To scammers, nothing is sacred, and that includes the desperate situation of the global Covid-19 pandemic. When providing helpful information to employees about how to cope with the current situation, don’t forget to warn them to be on alert in the following three areas. And make sure your company follows good cybersecurity hygiene. We’ve included a few tips below.
1. Email scams
The threat: According to a Consumer Reports warning, cybercriminals are eagerly seizing upon people’s fear of the disease to offer them phony cures and equally phony information, largely by e-mail and text—especially as so many people working from home these days aren’t used to it and lack the security measures put into effect at their places of business.
Fake e-mails purporting to be from the World Health Organization or Centers for Disease Control are just two of the ways people can be taken in; CNN warns that some offer vaccinations (which don’t yet exist) or other “treatments” (also nonexistent at present) to frightened people looking for help.
What employers should consider: Train and remind employees about good cyber hygiene, including the most-often ignored yet basic tip: not to open email attachments from senders they don’t know. Look for additional tips at the U.S. Department of Homeland Security’s CISA Cyber Infrastructure page.
2. Phone scams
But don’t omit warnings about scam phone calls, either; according to Yahoo Finance, robocalls (vishing) abound offering “fake health agency warnings about infections in your local area, vaccine and treatment offers, medical test results, health insurance cancellation, alerts about critical supply shortages, and more.”
In fact, warns Yahoo, cybercrooks will often use both phone and e-mail or e-mail and text messages together to give themselves more credibility as they seek to send recipients to phony websites or offer them downright dangerous “cures” or substandard supplies that are currently hard to get, such as face masks or testing kits.
It can work in reverse, too, with the scammers “buying” products from your company via payment apps, but then canceling payment through the app once your employee has already shipped the goods.
What employers should consider:
Train employees on cybersecurity best practices and keep a “security playbook” with policies and tips available and easily accessible for employees, says Microsoft, whose own internal employee security training tips are examined by BizTech.
3. Social media scams
And it’s not just fake information or bogus cures. Yahoo warns, too, about “coronavirus-related investment scams,” citing a recent SEC warning that “criminals will use social media to promote microcap stocks which they claim have a product or service that can help prevent or treat coronavirus. These are pump-and-dump scams that could cost investors dearly.”
And not just investment scams. In what could be one of the more cruel scams, at least one site is preying on people recently out of work, offering them fake job openings and tasks. See Krebs On Security’s article “Coronavirus Widens the Money Mule Pool,” if you aren’t disgusted enough with scammers. And if you’re in the unlucky position of laying off people, you might want to mention that there are such scams occurring.
What employers should consider:
- Do not allow employees to share the use of their work computer or phone with family members or anyone else, legal firm Mintz says at JDSupra.
- Ensure employees use the company VPN for work, says TechNewsWorld and many others.