I find it sad but unsurprising that every time there is a disaster, fraudsters pop up quickly to take advantage of the fear and confusion to filch money off others. The present Coronavirus disaster is sadly no different. With the COVID-19 situation heading (some will say spiralling) towards pandemic status, accurate information can go a long way to helping people understand how they can avoid infection. This has spawned myriads of social media posts, websites and other forms of online information on the subject from all manners of people and organisations. Regrettably, lurking behind this treasure trove of online material is an ominous collection of webpages, email attachments and links. They remind me of the Venus Flytrap. While misleadingly genuine-looking, they are designed to trap unsuspecting users, infiltrate their devices and steal personal and financial information.
According to cybersecurity firm Check Point Software Technologies, cyber-criminals are exploiting interest in the outbreak to carry out malicious activity using several spam campaigns revolving around the outbreak. Warning from CISA This has caused sufficient concern for the US Cybersecurity and Infrastructure Security Agency (CISA) to issue an alert over the weekend about COVID-19 cyber scams. The scams are in similar guises to most other cyber scams. For example, many are in the form of a malicious email attachment that harbours the notorious Emotet or LokiBot malware. Another common vector is MS Word attachments that purport to provide advice but instead conceal a VBA script which launches the TrickBot malware. Researchers at Kaspersky have identified many emails which looked like they had come from the US Centers for Disease Control and Prevention (CDC) because they appeared to come from a legitimate domain (such as cdc-gov.org). The actual domain, however, is cdc.gov (without the hyphen or .org) but not everybody would realise the difference. Behaviours to prevent successful attacks Regular readers of this newsletter will by now be familiar with the types of behaviour that protect them from falling prey to such cyber scams. These same habits, if repeated, will guard you against these latest cyberscams. It is however important for me to remind readers that the largest contributor to the success of cyber scams is human error. Computer users letting their guard down and opening attachments or clicking on untrusted links remain the most frequent cause of cyber tragedies.
It is therefore paramount that business managers and owners continually remind staff to be vigilant. If you have not done so recently, I would encourage you to send the following checklist to all users who have access to your network (including through mobiles) as a reminder:
Almost all the rescue missions that Houston security specialists have attended to in the last year were caused by momentary inattention by users. If you need help If you have any concern about the security of your network and need an objective assessment, give us a call. Houston Technology has security specialists who can conduct a security assessment on your network and provide you with reports that include a Security Report Card. To enquire, please call 07 838 3019.
Kind regards. Alan Chew FCA Managing Director Houston Technology