A Message from Mark J. Schafer, Chief Information Security Officer, SVA Consulting
There is no shortage of news about the Coronavirus outbreak, also known as COVID-19. We wanted to remind you that during media-intense events like this, cyber attackers can take advantage and try to scam you by launching phishing attacks that attempt to get you to click on malicious links or open infected email attachments.
The Treasury Department and IRS announced that the automatic distribution of the upcoming economic impact payments has begun. The IRS has urged taxpayers to be on the lookout for scams relating to economic impact payments. Criminals could exploit these confusing and stressful times to take advantage of taxpayers by committing fraud and identity theft.
Here are some of the most common indicators that the phone call or email you received is most likely a scam or attack:
Any message that communicates a tremendous sense of urgency. The bad guys are trying to rush you into making a mistake.
Any message that is related to “stimulus payment” or financial windfalls.
Any message that asks for your personal or work information or prompts you to share your username and password.
Any message that pressures you into bypassing or ignoring your security policies and procedures.
Any message that promotes miracle cures, such as vaccines or medicine that will protect you. If it sounds too good to be true, it probably is.
Be very suspicious of any phone call or message that pretends to be an official or government organization urging you to take immediate action.
Here are some recent activities:
Attackers are impersonating IT departments in order to trick you into new phishing attacks.
A recent campaign has been uncovered using COVID-19-themed videos to trick users into running a concealed executable which is infecting their computers and emptying bank accounts.
Using the ongoing Coronavirus pandemic as a lure, an app called Coronavirus Updates is installing spyware on cell phones.
Here are some tricks and tips:
Be wary of any request for money or gift cards.
Never give personal information on a phone call that you did not make (calling your bank to ask them a question is safe but taking a call from someone pretending to be from your bank is not safe).
If you are in doubt that a message is real, contact the sender directly. Do not “reply” to the email. Tell the banker you will call them back at the number on their website.
Please keep in mind Coronavirus scams and attacks can happen at work or at home, via email, text messaging or even over the phone. Don’t fall victim to bad guys playing on your emotions. If you suspect you may have been the victim of a phishing event, immediately report it to your IT support team so they can identify and mitigate the threat or attack.