Ever since it first popped up in the Wuhan Province of China, COVID-19 (better known as the coronavirus) has created quite a stir—bordering on panic—around the world. Unfortunately, as has been the case many times before, cybercriminals have been using this near panic to support their attacks. Let’s review some of the ways they do so, and how you can protect yourself and your business from these efforts.
“You can sit in a room and create anything you want on a laptop. That’s why the real con men are gone.”– Frank Abagnale
Reformed con man and FBI consultant Frank Abagnale is right, as the cybercrimes shaped around the coronavirus have proven. Due to the deep anxiety and trepidation that the media coverage of COVID-19 has encouraged, cybercriminals have been handed an opportunity to take advantage of the panicked populace through phishing attempts… an opportunity they have embraced since the end of January.
These themed attacks have been directed toward a variety of targets. For example:
Of course, this kind of activity has been going on for far longer than the Internet has been around… it’s just that the Internet makes these attacks much more efficient and effective.
Unfortunately, the latest application of these attacks have proven effective. Much of this is likely due to the fact that they are leveraging a very visible and nerve-wracking event, which helps to boost the interest of a target. This same tactic is the reason that so many phishing attacks are launched right around tax time, and why fraudulent messages were shared via SMS claiming that the recipients needed to register for the draft… for a fee.
Whatever the approach, the tactics have remained the same: scare the recipient enough that they don’t consider that the message may be fraudulent, and give them a perceived “out” if they turn over their information.
Adding to the complexity, the situation with COVID-19 is just different enough from other events that cybercriminals typically take advantage of, for it to be uniquely dangerous. For instance, many of the other disasters that a cybercriminal will use to their advantage are over in a relatively short time frame. In comparison, COVID-19 has already spent weeks dominating the headlines, with no way to tell how many more weeks (or months) are yet to come.
In addition to this, coronavirus is largely unprecedented, unlike the foundation of many other phishing attacks (such as major sporting events and the like). This means that there is no real resource that is known to be trusted for people to turn to. For weather events, the National Weather Service and FEMA fill that role… no such resource is as commonly trusted for coronavirus.
In most cases, resisting these efforts will require a combination of basic cybersecurity measures and--perhaps more critically--user awareness and education. While your protections will ideally block the majority of phishing attacks and malicious messages, you need to be sure that your employees are aware of how such attacks should be handled:
Whether a cybercriminal uses coronavirus or some other story to try and phish your employees, it is important that they know how to spot them, and how to properly respond when they do. For more assistance in handling these threats, give BNMC a call at 978-482-2020.