information (such as bank account details, for example) being compromised without institutions even realizing that the customer whose identity they verified was not the customer at all.
It is important to note that this possibility is purely hypothetical, as no clear evidence has been found that indicates such incidents have occurred. Verifying the identity of a customer usually involves more than a single step. However, the FBI warns that it is only a matter of time before we start seeing these types of attacks emerge in the very near future.
So, if video verification deepfakes are inevitable, what can you do to counter them?
Blue Layer Protection and Training
Blue Layer lives on the frontlines of cyber defense, and we’re constantly on a vigilant lookout for innovation, both advantageous and malicious. We deploy the latest tools necessary for defending you, no matter how sophisticated the threats you’re facing might have become.
We make sure that those tools are put into the hands of those most qualified to deploy them by providing cybersecurity awareness training for your employees that updates as the industry does. Want to know what your employees need to know to look out for as deepfakes start to roll out into the world more frequently? The last thing we want is for you to be behind.
Click here to learn how Blue Layer can protect your business.
It might be difficult to remember a time before MFA when you didn’t have to receive a text or email code beyond a normal password to get access to your accounts. But once upon a time, logging in was as simple as 1.) identity 2.) password 3.) entry.
The evolution of technology has brought us many incredible things since those days. However, it’s also created a reality in which one-factor authentication can’t stand up to the threat that cybercrime poses.
Enter: multi-factor authentication, or MFA, for short.
What is MFA and how does it work?
Simply put, multi-factor authentication is a way that systems use multiple methods of making sure that you are who you say you are. Think of it as presenting two different forms of ID when filling out some type of application. This helps the organization confirm your identity by requiring you to supply something that only you know or possess.
When you need more than one method, that’s multi-factor authentication.
Why is MFA important?
MFA is a way to enhance a company’s security by making it more difficult for cybercriminals to gain access to locked information. When a password is all that’s required, and that password is compromised, their entry is granted. When more than one unique credential is required, however, it becomes much more difficult for cybercriminals to sidestep the security measures in place.
One example that many might be familiar with is phone or email MFA. After correctly entering your password, you will be prompted to decide between a unique code to be sent to your phone number or email on file. If you are the sole owner of that phone number or email address, then only you can receive that unique code, creating a wall between your information and cybercriminals that is much harder to penetrate.
How can MFA be hacked?
In recent years, many large companies like Facebook, Google, and Twitter have adopted MFA, confirming its overall effectiveness. However, it is important to note that no MFA tool is totally and completely impenetrable.
A few different ways that hackers can penetrate multi-factor authentication include, but are not limited to, the following:
An unfortunate reality that we all must face is that creativity and ingenuity are not lost on cybercriminals. The fortunate reality is, however, that it’s not lost on us, either.
How can I utilize MFA to protect my business?
There are many different facets to cybersecurity and cybersecurity awareness training, and MFA is one of the most important.
As a reliable technology partner, it’s our job to help your business identify all types of attacks that pose a potential threat to you, your employees, and the information systems that you’ve been tasked to protect. Social engineering attacks are one of the most common types of threats that we regularly see and help businesses mitigate, and are at the core of nearly every cyber attack.
“Social engineering” is a term that you’ve probably heard at one time or another, but what does it mean? More importantly, how can you be sure that what you’re spotting is social engineering, and how can you make sure your business doesn’t become its next victim?
Let’s break it down.
Simply put, social engineering attacks are a process by which cybercriminals (or “social engineers”) obtain control over some element of a computer system by manipulating, influencing, or deceiving its users.
Social engineering attacks target the individual user directly by taking advantage of a person’s inherently-human vulnerabilities. A person’s fear, trust, sympathy, greed, or indifference surrounding a subject all serve as perfect targets for a social engineer, especially when the subject in question is a particularly sensitive or timely one.
Some examples of a sensitive or timely subject that may be grounds for an attack include security compromise, fraud, COVID-19, or COVID-19 vaccine availability, just to name a few.
Here are some common examples of social engineering attacks.
Again, social engineering is designed to take advantage of what makes us human. The biggest red flags are elements of a potential attack that are clearly written or designed to fool someone or provoke an emotion. Here are some examples.
