Avoid Cybersecurity Threats During COVID-19

As the work-from-home culture becomes more popular due to the COVID-19 outbreak, the threat of cybersecurity breaches is greater than ever. Take a look at these indicators of a security breach and what your company can do to protect itself.

Since the outbreak of COVID-19, many businesses have moved their employees to the online workspace. As the trend of remote working continues to increase in popularity, cyber criminals have begun to take advantage. Scammers have seized on the increased telework environment and uncertainty surrounding the pandemic to target employees with fraudulent termination phishing emails and VTC meeting invites. Now more than ever, cyber criminals have become a great risk to many organizations.

Often times, these fraudulent email addresses look so similar to their company’s legitimate one employees may not be able to tell a difference. The emails then entice victims to click on malicious links purporting to provide more information or online conferences pertaining to the victim’s termination or severance packages. It is important that companies alert their employees to look for emails coming from Human Resources or management with spoofed email domains. Take a look at these indicators of potential threats and precautions your company can take to prevent them.

Indicators:

  • Calls from employees who mistakenly believe themselves to be terminated.
  • Employees reporting malware or ransomware infections.
  • Employees reporting suspicious activity on legitimate accounts such as video conferencing accounts.
  • Emergence of fake VTC applications installed on users’ smartphones, tablets, or computers.

Recommendations:

  • Alert employees to look for emails coming from Human Resources or management with spoofed email domains
  • Select trusted and reputable telework software vendors; conduct additional due diligence when selecting foreign-sourced vendors.
  • Require use of password or PIN for any teleconference or web meetings.
  • Beware of social engineering tactics aimed at revealing sensitive information.
  • Use tools that block suspected phishing emails or that allow users to report and quarantine them.
  • Beware advertisements or emails purporting to be from telework software vendors.
  • Always verify the web address of legitimate websites or manually type them into the browser.
  • Do not share links to remote meetings, conference calls, or virtual classrooms on open websites or open social media profiles.
  • Avoid opening attachments or click links within emails from senders you don’t recognize.
  • Only enable remote desktop access functions like Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) when absolutely necessary.

Protect Yourself & Your Business

Interested in learning more information regarding the safety of your organization via cybersecurity? Register for our upcoming webinar, CYBERSECURITY: Protection During a Pandemic & Beyond! At the end of this presentation, each attendee should have a heightened awareness of the threats and talking points to engage your leadership, technology team, vendors, or customers. Plus, you will learn about ways you can help protect your business from becoming victim of a cyber-attack!

The FBI encourages employees to report information concerning suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch). CyWatch can be contacted by phone at (855) 292-3937 or by email at CyWatch@fbi.gov. If you believe you are the victim of an Internet scam or cyber crime, or to report suspicious activity, please visit the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Read the full Public Service Announcement from the Federal Bureau of Investigation here.