Last week we discussed the Copyrighted Image scam that’s making its way around, specifically targeting business owners, however, there are always opportunists who will act quickly to exploit a major event for their own gain while threatening the safety of others. The COVID-19 pandemic is no different, with cybercriminals aiming to take advantage of the confusion, distraction, and large-scale shift to remote work resulting from the pandemic with a whole new batch of scams.
The most common COVID-19-related cyber scams include the following:
- Phishing using COVID-19 as a lure
- Malware distribution using COVID-19 as a lure
- Registration of new domain names containing wording related to COVID-19
- Increased attacks against new remote access and teleworking infrastructures
Typically, scammers will attempt to impersonate a reliable entity. In the case of the COVID-19 pandemic, there have been reported cases of cyber-attacks posing as the following:
- Government entities offering assistance
- Internal IT or technical support teams providing support or cybersecurity tips
- Health agencies providing safety resources
- Organizational leadership issuing an alert
- Non-profits seeking donations
In many cases, phishing tactics are used in conjunction with imitation websites to further the ruse of legitimacy.
How To Avoid Being Scammed
Fortunately, these attacks generally rely on the same basic social engineering methods as traditional cyberattacks—enticing users to carry out a specific action such as clicking a link or opening a file via manipulation and misinformation. As such, these attacks can be avoided through the following methods:
- Notify and educate users of the risks.
- Be wary of emails from unknown addresses.
- Do not divulge personal information to unknown entities.
- Use strong, unique passwords, and usernames for each account.
- Reference multiple sources to avoid misinformation.
How We Can Help
Unfortunately, we’ve had to help clients who’ve had their accounts compromised. You’ve worked hard to build your business – we can help safeguard it against a potential attack.
For more information, the Government of Canada keeps a list of all known scams.