These are some of the most common ways to determine whether or not a message is legitimate. However, as social engineers become more and more clever, distinguishing malice from legitimate sources has become increasingly tricky, fooling even the most cautious users. So, if you’re supposed to be on the lookout for social engineering attacks but they’re continually changing shape, how can your business possibly stand a chance?
Social engineering is not something to be taken lightly, and safeguarding against it must be a constant team effort. So, if you want to equip yourself with the knowledge that enables you to identify even the most clever attack attempts and place barriers between you and those that might signal those attacks, you need a partner like Blue Layer.
Blue Layer is a team of professionals that is familiar with every angle of strong cybersecurity, meaning we know what it takes to handle something like social engineering.
Taking the path of least resistance when it comes to passwords is something we’re all guilty of. If they check all of the required boxes, are as uncomplicated as possible, and are memorable, then the chances are that’s what most of us are sticking with! But, will they pass the Weak Password Test? You can get results in as little as five minutes, and you might be surprised at how vulnerable your passwords are.
The fact is, passwords are the first layer of a business’s strong cyber defense, and getting too comfortable with easy ones can sometimes be to the detriment of that defense. Cyber attacks in 2021 will look like they never have before, and there are critical steps your team must take to have a chance at combating them. Strong passwords are the perfect place to start.
Here’s how your business can get back to a strong password strategy in the new year.
Private?
A password is yours and yours only. Never share your passwords with anyone and keep them safe.
Eight characters or more?
The longer, the better! A great hint is to use phrases for your passwords.
A combination of different characters?
The more complicated, the better, too. Strong passwords should be unpredictable and incorporate lowercase letters, capital letters, numbers, and special characters. Don’t worry about making them too complicated either — LastPass has your back.
Predictable?
When coming up with a new password or resetting existing ones, here are some things to avoid:
Unique?
Every credential you use should have a unique password. Too often, we reuse passwords across websites, applications, and workstations in the name of ease and efficiency. Unfortunately, criminals capitalize on this to compromise you and your organization. A password manager such as LastPass enables you to retain the ease and efficiency to login and simultaneously provides unique and complex passwords.
In theory, making a password easy to remember makes sense. But with a password manager in place to keep track of your sites and credentials, you have the freedom to make strong and unique passwords. Think of a password manager in the same respect as your Contact app on your phone. Every phone number is unique for all of your contacts, yet you do not have to remember every phone number for every contact. Simply click on what you need and easily accomplish what you need to do.
2020 came down on the cybersecurity community with an entirely new brand of attacks centered on the COVID-19 pandemic, giving us all an honest reminder of just how savvy cyber threats really can be.
So, if you’re worried about what your defenses look like in 2021, then it’s time to speak with an innovative leader like Blue Layer. We work with our clients to analyze their current cybersecurity situation and help them pinpoint areas to improve.Passwords are just a starting point! Click here to learn more about the services offered at Blue Layer.
Much in the same way that cybercriminals have targeted remote workers throughout this pandemic, they have also set their sights on other unsuspecting victims by various means. This time, the latest attacks have come in the form of malicious email campaigns concerning the newest coronavirus development: the COVID-19 vaccine.
You can always count on cybercriminals to take advantage of a situation, and this one (as sensitive and as serious as it is) is no different. Here’s how they’re doing it.
Shortly after the news of an approved COVID-19 vaccine began to circulate, phishing campaigns designed to exploit the uncertainty surrounding and limited access to the vaccine began spreading to unsuspecting inboxes everywhere. These malicious email campaigns featured misleading subject lines that promised the recipient access to limited vaccines, only to expose them to dangerous malware and remote access trojans (RAT) once opened.
As malicious as this social engineering scheme is, it’s not totally unpredictable. “Malicious actors had a field day back in March and April as the coronavirus washed over countries around the world. It was and still is the perfect tool for social engineering scared, confused, and even downright paranoid end users into opening the door to your organization’s network,” said our friends at KnowBe4. “Put very simply, this is pretty much what we expected.”
