Phishing Attacks in 2021 Trending Due To Pandemic

credit card phishing - piles of credit cards with a fish hook on computer keyboard

Hackers have made some nefarious choices over the past several months, many of which involve using the COVID-19 pandemic to spread their influence and steal data through the use of phishing attacks. Let’s explore how these cybercriminals have leveraged a global disaster to their benefit and some ways that you can keep your business secure.

According to SecureList, spam and phishing trends in Q1 of 2021 were heavily influenced by the COVID-19 pandemic, and not in a good way. Here are a few examples of the major threats that surfaced during this time.

Stimulus Payment Scandals

Early 2021 saw many initiatives by government agencies to suppress the financial burden placed on individuals and businesses through the use of economic impact payments and business bailouts. Hackers, of course, wanted to capitalize on this and began using phishing messages to trick people. Targets received messaging that was often specific to their bank and utilized similar branding to official websites. These efforts were all elaborate tricks to convince users to hand over their credentials. Users would unsuspectingly enter their credentials into forms on these fake websites and put their sensitive information at risk.

The Vaccine Race

Back when the COVID-19 vaccine was in short supply or the supply itself was limited to specific groups of people, there was a bit of a race to get to it. This rush created an opportunity for hackers to capitalize on peoples’ desires for security and safety, and they leveraged phishing schemes that used the vaccine to their advantage. They would use language and branding of official health organizations to convince users to click on links in emails, which would then redirect users to fake websites for harvesting credentials or banking information. Even those who got the vaccine received surveys offering free goods in exchange for information.

What You Can Do

It’s no surprise that cybercriminals are using these tricks to subvert security measures. These types of attacks are just more of a string of phishing attacks that must be kept up with in order to maintain network security. Here are a couple of ways that you can make this happen.

  • Utilize Spam Protection: While they aren’t 100 percent effective all the time, spam filters are great for keeping threats out of your inbox. The most advanced phishing attacks could still make their way into your inbox, which is why we recommend taking multiple measures of network security.
  • Train Your Employees: If messages do make it past your spam filter, you will want those who are reading the messages—your employees—to be able to identify the threat and avoid it at all costs. This is where training comes in.
  • Implement Unified Threat Management: Unfortunately, even the best employees will make mistakes, so you will want to have a contingency plan in place for when accidents happen. A UTM gives you just that with a single all-in-one security solution for your network security.

4Corner IT can help your business approach network security in a responsible manner, implementing the best solutions and constantly testing your employees’ awareness of important security practices. To learn more about how we can help you protect your business, reach out to us at (954) 474-2204.

Coronavirus Email Scams – What to Look Out For

coronavirus scams to look out for

Unless you have very good spam filters on your email, you have probably already noticed that criminal elements are switching over to coronavirus email scams. You have probably had at least one ad for protective masks get through. Criminals are also likely to approach individuals and businesses who are desperate for money and information alike.

Here are some scams already circulating:

Fake Home Testing Kits and Shady Treatments

Companies are advertising home testing kits (none of which have been approved)  or treatments. In some cases these treatments may be or purport to be drugs mentioned in the news. Herbal supplements of doubtful efficacy are also on offer. Everyone wants to protect themselves and their loved ones from this horrible disease. Oh, and no, colloidal silver will not work. Nor will fish tank cleaner. (Do not attempt to self-medicate for COVID with some treatment you heard about on the internet. Talk to your doctor).

Fake Emails from the CDC, WHO or Other Experts

Unless you have actually subscribed to a mailing list (Johns Hopkins has a decent one), the CDC, WHO, and other organizations will not email you COVID related information. Don’t click on links in emails that purport to provide such information; they could be malware. Or they could lead to dangerous information, or to alarmist theories that will make you even more inclined to stay home. Do your own research to get the right information. There’s also been at least one incident of an email purporting to be from the World health Organization that downloads an attached document. Needless to say, it’s malware.

