The COVID crisis is providing cover and distraction for many cyber attacks. Threats include criminals impersonating the CDC and other official groups to get people to click on links that automatically download malware, fraud attacks that take advantage of market disruptions and ‘Work From Home’ confusion to steal personal information or money, and a general risk that home computers and networks often have fewer security protections than those at work. Here are some suggestions for each.
You may recognize the person sending you a message (but their email may have been hacked or spoofed), you may recognize the name of the organization (the name may be spoofed), or you may recognize the topic (“emergency credit line request”, “covid test results”). But – be suspicious and be careful. Rather than click on an attachment or link, for public information try to find it yourself via a Google search. Examine the email address in detail before you hit Reply. Notice tone and details – is that what they usually call you, do they normally use your or their title, have they ever been that friendly before? Don’t be lulled by accurate supporting details – great, you know that person really is working from their vacation home, which anyone can find out by checking their Facebook profile. Better to be skeptical than to be sorry.
Successful payment fraud attacks have common features including a sense of urgency and a change in payment procedures or details. Unfortunately, that describes most work days over the past few weeks. If in doubt, especially for payment requests or requests for personal or financial data – call the person to confirm it came from them. These types of frauds are very profitable for criminals, and once money is transferred it usually is gone for good. Consider adopting a general policy that any non-standard payment instructions should be verbally confirmed.
Work From Home Risks
You may be using a company supported laptop to work from home, and safely connecting only to work systems using a secure VPN. Nice. Or, you may be using a personal computer (shared with family members) to get your work done from a home network you set up in … what year was that? It is important to understand that your home computer and network likely do not have the same security protections you get at work. To improve the security of your personal laptops and desktops:
- Ensure your anti-virus is up to date. Run it.
- Make sure your operating system and program patches are up to date.
- If you can, make sure you have a firewall installed and running.
- Use a different logon to do work than your family members use.
- Do not give regular user accounts Administrator authority on a shared PC.
- Talk to family members about security issues if you share a computer.
- Do not use the same password across multiple accounts.
If you do not have security software installed, do a quick google search of professional review sites, then select, install and run some recommended programs. As a tip, yes, it is worth the few dollars a month to run professional security software, but freeware versions can be effective too. Note, you will not be the first person to run CCleaner and see a message that it found and removed thousands of software trackers on your computer.
Stay Home. Be Safe. Save Lives.