So, now that these phishing campaigns have arrived, what can you do?
Based on what we’ve seen, these phishing campaigns have been designed to take advantage of some of the most common questions about the uncertainties surrounding the COVID-19 vaccine, including:
So, when it comes to protecting your information from these attacks, be wary of content that comes from suspicious email addresses that use highly emotive language to direct you to hyperlinks that contain misspelled domain names or unfamiliar sites.
This is a hot button issue that will inevitably develop and evolve over the coming months, so constant vigilance is a must on all fronts. Encourage your team to stay aware, use their best judgment and remember that if an email promises something too good to be true, then it most likely is!
It may be a new year, but 2020’s issues haven’t hesitated to follow us around the corner, making vigilance just as important now as it was when the COVID-19 pandemic began. Keeping your team up to speed on cybersecurity awareness and best practices has never been more critical, and now is the time to act.
With phishing scams continuously evolving and becoming more and more clever, email remains the bad guys’ favorite tool to use when going after unsuspecting and unaware cyber victims. It’s an easy tool to protect with the right know-how, but even the slightest of slip-ups can turn an invaluable business tool into a costly vulnerability.
Here are some of the easiest ways to set your employees’ email security settings up for success in the upcoming new year and beyond.
Strong Passwords
First things first: strong, unique passwords are a must. The idea of a password may seem trivial, but in fact, prioritizing ease over function when it comes to them can be costly. Include a combination of numbers, symbols, capital letters and lowercase letters, and avoid including anything that is very closely related to you, including names of family members, friends, pets, etc. Once you have strong passwords, LastPass is the best option for protecting them.
Two-Factor Authentication
Think of two-factor authentication as an added layer of protection that’s even more personal and more difficult to work around. The first factor is the strong password that only you keep. The second is a unique one-time code that can be sent to your mobile phone or email or one that is generated only on your phone.
Email Whitelists and Blacklists
Whitelists and blacklists give you the power to decide who’s in and who’s out when it comes to those allowed access to your inbox through email. These lists can be set based on domain, email address, or an IP address or IP range.
Data Backups
Losing email data to cybercriminals costs time and money, neither of which your business can afford to lose. Always opt for third-party backup, even when it comes to cloud collaboration platforms like Office 365.
Virus, Ransomware, and Phishing Scanning
An Intrusion Prevention and Intrusion Detection System (IPS/IDS) is a network security tool that detects threats and prevents them from penetrating your email network. An IPS/IDS continually monitors your network traffic and incorporates rulesets that are refreshed daily to ensure protection from the latest, ever-evolving vulnerabilities, including exploits, viruses, rootkits, and more. IPS/IDS updates are issued to customers via the cloud, eliminating the need for manual staging or patching.
Email Security Settings, Cybersecurity, and Cybersecurity Awareness Training with Trained Professionals
Blue Layer provides a comprehensive suite of cybersecurity services for our clients that are designed to assess the state of their security, identify weaknesses and vulnerabilities within their systems, and implement the best possible solutions to curb those potential threats to their network.
One element of these services includes cybersecurity awareness training, which effectively works to turn employees into impenetrable human firewalls. So if you are unsure about the current state of your business’s email security settings or your team’s ability to mitigate potential threats, contact Blue Layer today. We can help your organization cultivate the type of cybersecurity-first culture that you will experience the benefit of in 2021.
Click here, and let’s get started together.
Cybercriminals’ Biggest Target: Working from Home
As a business owner who is continuously working to protect your most valuable information, you know firsthand just how important it is to prioritize effective cybersecurity. You also know how frequently the definition of what that looks like can change. And in a time when things seem to be changing at warp-speed on a day-to-day basis, that can be even harder to keep up with.
Cybercriminals are always looking for new ways to take advantage of vulnerabilities. What bigger vulnerability than those created by COVID-19? Workforces everywhere have made a massive shift toward working from home in the face of this year’s pandemic, and cybercriminals have shifted focus to meet them there.
Read more: COVID-19 Cybersecurity Scams to Look Out For
So, what can you do to ensure that your remote employees are as safe on the couch as they are in the office?
It all starts with unified communications.