Charity Scams

With a lot of people experiencing financial hardship, the charity scammers are, of course, out in force. Donate only to registered charities (Use Charity Navigator for research) or to people you personally know, not to random GoFundMes on the internet. Pay by credit card, or a reputable payment processor, not gift card or wire transfer.

Stimulus Check Scams

If you are eligible for the stimulus check, you will receive a direct deposit or the check will be mailed to you if they don’t have your bank account on file. This is automatic. Some scammers have been trying to get people’s bank account, or asking for a fee to expedite these checks. This is also happening in the UK, where scammers are promising to get government money fast, in some cases from programs that aren’t fully established yet.

Robocalls

The robocalls have switched to offering cheap, scammy health insurance or other COVID-related stuff. As always, hang up on robocalls immediately or, better yet, let them go to voice mail. Never press any buttons; all that does is tell them they have a legitimate number to sell to other robocalls. The FTC has been taking action but, as usual, the robocalls are hard to stop.

Non-Existent Goods

Scammers claim to be selling in-demand products, such as masks and toilet paper. Victims place an order only to have it never show up; the goods likely never even existed. Always check sellers by searching on their name plus words like “complaint,” “review,” or “scam.” If it’s possible to order from a company you are already familiar with, do.

Misinformation

Given how little we know, even well-meaning people are spreading misinformation. This has led to things like people buying up horse wormer because it might be effective (albeit not in horse doses…) against the virus. People have already died from self-medicating with so-called cures. Information that indicates something will protect you against COVID could result in you putting yourself and others in more danger, while alarmist “information” can have a mental health impact. As already mentioned, check everything with reputable sources.

It’s unsurprising that criminals would take advantage of the situation. We all need to be careful and avoid being caught out by these scams, many of which are variants on existing issues. If you need more help protecting yourself and your employees from coronavirus scammers, contact 4 Corner IT today.

The Newest Extortion Scams Are Using Your Own Passwords as Bait

the newest extortion scams are using your own passwords as bait
Using Your Passwords

As internet scams become more and more sophisticated extortion scammers have found another new piece of bait by which to hook internet users and that is with their old passwords. These extortion schemes often claim that someone has the person’s compromising information and that they are happy to help get that information back if the person is willing to pay them to do so.

Fearing that their information is going to be compromised, the person coughs up the cash in order to protect information that the person claimed they should protect. The catch? The entity that they claim meant harm never had any of the person’s information in the first place. People are then led to believe that there are scammers burrowed deep in their computers and that they are getting a hold of the person’s private information. Many scammers are even requiring the payments to be made in Bitcoin or they won’t go about doing “the job” of stopping these people who are said to have the person’s personal information (really they don’t have their information at all – the said person burrowing in the person’s computer doesn’t even exist).

What Can I Do To Avoid Being Scammed?

The following advice is offered to people who have had issues with these kinds of scammers in the past to help them avoid having issues with these same scammers in the future:

  • Scammers will generally want to rush the person into making hasty decisions and will pressure you to pay them immediately for their “services”. However, if you have any feelings that the person with whom you are talking is not for sure authentic, authorities encourage you not to give them any information as it encourages them to keep on scamming other people after they are successful with you.
  • Change your passwords immediately once you realize that you have been scammed. Moreover, use different passwords for all online accounts and be sure to require Two-Factor Authorization when it’s an option.
  • Do not have any further communication with anyone who you think is a scammer.
  • Always update your antivirus software and other operating systems to give the scammers less of a chance at getting at your personal information.
  • Cover your webcam at all times when you are not using the device.

Remember, scammers only need to be successful with a fraction of the people with whom they engage in order to be successful at what they do. They will make this a lucrative process which will only continue encouraging them to scam more and more innocent, unassuming people into believing their lies.

In the end, the next scamming issue is the fact that these people claim to have your old passwords and will use that as bait to try to get you to pay them to help “protect your personal information” as they will claim. In these cases, these people don’t have any of your personal information in the first place. They are simply scammers out trying to get money off of you and they will do absolutely nothing for you in return.

For more information on the latest scams that you need to watch out for please feel free to contact us at 4 Corner IT for further assistance.