Cybercriminals are opportunist predators and right now they are exploiting fears and concerns about COVID-19 in order to get people to click on links, open attachments, or give away confidential information in response to a message that is delivered in an email. This hacker tactic, called phishing, is tempting people with cures to the coronavirus, expedited stimulus checks and opportunities to donate to charities. Some people are taking the bait.
Think Before You Click
Most people know how to spot a spam or fake message. However, many phishing scams appear to come from legitimate sources. The coronavirus phishing scams could appear to come from government organizations like the CDC, well-known nonprofits, hospitals, banks and even NetFlix.
Despite the use of spam filters, you’ve probably seen a few phishing scams get through to your inbox over the years. Typical examples include fraud alerts, missed payment notifications or requests to update accounts. These aren’t out of the ordinary but instill a sense of urgency that entices the recipient to take action.
Targeted Spear Phishing
Spear phishing scams take the deception a step further by targeting and personalizing messages using the recipient's name or other personal details to appear more legitimate. Other common forms of phishing include Whaling or CEO fraud (targeting top executives), Spear Phishing, and Pharming.
Opening a phishing message or clicking on any of its links can result in exploited information and infection of the computer creating immediate risk exposure for you and the company you work for.
If you happen to fall victim to a phishing scam here’s what to do next:
Notify IT Support
First, disconnect your computer from the internet and let IT support know what happened. They’ll probably want to run a complete scan of your system.
Do not do anything else on the computer until the scan is complete and IT gives you the green light. If the program picks up on any suspicious files or applications, IT will take care of cleaning and restoring your device.
Change your Credentials
Malware may be used as a vehicle to harvest personal data including usernames and passwords. Make sure to change credentials especially on sensitive sites used for banking, email, social medial or anywhere that stores personal data. Don't forget your web-based software platforms that you use for work which may store sensitive company information.
Furthermore, do not use the same username and password for all online accounts. This only makes it easier for hackers and will only increase the impact of identity theft.
Set Up Fraud Alerts
If the scam compromised your banking information, contact one or all three of the major credit bureaus (Equifax, Experian and TransUnion) to set up a fraud alert for the next 90 days. This will help prevent a successful hacker from using your identity or opening accounts in your name. A more prudent step is to freeze credit lines until needed. This requires going through all three bureaus.
Check Accounts Regularly
Setting up automated fraud alerts will help protect you from further damage caused by the phishing scam however, more often than not individuals detect fraudulent activity by diligently checking their own accounts. Financial, email and social media accounts become especially vulnerable after a phishing attack.
Increase Cybersecurity Awareness Training
You can be careful and still become the victim of a phishing scam, but knowledge and practice will increase your success at recognizing a potential attack. Once a year security training is not sufficient to teach secure behavior and keep it top of mind. Get started with ongoing security training that includes simulated phishing tests to help employees become less likely to become victims.
Proceed with Caution
The digital age allows for unprecedented levels of convenience and ease of communication. However, it also increases vulnerabilities to scams and theft. It is best practice to always err on the side of caution and to simply delete emails that seem off.
Even if you do not fall victim to a phishing scam or hack, regularly update passwords and credentials just to play it safe.
Are You SURE You're Secure?
You might not realize that you have gaps in your security strategy until it's too late. The first step towards security peace of mind is to get a security assessment and an honest opinion on how you're managing risk. Get in touch to schedule a meeting.