By Jeannette Jarvis, Cyber Threat Alliance
Spidey sense: a vague but strong sense of something being wrong, dangerous, suspicious, or a security situation.
Due to the COVID-19 pandemic, most of the global workforce has been working from home. This is creating an enticing environment for hackers and scammers to leverage and exploit vulnerabilities and human weaknesses. Those bad actors are working at full steam. According to Scam Spotter, sponsored by the Cybercrime Support Network, a Cyber Threat Alliance (CTA) partner, scammers are estimated to steal over $2 billion this year.
The COVID-19 pandemic is an attractive target for scammers and spammers and our CTA members have been publishing research on various malicious campaigns associated with the pandemic. Bad actors are leveraging COVID-19-related phishing lures and text-based campaigns to lure victims. One thing is common throughout — these malicious campaigns play on people’s fears both around the virus itself and their financial insecurity due to the economic uncertainty. Hackers leverage fear and uncertainty to their advantage. It works. When you couple this disquietude with the exposure of people working from home using personal computers, without the level of sophisticated security software available to them in a corporate network, you are creating an appealing environment for bad actors to exploit.
In order to effectively protect yourself against this malicious activity, you have to be hyper alert, even suspicious, when reviewing emails and texts. Have that ‘spidey sense’ that something might not be legitimate. The tactics and techniques the bad actors use today are good. They know what is compelling so that people open the email, the attachment, or click on the link. The phishing lures and text messages are specifically designed to fool you. They are also geared for wide distribution to allow for successful exploitation, so you might get various plays on the same themes. Many will fall victim to these malicious campaigns as they don’t sense something isn’t right, or they want to believe the message to be legitimate.
Be wary of any pandemic-related messages, whether coming via email or SMS messaging. To better help you educate yourself on some of the tactics and techniques that bad actors are leveraging, you can read how some of our CTA members have described this activity in more detail on this resource site. We have also compiled a list of working from home tips and resources from many of our members here. You must provide the same high level of scrutiny to any email, text, or website that you would have before the pandemic started.
The best advice we can give you in this circumstance is to be leery of any email or text message related to the virus or to today’s economic uncertainty. Get your ‘spidey sense’ on and be suspicious and be cautious; you won’t be disappointed.