Unified communications allow multiple business communication channels to work together under a controlled platform for increased efficiency for all users. Get connected, stay connected, and collaborate safely with the power, scalability, and flexibility that comes with unified communications.
Backup your data.
Online productivity apps are essential for off-site collaboration, but they are not totally impervious to disaster. Third-party backup adds an extra layer to your remote cybersecurity.
Learn more about backing up your data here: Why You Should Back Up Your Office 365 Data
Fortify your connection.
Security measures like Virtual Private Networks (VPNs) play an important role in bridging the home-to-office cybersecurity gap. Having a VPN establishes a secure connection directly to your office from wherever you set up shop. Exposed connections are a common vulnerability with most businesses, and VPNs make that gap air-tight.
Get familiar with new cybersecurity trends, and don’t forget what you’ve learned in the past.
This new switch toward a remote workforce model has made it more important than ever to pay close attention to online security trends and apply the cybersecurity awareness training you’ve had in the past. The villains who would threaten your security haven’t gone anywhere — they’re just wearing new masks. Blue Layer can give you all the tools you need to remove them.
Lean on a trusted IT partner for protection when working from home.
Cybersecurity moves fast, and it can be hard to keep up with an ever-changing landscape. Luckily for you, Blue Layer is on top of things. We help you stand firm against changing tides so that your employees and their information are protected, no matter where in the world they may be.
COVID-19 Cybersecurity Scams to Look Out For
As long as vulnerabilities in technology exist, you can count on scammers to take full advantage of them and as one might expect, the coronavirus outbreak has been no exception. The arrival of COVID-19 has sent cybercriminals into overdrive, taking advantage of the unprecedented levels of stress, fear, and uncertainty that we have all experienced.
A big target for these COVID-19 cybersecurity scams? Remote workers.
Working from home has introduced many Americans to a new sense of detachment and vulnerability due to the mixing of work and social environments. These environments provide a perfect space in which cybercriminals can plot attacks on workers’ most important information.
If you ask us, the numbers speak for themselves. Here’s a quick overview of some of the most popular COVID-19 cybersecurity scams that we’ve seen.
Brand Exploitation Phishing
In this scam, phishers pose as trusted brands to scam users into giving them an open gateway through which they can penetrate sensitive information and install malware on their devices. In this particular example, we see scammers posing as trusted agencies such as the Center for Disease Control and the World Health Organization.
Healthcare Phishing
Unfortunately, even those on the front lines of the pandemic aren’t safe from the cybersecurity threats that COVID-19 has inspired. Scammers posing as trusted organizations like the CDC and the WHO have taken advantage of the chaos that the coronavirus has caused by phishing for healthcare credentials through the use of fake surveys and seminars. Some have even attempted to go after the agencies themselves.
Phone Scams
In addition to malware, scammers have also used convincing audio to scam vulnerable people into providing personal health or financial information. How do they do it? By “offering testing kits, scaring you into getting your air conditioning ducts cleaned, posing as charity organizations raising money, and even pretending to be from the World Health Organization!” say our partners at KnowBe4.
Stimulus Check Scams
Scammers also have attempted to target the primary source of relief for many Americans during the pandemic: the economic stimulus checks provided by the government. In another effort to take advantage of the urgency surrounding COVID-19, scammers have sent unsolicited fraudulent emails that require the receiver to enter personal information for the false promise of receiving their check.
Fear Tactics
Another way that scammers have attempted to attack innocent people is by sending phishing emails that exploit the fear that their sensitive information may have been compromised. Some emails suggest that the receiver may be infected with the virus and that they should click on a malicious link to receive further information. Others use compromising information to falsely hold users hostage until they comply with the scammer’s demands, which usually come in the form of payment.
These are some of the most common COVID-19 cybersecurity scams that we have seen circulating and this trend is not a new one. As long as there is a crisis, you can expect cybercriminals to take full advantage of it to exploit the people that are most affected by it.
Thankfully, as long as threats exist, there is an effective way to ward them off. Cybersecurity awareness training helps your employees identify these types of threatening web content, giving them the tools they need to become your organization’s human firewall.