CYBER CRIME IS SPREADING
With the COVID-19 pandemic impacting the globe, opportunistic cyber criminals are leveraging our fear and need for information to gain access to individuals’ computers and personal information through phishing and other spoofing schemes. These major threats require risk mitigation, risk management and/or risk transfer strategies as the crisis unfolds.
STEP 1: Be Wary
About 90% of all cybercrime starts with an email. Check the sender’s address and be skeptical of anything that doesn’t look or feel right. If it doesn’t look right don’t open it. “When in doubt, delete it out.”
Scammers will monitor personal news: births, deaths, new homes and more, and then send fake invoices for payment. For example, after finding a widow on the Internet, scammers will pretend to be a collection agency calling about the recently deceased’s debts.
CHARITABLE DONATIONS SCAMS
Beware of requests for money immediately after a disaster. Scammers set up fake websites with names similar to real charities and solicit donations.
Scammers will set up seminars or websites where they suggest investing in specific funds or unusual assets has made them rich.
With so much information available online – through social media or online dating apps – scammers may be using blackmail or personal scams in addition to just economic scams.
SMALL BUSINESS SCAMS
About half of all small businesses experience a cyberattack because they generally have a moderate amount of data and often have minimal cybersecurity.
COVID-19 RELATED PHONE SCAMS AND PHISHING ATTACKS
It is being reported that callers claiming to be representatives of the Center for Disease control and Prevention (CDC) are beginning to surface. These calls are scams. Be wry of answering the phone from numbers you do not recognize.
Malicious cyber criminals are also attempting to leverage interest and activity in COVID-19 to launch coronavirus-themed phishing emails. These phishing emails contain links and downloads for malware that can allow them to takeover healthcare IT systems and steal information.
STEP 2: Do These Ten Things NOW
- Do not provide personal/financial information in response to online/offline phone solicitations; never send money without a phone call and verification.
- https: websites that begin with https (as opposed to just http) have a layer of encryption called the secure sockets layer, or SSL. Never enter your credit card information or other sensitive data into a site without the “s.”
- “Remember password” functions should always be turned off on your computer. Never auto-save your user name and password information.
- Do not access financial or other accounts from mobile devices or through public Wi-Fi. financial transactions should only be conducted on a trusted virtual private network or VPN.
- Disable all “smart home” devices with recording capability when discussing confidential matters. Especially voice activated “smart speakers” such as Alexa, etc.
- Keep computer software up to date, including firmware on routers and modems.
- Install antivirus/malware software like Norton, McAfee or Total AV on all devices (even your Apple computers and mobile devices).
- Ensure home wi-fi networks are secure – use WPA2 or WPA3 security and a unique password (call your internet provider if you are not sure what you have).
- Enable security features on any devices and /or websites – PINs, fingerprint authentications, facial recognition or other multi factor authentication.
- Use password management systems such as Last Pass or Keeper to protect your credentials. These secure websites will help you better manage your user names and passwords. Passwords should be a minimum of 12 characters and contain a misture or upper- and lower-case letters, numbers and symbols.