While much of the world is working through disrupted routines over the last several weeks, with escalating uncertainty and new anxiety-provoking news each day, cyber actors are using Covid-19 as an opportunity to exploit individuals by conducting phishing attacks and disinformation campaigns. Phishing attacks use a combination of email and bogus websites to trick victims into revealing sensitive information. Disinformation campaigns can spread discord, manipulate the public conversation, influence policy development, or disrupt markets.
What can you do?The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19).
Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.
CISA encourages individuals to remain vigilant and take the following precautions.
- Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
- Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
- Review CISA Insights on Risk Management for COVID-19 for more information.
At Firstrust Bank, the safety and security of our customers’ personal and financial information is our top priority. We want to remind you that it is critical that each of us be as vigilant as we have ever been with respect to this heightened danger! While it is frustrating to have to keep our guard up and expect to be ‘taken advantage of’ by cyber criminals at such a time, it is simply a reality of our current world.
As always, STOP and THINK before reacting:
- If you’ve received an unsolicited email that has links or attachment, DON’T click or open. Remember, you can always go directly to a Google search to find whatever purported information is in the message. If you can’t find it on Google – that’s because it is a malicious email
- If you receive a message asking you to move funds or do a financial transaction, consider double or even triple checking the validity BEFORE taking any action. Remember, best practice for verifications of money movement is to confirm, in a channel different than the one where the instruction was received and with an outbound contact from the receiver of the information. Example: if you receive an email instructing you to do something, call or text the person that supposedly sent the message.
National Cyber Awareness System “Defending Against COVID-19 Cyber Scams" CISA, 6 March 2020, https://www.us-cert.gov/ncas/current-activity/2020/03/06/defending-against-covid-19-cyber-scams.