Cyber criminals are swiftly seizing the opportunity to exploit the coronavirus pandemic. With the rise of IoT (Internet of Things) devices throughout your home including smart TVs, home alarms, door locks, web cams, smart thermometers, kitchen appliances, smart sprinklers, smart lights, smart watches, fitness trackers and digital home assistants such as Alexa, Amazon Echo or Google Home, cyber attacks can put your network and devices throughout your house at risk. If you’re working from home and remotely accessing your company’s network, these attacks can also compromise your employer’s digital infrastructure and security.
E-mail attacks are tailored to prey on the natural concerns that arise from the COVID-19 outbreak as employees work at home and the IRS prepares to distribute CARES Act checks to millions of Americans.
The latest phishing e-mail exploits the fear of infection, reports KnowBe4 security and phishing awareness trainers and reporting platform.
It falsely warns recipients that they have been in contact with a friend, colleague or family member infected with COVID-19. The e-mail says to download a malicious attachment and proceed immediately to the hospital.
“This particular social engineering scheme appears to come from a legitimate hospital, which is why it’s so alarming and could trick even a cautious end user. The victim is instructed to fill out a pre-filled Excel form, which is actually a macro-laden Office document that serves as a Trojan downloader and is currently only detected by a handful of anti-virus applications. This piece of malware has a number of advanced functions that allow it to evade detection by security applications, worm its way deep into an infested system, and serve as a platform for a variety of criminal activities,” reports KnowBe4.
Experts warn individuals to take extra caution before opening e-mails related to COVID-19.
Now the federal government is in process of sending many Americans a check to help alleviate economic hardship brought on by the coronavirus crisis. Scammers are already taking advantage of the opportunity to steal, says the Better Business Bureau (BBB).
The BBB’s Scam Tracker shows government imposters are already calling and e-mailing about the checks and asking for personal and banking information.
Here’s what to watch for:
You get a message or social media post regarding the COVID-19 economic impact check. If you click the link, you will be taken to an official looking website requesting your personal information or banking details, says BBB. The request may come via text message, social media posts and messages and phone calls.
“One variation is a Facebook post telling seniors about a special grant to help pay medical bills. The link leads to a website claiming to be a government agency called the “U.S. Emergency Grants Federation” (phony, of course). The site requests your Social Security number under the guise of needing to verify your eligibility. In other versions, scammers claim that you can get additional money – up to $150K in one case – or even receive your funds immediately. All you need to do is share personal details and pay a small processing fee,” explains BBB.
Don’t click on those links or provide any information. These sites can download malware and use your information for identity theft.
Remember these additional tips to avoid and spot a COVID-19 scam:
• Government agencies do not communicate through social media.
• Never give out your passwords or personal information to anyone who contacts you by phone, text, e-mail or social media.
• Be suspicious of social media messages requesting information. Scammers can easily impersonate. Verify in person before you act.
• Know that the IRS has warned not to respond to “calls, e-mails or other communications claiming to be from the Treasury Department and offering COVID-19 related grants or stimulus payments in exchange for personal financial information, or an advance fee, or charge of any kind, including the purchase of gift cards.”
• If you are contacted in this way, contact the FBI at ic3.gov.
• Scammers and hackers are always on the prowl looking for opportunity to hack your device.
Here’s what you can do to protect yourself:
• Change the device’s factory settings from the default password.
• Make your passwords as long as possible and unique for IoT devices. Never use names, address or birthdays, or easy to guess passwords like ‘admin’ or ‘1234.’
• Change your passwords regularly. Experts say you should change them once a quarter.
• Enable two-step authentication.
• Secure your network. Keep your private information on a separate system from other IoT devices.
• Turn on automatic updates for software, hardware and operating systems.
• Disable features you may not need.
Get more information at:
By Tom Kalinski. Tom is the broker/owner of RE/MAX of Boulder, the local residential real estate company he established in 1977. He was inducted into Boulder County’s Business Hall of Fame in 2016 and has a 40-year background in commercial and residential real estate. For questions, e-mail Tom at [email protected], call 303.441.5620 or visit boulderco.com.