At-Home Strategies To Combat Coronavirus Cyber Scams

What is a Phishing Email?

A phishing email is an email that lures the user in with the intent of doing harm. Typically, phishing emails are done with the goal of stealing private or sensitive information for a cost to the user. 

Coronavirus - An Opportunity for Criminals 

An unfortunate truth during this crisis is that crooks are exploiting Coronavirus as part of their phishing attacks, malware, and ransomware. According to Barracuda Networks, these attacks have grown from 1,188 in February, to 9,116 in March. That's a 667% increase in criminal activity. 

Here are the top scams to watch out for:

• Claims of a cure of Coronavirus

• Coronavirus updates from common companies with attachments

• Medical information not directly from trusted sources like the CDC and WHO

• Emails referencing FedEx, Paypal, WHO, or any banks

• Emails with your real passwords - no reputable company will ever send you your password because it is encrypted in their system. If you get this type of email, go directly to your account and change your password. 

• Text messages that prompt clicking a link, calling a phone number or installing an app

• IRS W-2, tax forms, or stimulus information

• Hospitality and travel related issues

• Lay off, furlough, or other employment related issues - contact your HR representative directly

• Anything capitalizing on fear

To avoid these scams, make sure to: 

• Look closely at email sender addresses

• Don’t click on links in emails – navigate to the site yourself

• Be cautious opening attachments from people you don’t know

• Be suspicious if the message has a sense of urgency

• Be suspicious of anyone asking for personal information, a credit card, or a money transfer

• Before sharing sensitive information or looking at national updates, make sure the websites are legitimate government sites (often ending in .gov or .mil). Also look out for the https:// which ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely

• Verify a charity's authenticity before making donations

 Download our Ultimate Guide to Phishing Simulations

How to Defend Yourself 

1. Implement an email filter/firewall.

2. Implement a Phishing Simulation to test your team. Cyber criminals are learning savvy ways to get past your email filters. There will always be emails that slip through the cracks. Building a human firewall is your first line of defense against these attacks. If weaknesses in your team are spotted, then those individuals will go through training to make sure they know what to spot.

   See more about Phishing Simulations. 

3. Implement a SOCaaS. Having a SOCaaS in place will be your top line of protection. It is continually monitored and threats to your system are spotted before damage is done.

   To ensure data and PII security, organizations that process financial transactions need a security operations center (SOC). A SOC centralizes the management of crucial security and risk management-related functions, including:

   • A comprehensive view of all log data via a central management console with security information and event management (SIEM)

   • Monitoring of network configurations, security controls and policy enforcement in order to verify ongoing compliance with PCI DSS, FFIEC, GLBA and other guidelines

   • Security alert triaging

   • Incident response

   See more about SOCaaS. 

In light of this increase in criminal activity, Calance is dedicated to putting some good back into the universe. For the remainder of the quarantine, we have freed up our experts and are offering 30 minutes of FREE security consultation. We are also offering Phishing Simulations to test your employees' recognition of these threats.