New Customers: 202-223-1234 l Existing Customers: 703-528-0101 info@invario.net

On 4/8/20, US and UK security agencies issued a rare joint alert on COVID-19 cyber threats. Here is some tactical advice on how to avoid coronavirus scams and protect your small or mid-sized business. Three ways to avoid coronavirus cyber threats:

  1. Don’t fall for phishing emails
  2. Learn how to spot fake news
  3. Don’t respond to bogus text messages

Cyber Threats to Small and Mid-Sized Business

Despite the coronavirus crisis, many of us are working to keep our small and mid-sized businesses up and running. This often means working remotely and getting used to new technologies and processes that help us do that. Unfortunately, this new paradigm opens our businesses up to increased threats.

We’re working in unfamiliar environments. Maybe you’re sharing a device with a family member, or you don’t have a dedicated workspace. You’re getting used to new tools or searching for solutions to help manage your work in this new environment. Or the fact that you’re at home on your couch just naturally leads to lowered defenses. Any of these can mean increased risk for your business.

We’re consuming more digital content. People are flocking to online channels to socialize, stay informed and relieve boredom. This makes it easier for the bad guys to create fake news content that has a malicious intent, like fake COVID-19 tracker maps that infect people’s computers with malware when opened.

Hackers are getting creative. Attackers are capitalizing on the fear and confusion created by the global pandemic. New scams abound, and even as one gets widely publicized the malicious actors come up with new ideas to profit from our fear and confusion. It’s not just phishing emails – there are also fake text messages, robocalls and even direct mail scams related to the coronavirus.

Don’t Fall for Phishing Emails

Every country in the world has seen at least one COVID-19 themed attack. In one of the most recent, malicious cyber actors exploit the increased use of communications platforms—such as Zoom or Microsoft Teams—by sending phishing emails that include malicious files with names such as “zoom-us-zoom_##########.exe” and “microsoft-teams_V#mu#D_##########.exe”.

I’ve said it before and I’ll say it again – think before you click, never download unexpected attachments, and do not reveal personal or financial information over email. Familiarize yourself with common phishing red flags.

Spot Fake News Like an Expert

As much as I would like to believe that drinking a quarantini can protect me from COVID-19, it simply isn’t true. Fake news sites can transmit malware. They can also lead to real consequences when people believe what they say. So, how do you spot fake news like an expert?

  1. Source. Question the source. Especially if the article references an organization such as “FBI Warnings” or “Stanford Researchers” go to the official websites to see if the stories are repeated there. A website you’ve never heard of is unlikely to be the first and only source for major breaking news, no matter how slick the layout looks.
  2. Social Media Accounts. If the information is posted on social media, check the age if the account and the number of followers. Also, has the account always presented news? Sometimes fake accounts mimic the real thing. For example, the unofficial Twitter handle @BBCNewsTonight (vs. the legitimate @BBCNews) shared a fake story about Daniel Radcliffe testing positive for coronavirus. If in doubt, verify the information from a trusted source.
  3. Logos and Images. Do any logos match the official website of the organization? Do the photos seem like real subjects, or are they generic images? You can use a reverse Google image search to see if the photo came from somewhere else on the Internet.

Anything highlighted in the phishing red flags is also an area of concern when it comes to spotting fake news. You can also try using fact checking websites such as the Associated Press’s APFactCheck, or Snopes.com.

Don’t Respond to Bogus Text Messages

Phone scammers have seized the opportunity to prey on consumers using SMS Phishing (aka smishing). Do not click on links in texts related to the virus. Instead, check cdc.gov/coronavirus or a trusted source for the most current information. Reported text message scams to watch for include:

  • Text messages or emails asking you to provide personal information in order to receive a government economic impact benefit. No payment or personal information is required to receive a recovery check, the IRS will distribute based on your tax information.
  • Offers for free home testing kits and/or bogus cures. There are no products proven to treat or prevent COVID-19 at this time.
  • Messages impersonating the U.S. Department of Health and Human Services that informs recipients that they must take a “mandatory online COVID-19 test” using the included link.
  • Messages that appear to be from a “next door neighbor” claiming that the government is about to order a mandatory national two-week quarantine; or instructing you to go out and stock up on supplies.

Keep Calm, Stay Aware, Avoid Coronavirus Scams

What a difference a few weeks can make. Back in January, the idea that a significant percentage of the world population would be under lockdown due to a global pandemic sounded like a movie plot. Yet, here we are. I hope that you and your loved ones are staying safe during this time. Please reach out if your Invario team can help in any way.

For more information to help you during the crisis, see my related articles on cybersecurity best practices when working from home and security for virtual meetings. Hopefully this will all be over soon. In the meantime, keep calm, stay aware, and avoid coronavirus scams.

Feedback

If you have questions about this article, or if there is an IT topic you would like to know more about please email me your suggestions.

Referral$

If you know of a company that would be interested in the services of Invario, please email me the company name along with the phone number and email for the person we should contact.

That is all you have to do! Upon completion of the onboarding of a new customer, Invario will pay the equivalent of one month of Invario service to that customer. Recipients that cannot or do not wish to receive a referral payment may elect to have the referral fee donated to a charity of their choice or put into a company entertainment fund.

Dave Wilson

Referral$

If you know of a company that would be interested in the services of Invario, please email me the company name along with the phone number and email for the person we should contact.

That is all you have to do! Upon completion of the onboarding of a new customer, Invario will pay the equivalent of one month of Invario service to that customer. Recipients that cannot or do not wish to receive a referral payment may elect to have the referral fee donated to a charity of their choice or put into a company entertainment fund.

Dave Wilson