Cybersecurity and the Coronavirus

The U.S. Secret Service has issued guidance related to coronavirus-related phishing scams: “Cybercriminals are exploiting the coronavirus through the wide distribution of mass emails posing as legitimate medical and/or health organizations,” the guidance reads. “In one particular instance, victims have received an email purporting to be from a medical/health organization that included attachments supposedly containing pertinent information regarding the coronavirus. This led to either unsuspecting victims opening the attachment, causing malware to infect their system, or prompting the victim to enter their email login credentials to access the information resulting in harvested login credentials.” This comes on top of the already robust cybercrime activity that typically ramps up during tax season. Digital scammers are busy tricking unsuspecting victims into providing their personal information and financial data, many times with the intention of filing a false tax return in order to steal a tax refund. Being alert and aware of these devious criminal scams is always important. But it becomes critical if you are spending more time working remotely, often without the protection of a network firewall. Here are six steps to take to help avoid falling victim to a phishing scam:

1. Verify ALL requests for data – Treat any email request for personal or financial data with suspicion, even if it appears to be from a known source. Make sure it is a legitimate request by making a phone call to the sender or requesting confirmation via a separate email – type the email address in yourself, don’t just reply to the one you received.
2. Type URLs – Many times the “hook” in a phishing scam is an innocent looking link, sent from someone you know and trust. But it could install malware on your computer or request sensitive information. Never click the link in an email. Instead, type the URL out in a separate browser window.
3. Be careful about opening attachments – Never open an attachment on an email sent from an address you do not recognize. It could contain malware. Even if the email appears to be from someone you know, do not open the attachment unless you were expecting it. Follow the phishing prevention protocol of calling or sending a separate email to confirm the legitimacy of the attachment.
4. Make sure websites you visit are secure – Secure websites have addresses that begin with https:// instead of the non-secure http:// Secure websites have installed encryption services that make data transmission more secure.
5. Keep security software turned on and up to date – Do not comply with any request to disable or shut down your firewall or antivirus defenses. Make sure your security software is running the latest version.
6. Report suspicious emails – If you do receive an email that looks like a phishing attack, report it and delete it. You can forward suspicious emails to your company’s IT department. You can also file complaints at the Federal Bureau of Investigation Internet Crime Complaint Center. When in doubt, ask your IT department.

Make sure you and your employees who may now be working at home are familiar with these tips, so you can help avoid being hooked by phishing scams. If you have questions about cybersecurity for your business or for connecting remote “at home” workers, please contact Gray, Gray & Gray IT Department at (781) 407-0300.