To say that 2020 has been an eventful year is obviously an understatement. The ripples of COVID-19 have disrupted personal and professional lives across the United States and beyond. Social distancing measures forced companies and their employees to work from home, relying on mobile technology capabilities to stay productive.
This sudden increased dependence on technology due to the pandemic sped up several existing trends, which has led to increased cybercriminal activity. McKinsey & Company recently stated, “We have vaulted five years forward in consumer and business digital adoption in a matter of eight weeks.” Americans now rely even more on services such as video conferencing, telemedicine, online commerce and even grocery delivery. The side effects of this disruption also led to unique government intervention and guidance, including COVID-19 stimulus checks, paycheck protection programs, student loan deferrals, and public health guidelines. Many Americans are disoriented and distracted with this unfamiliar environment. As Winston Churchill first said, “never let a good crisis go to waste.” Unfortunately, cyber criminals are following this advice and capitalizing on today’s conditions.
According to the Herjavec Group, there has been an increase in COVID-19-related website registrations. Hackers can create a COVID-19 website, which masquerades as a legitimate site, in order to trick unsuspecting victims. These criminals have been taking advantage of people working and learning from home, the increase in technology use, and the changing health and business climate. One stark example includes a recent Twitter hack, when a cybercriminal posed as their legitimate IT department, created fake websites, and persuaded the cell carrier to reassign phone numbers. The fraudsters were able to gain access to high-profile Twitter accounts, including Barack Obama, Elon Musk and Jeff Bezos.
The most common way cybercriminals can gain unauthorized access is through phishing attempts. An email or text is typically sent, intended to trick the recipient into downloading malicious software or divulging personal information. There are typically a few red flags when seeing a phishing attempt. For example, it’s common for the email address to not match the perceived sender. Sometimes the email address will be one letter off, such as firstname.lastname@example.org. If the email or text message contains a link, the link will not point to the website of the perceived sender. In addition, the message might create a false sense of urgency to encourage you to act, increasing the chance of clicking or downloading something malicious.
Social engineering is another technique cybercriminals deploy. According to JP Morgan, cyber criminals thrive during instability, which has been a huge contributor to the rise of COVID-19-related social engineering attacks. This method, which uses human behavior to trick victims into letting down their guard in order to let them in, is typically employed via email, social media, phone call or text message. The key here is leveraging human emotion to persuade the victim into doing something. Urgency, fear, or reward are exploited to get what they want. The initial contact is usually unexpected, and from an unfamiliar contact. This could include an unexpected call from someone posing as your IT department urgently needing access to your computer or a sudden email from someone posing as a friend, asking you to open an important attachment.
In February, we discussed a few ways to protect yourself against phishing attempts. These suggestions still apply in the current environment, but let’s highlight a few of the ways to help avoid becoming a victim.
Pay Attention to Context: In many instances, the context in which the message (email, text, etc.) is sent can be used to spot red flags. Ask yourself: Was I expecting communication from this person? Does the message directly correspond to prior topics discussed? Phishing or social engineering attempts can appear out of the blue and seem a bit out of place. If something seems off, it’s usually because it is.
Don’t Click the Link: A phishing email or text might contain a link that points to malicious software or fake website. Instead of clicking the link within the email, it’s best to go directly to the legitimate website. This removes the possibility that you accidentally click a malicious link.
Don’t Give Up Information: If an individual or company contacts you and requests information, be extremely suspicious. Cyber criminals are always looking for a way in. They may request or even demand information to find their way into your computer, network, or sensitive information. Don’t give away your information unless you’re 100% sure the source is reputable.
Confirm the Sender: When emails start piling up, it can be rather time consuming to investigate each email to ensure it’s from a safe source. If you’re unsure, it’s always best to contact the sender directly to confirm the legitimacy of the email.
Maintain Social Media Awareness: Social media connects us with our friends and family, but it also gives the public access our personal and professional lives. Be conscious of what information is on your social media profiles, posts, and accounts. Remember that personal data posted online can be used against you by someone who has malicious intent.
Interested in working with The Fiduciary Group? Please reach out to us to get started.