The U.S. Department of Homeland Security on April 8 issued a cyberthreat alert on the growing use of COVID-19 related online schemes to steal sensitive information from unsuspecting users, including individuals and organizations.
“The techniques used by attackers prey on people’s appetite for information and curiosity towards the outbreak, with phishing emails and SMS messages using the virus as a lure to trick people into revealing credentials or downloading malicious software,” according to the joint advisory from the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency and the UK’s National Cyber Security Centre.
CISA advises taking extra precautions when opening emails that appear to be from a trustworthy sender or have subject lines about the COVID-19 outbreak. Other steps you can take to protect yourself and others in your address book include:
In addition to COVID-19 phishing schemes, CISA and NCSC say cybercriminals are targeting more people who are working from home during the pandemic and have been “scanning for known vulnerabilities in remote working tools and software.”
Because more companies are relying on a remote workforce to stay connected to employees, the FBI has reported an increase in video-teleconferencing hijacking on platforms such as Zoom and Microsoft Teams.
CISA recommends remote workers follow this FBI guidance to help prevent VTC hijacking:
The agencies are expecting COVID-19-related attacks to increase in frequency and severity over the next few weeks and months and urge individuals and organizations to remain vigilant to these threats and cautious with suspicious emails.
For additional guidance on how to decrease the risk of a cyberattack, read the CDA article “Protect your practice from increased ransomware risk during COVID-19 crisis.”