Coronavirus themed online fraud has scaled to new heights during the pandemic and resulted in a wealth of opportunities for cybercriminals. These unscrupulous characters aim to exploit general fear, uncertainty and a lack of cybersecurity awareness to launch COVID-19 themed malware and cybersecurity attacks.
The speed with which cybercriminals move to exploit fears and anxieties is startling and places a substantial number of people and businesses at risk. Large numbers of employees are now working from home and often from aging laptops and mobile devices with outdated security systems. Many employees are distracted by their worries and focused on adapting to a remote work environment, and as such, are less likely to spot a bogus email or malicious website.
Businesses and employees need to educate themselves about the risks they might encounter, what to look for and how to safeguard against a tidal wave of online fraud. Scams surrounding COVID-19 will not go away any time soon, as malicious actors will attempt to commit online fraud for as long as the global pandemic dominates our daily lives, so here’s what you need to know.
What to Watch?
Phishing email messages are the most popular means of delivering malware. Attacks happen via attachments, such as PDF and Word documents that contain malicious code or include links that take recipients to malicious web pages.
Scammers have been infinitely creative as well: disguising these malicious emails as everything from the somewhat reasonable (discounts on hand sanitizer) to the absurd (COVID-19 cures). Some cybercriminals are even upping the stakes by claiming to be a reputable institution such as the World Health Organization, or from some type of health organization informing recipients that they have been in close contact with an infected person.
Without exception, the goal of all of these scams is to steal log-in details, passwords, banking information and other data to be used later as a means to commit identity fraud.
What’s At Risk?
Individuals working from home and small businesses are particularly vulnerable to scams and fraud. Attackers have become piranha-like in their focus on home workers as they know many have little cybersecurity awareness or training and what they need to protect themselves.
In these scenarios, employees tend to use personal devices at home that are not properly protected, which can result in a damaging malware infection. These infections can compromise company networks and put sensitive data and ID information at risk of being stolen. For a small business, a malware infection could be spyware that siphons client information, a trojan that steals sensitive data, or ransomware that locks up devices, databases and work documents.
It is crucial businesses and employees don’t slacken cybersecurity measures. Cybercriminals come in all shapes and sizes — and from any number of demographic backgrounds — but what they’re looking for is simple: access to personal information and data they can use for a malicious purpose.
Stop The Spread
According to the United States Secret Service, 43% of small companies don’t have any cybersecurity defense plan in place, and yet coronavirus-related scams are on the rise. Fortunately, It is relatively easy to prevent the spread of malware. Education is the first step.
Businesses of all sizes must educate their employees on how to spot suspicious emails, PDFs and Word attachments. When working from home, it’s easy to become distracted and accidentally open a cybercriminal’s phishing email message. A virtual private network (VPN) is one way to safeguard company networks as it helps lockdown personal and company information while allowing employees to surf the internet with military-grade encryption and enhanced anonymity. Companies should ensure that all end-user devices, including employee laptops and smartphones, have antivirus and malware protection installed and consistently apply security updates. Employees should use strong, secure passwords wherever possible, and businesses and employees should make use of 2FA (two-factor authentication).
It can be difficult and often complex for small businesses to protect employees working from home. Equally, employees navigating a new work-from-home environment aren’t always aware of the cybersecurity risks, but with the proper awareness and education, neither have to become a victim of a coronavirus online fraud or scam.
Small businesses can also take advantage of a free, three-month minimum Small Office Security license offered by BullGuard. Business owners can download the free trial here. Sign up is quick and easy — with no credit card details or financial information required.
Paul Lipman is the CEO of BullGuard, an award-winning cybersecurity company focused on the consumer and small business markets. He has extensive experience building and leading security and consumer technology companies, and is a recognized thought leader on cybersecurity, data privacy and IoT.
Before joining BullGuard, Paul was CEO at iSheriff, a recognized cloud security innovator acquired by Mimecast. Prior to this, he held the CEO role for Total Defense, a high growth consumer security business, which was acquired by Untangle. Paul has also held leadership positions at Webroot, Keynote Systems and Accenture.
Paul holds an MBA from Stanford and a Bachelors in Physics from Manchester University. Outside of work, Paul is an avid snowboarder, amateur astronomer and dabbles in quantum computing.