Expertise Beyond the Numbers

Increased Need to Take a Defensive Approach to Communications as Cybersecurity Threats Escalate

Continued surge in cyberattacks targeting specific organizations or individuals 

As mentioned in our COVID-19 Cybersecurity Best Practices resourcethe need for both individuals and businesses to be on the lookout for an increase in attempted scams serves as a reminder of the importance of approaching suspicious communications with caution.  

Now more than ever, it is important to be on the lookout for not only phishing emails, but text messages, fake websites, and social media posts/requests that could ask for money or personal information.  

The following details different situations in which SC&H Group’s Technology Advisory team has seen an increase in attempted scams to obtain access to your devices, and from there your personal information: 

  • Remote Work Environments  Playing to the fact organizations are operating within remote environments, cybercriminals are making attempts to capture information via platforms being utilized to conduct business from afar. You may receive an email to download a new program, click on a link to access Zoom meeting or other virtual software to connect you with others from your organization. 
    • Reminder: It is important to first verify the email addresses, and if you don’t recognize the sender, don’t click or download. Additionally, if you recognize the email but were not expecting an appointment from the contact sending you a link to meet or download a software, confirm with them (preferably offline via a call or chat solution) to avoid the risk of divulging information as part of a phishing attempt.  
  • Government Stimulus Payments – Direct Deposit, Paper Check, or via Turbo Tax 
    • Direct Deposit or Paper Checks – With a flurry of updated tax filing dates and stimulus checks being presented in the coming weeks, you must be on alert to the screen communications received specific to obtaining payment. You may receive an email, text, or call asking to verify personal information for the deposit of your stimulus check. 
      • Reminder: The IRS will not call you. They will deposit checks into the direct deposit account from your previous tax return, or they will mail a paper check. 
    • Turbo Tax – The IRS and Turbo Tax have partnered to provide a solution to help those who are not required to file a tax return receive their stimulus payment (the Turbo Tax Stimulus Registration)Concerning this, there are fake Turbo Tax websites popping up.  
      • Reminder: Again, double-check the email you are receiving the communication from, and in this case, it is important to confirm the URL they are asking you to visit. For reference, the official Turbo Tax URL is https://turbotax.intuit.com/. 
  • Small Businesses Vulnerability – As numerous small businesses are considering their financing options due to the CARES Act, there has been an increase in calls about virus-related funding and loans or online listing verification. 
    • Reminder: Talk to your bank, business partners, or review official government sites for this information as this type of information would not, and should not, be communicated via a phone call.  
  • COVID-19 Specific Resources  Unfortunately, a worldwide health crisis creates the platform for cybercriminals to play to the uncertainty felt on a global scale, whether business or health-related. A recent ploy cyber attackers are taking is to send text messages or call about home testing kits, cures, health insurance, and “mandatory online COVID-19 tests” with a link. 
    • Reminder: For COVID-19 related resources, visit the official government sites, designated state hotlines, or call your physician/local hospital. 

The scenarios featured in this post are just a preview of the specific incidents taking place. Linked below are two resources that list out specific scams taking place: 

  • Tripwiris an excellent website that references the specific cyber scams taking place week to week. Linked here is the latest report for the week of 4/6/20.
  • The U.S. Department of Justice COVID-19 Task Force listthe following examples of scams on their site: 
    • Treatment scams:  Scammers are offering to sell fake cures, vaccines, and advice on unproven treatments for COVID-19. 
    • Supply scams:  Scammers are creating fake shops, websites, social media accounts, and email addresses claiming to sell medical supplies currently in high demand, such as surgical masks. When consumers attempt to purchase supplies through these channels, fraudsters pocket the money and never provide the promised supplies. 
    • Provider scams:  Scammers are also contacting people by phone and email, pretending to be doctors and hospitals that have treated a friend or relative for COVID-19, and demanding payment for that treatment. 
    • Charity scams:  Scammers are soliciting donations for individuals, groups, and areas affected by COVID-19.   
    • Phishing scams:  Scammers posing as national and global health authorities, including the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC), are sending phishing emails designed to trick recipients into downloading malware or providing personal identifying and financial information. 
    • App scams:  Scammers are also creating and manipulating mobile apps designed to track the spread of COVID-19 to insert malware that will compromise users’ devices and personal information.  
    • Investment scams:  Scammers are offering online promotions on various platforms, including social media, claiming that the products or services of publicly traded companies can prevent, detect, or cure COVID-19 and that the stock of these companies will dramatically increase in value as a result. These promotions are often styled as “research reports,” make predictions of a specific “target price,” and relate to microcap stocks or low-priced stocks issued by the smallest of companies with limited publicly available information. 

As businesses continue to navigate remote working environments and employees juggle working from home, it is important to make sure your organization maintains an ongoing dialogue with employees to ensure everyone is diligently working to protect themselves against cyberattacks.  

If you experience one of the cyberattacks referenced, or have any questions, we are here to help and encourage you to Contact Us.