Protect your business from COVID-19 related cyber threats

10 tips to help your organization mitigate risk during emerging COVID-19 scams

Articles published April 1, 2020 by John York

As COVID-19 tightens its grip on the global community, businesses are beginning to feel its ripple effects. Unfortunately, the cybersecurity threats surrounding COVID-19 have spiraled out of control – affecting organizations both large and small.

As teams continue to transition into a work from home (WFH) status, these explicit dangers need to be communicated now more than ever. All employees carry a level of responsibility for information security and protecting business and personal assets. Threat adversaries are already leveraging opportunities to entice users to click, download, open attachments or visit unsafe websites.

Aureon’s network security team, as well as the information security community at large, observed an enormous growth in recent days of registered domain names and newly observed websites to target people. Leveraging tools to block these high-risk sites are essential to every organization’s security policies.

On March 21, 2020 the Department of Justice announced its first federal action to combat a COVID-19 related wire fraud against the operators of “coronavirusmedicalkit.com”. As the pandemic continues to unfold and our paradigm shifts, it is important that business leaders and staff understand the dangers and do not fall victim to misguided campaigns. Educating your teams of the emerging scams will protect you and your organization.

The following recommendations were released by the Department of Justice for all Americans to take caution to:

  • Independently verify the identity of any company, charity, or individual that contacts you regarding COVID-19.
  • Check the websites and email addresses offering information, products, or services related to COVID-19. Be aware that scammers often employ addresses that differ only slightly from those belonging to the entities they are impersonating.  For example, they might use “cdc.com” or “cdc.org” instead of “cdc.gov.” Check out our previous article on Five Ways to Identify a Phishing Attack.
  • Be wary of unsolicited emails offering information, supplies, or treatment for COVID-19 or requesting your personal information for medical purposes. Legitimate health authorities will not contact the general public this way.
  • Do not click on links or open email attachments from unknown or unverified sources. Doing so could download a virus onto your computer or device.
  • Make sure the anti-malware and anti-virus software on your computer is operating and up to date.
  • Ignore offers for a COVID-19 vaccine, cure, or treatment. Remember, if a vaccine becomes available, you won’t hear about it for the first time through an email, online ad, or unsolicited sales pitch.
  • Check online reviews of any company offering COVID-19 products or supplies. Avoid companies whose customers have complained about not receiving items.
  • Research any charities or crowdfunding sites soliciting donations in connection with COVID-19 before giving any donation. Remember, an organization may not be legitimate even if it uses words like “CDC” or “government” in its name or has reputable looking seals or logos on its materials.  For online resources on donating wisely, visit the Federal Trade Commission (FTC) website.
  • Be wary of any business, charity, or individual requesting payments or donations in cash, by wire transfer, gift card, or through the mail. Don’t send money through any of these channels.
  • Be cautious of “investment opportunities” tied to COVID-19, especially those based on claims that a small company’s products or services can help stop the virus. If you decide to invest, carefully research the investment beforehand.  For information on how to avoid investment fraud, visit the U.S. Securities and Exchange Commission (SEC) website.

Contact Aureon for additional guidance – our experts are eager to provide you additional support, especially during this unusual and challenging time. The public is also urged to report any fraudulent schemes related to COVID-19 directly to the National Center for Disaster Fraud (NCDF).  

As our communities become emotionally strained from fears and anxiety, cybercriminals continue to take advantage to exploit vulnerabilities to deliver their campaigns. Educating staff and implementing proper security controls will promote a safe and secure workplace as your team transitions to WFH for the duration of the COVID-19 pandemic.

Is your organization prepared for increased cyber threats? Aureon is ready to help you implement effective security solutions to keep your business connected and secure.

About The Author

John York

Passionate about Information Security, John York is a member of several InfoSec communities that include the InfraGard, the local ISSA Chapter, SecDSM, TOOOL, as well as a member of the Center of Internet Security (CIS). Formerly serving in the USN, he took on a support role implementing and main ... read more

See more by this author