Email phishing scams and social engineering are significantly rising! With many Americans now working remotely from home and with the stress of the current situation being felt in many homes and communities across the nation, cyber-criminals are busy showing their inventiveness and creativity for using the current pandemic for their gain.
In recent days, the FBI, OCR, U.S. Secret Service, the defense department and other officials have posted alerts warning of the significant spike in scams related to the current pandemic.
Three of the most common recent scams to be on the lookout for:
- Fake WHO emails. Recent phishing emails from cyber-criminals posing as the WHO (World Health Organization), CDC (Center for Disease Control) and other local or state health agencies with “news” that may seem important. These FAKE emails contain malicious links tempting you to click, don’t. Some are very “legitimate” looking, as nation-state and other well-heeled hackers have gotten quite sophisticated. In recent days, many IT security experts and chief legal and data security officers, like myself, have been commenting on how “good” (how “real”) some of these recent phishing emails look. If you get something in your inbox that looks like it’s from WHO, CDC or any other regulatory agencies, don’t open it. If it’s a work email, contact your employer first. They may advise you to delete it or capture a screen shot so they can warn other workforce members. If you’re working remotely, take extra caution opening emails from anyone not known to you or external sources. These “spoofers” have gotten so good at it that it may seem it’s internally generated from your employer or a co-worker or a governmental entity. For many years, healthcare workers, hospitals, defense industry and other industries have been hackers’ favorite targets. But the reach of these recent attacks go far beyond and is unprecedented. Every home, business and industry needs to be more vigilant. These emails are often very convincing looking as if they come from legitimate governmental organizations, or are internally generated by a corporate employer, they’re not.
One wrong click could take down an entire network or pose other significant financial, corporate or personal losses.
2. Robo calls, texts and emails offering to sell you a virus test kits or offering cures for a fee. Most consumers know that virus testing is only available at certain healthcare sites in the U.S., and not available like this online. Many also know there is currently no vaccine or known cure. But, that unfortunately, that doesn’t stop the cyber-criminals, who will use many different ploys like this to prey on the hopes and fears of some in the community. Hackers are too often successful in getting vulnerable individuals and communities, or just someone not paying attention, to click a link, a malicious link. Then it’s too late. The results can be devastating from risking fraudulent charges to bank account information being compromised, identity theft, medical fraud, loss of corporate intellectual property and worse. It’s critically important to be vigilant right now and check-in with neighbors, friends, co-workers and family members, who may be more vulnerable to these types of tactics threatening their personal and financial well-being. And it’s critical for companies with remote workers to quickly take extra steps to ensure their workforce is aware of some of the newest tactics, and ever-present threats.
3. Emails or calls from cyber-criminals purporting to be from local or federal health organizations warning you that someone in your community has tested positive for the virus, seeking your personal information that they would then quickly sell on the dark web, posing potentially significant privacy and financial risks.
The best way to avoid these scams is to always go directly to an official governmental website such as CDC, WHO, or other federal, state or local governmental agencies for any important updates. And question everything before clicking or offering any information. Regulatory agencies will not contact you in this way. And always use known, reliable news sources for keeping yourself up to date on important information affecting you and your community. Whenever you receive an email, phone call or text, requesting any personal, business, health or financial information, don’t click, don’t respond. If you receive something through your work or personal email, take the extra few seconds, stop, don’t click. First verify whether it’s from an internal, legitimate company source or go the official, external source directly to obtain information. Anything related to the current pandemic is fair game for these hackers, anything ranging from airline ticket refunds, testing kits and vaccines to the economic stimulus package are other areas where clever spammers are likely to go next.
During these challenging, unprecedented times, we wish all of our clients, friends and colleagues, continued health, safety and well-being. By working together, we shall overcome.
_____________________________________________________________________________
Please be advised, our law firm is remote capable at all times. We will continue to work remotely to serve our clients during the current situation. To protect our support staff, clients and the community, we’re following CDC guidelines and are prepared to respond to any requests whether related to this topic or the other legal needs via email to tegan@teganblackburn.com, phone 860-651-9500 or remote video-conferencing.
______________________________________________________________________________
If you or someone you know may have been a victim, there are several resources available: National Center for Disaster Fraud hotline 866-720-5721; email disaster@leo.gov or report it to the FBI tip line at fbi.gov.