833-847-3280
Schedule a Call

Social Engineering, Fraud, and Hacking During COVID-19

Fraud

Instances of social engineering, fraud, and hacking are rising during the COVID-19 pandemic.

Stimulus Check Fraud

One such fraud case is related to the stimulus checks that are being sent out to citizens of the United States.  The individuals may receive paper checks in the mail. The monies may be put in as a direct deposit if the IRS has updated information.

The IRS created two sites for people who have not provided information on their 2019 taxes.  One is for people to submit direct deposit details.  The other is for people who are considered non-filers, meaning their income is below the threshold required for filing tax returns.

Like many government or banking websites, to verify one’s identity, people must use certain data such as date of birth and Social Security numbers as identifiers.

Consequently, that means everyone must be on the lookout for fraudulent sites that are posing as an IRS website.  Additionally, there will likely be emails, letters, phone calls, and text messages asking you to provide sensitive information or routing you to a fraudulent website.

While people are unemployed or underemployed during the pandemic they become a high target for hackers, as they are desperate and more likely to  click and share data blindly.  As the old saying goes “If it sounds too good to be true, it usually is.”

Hacking remote workers’ devices

As many companies have moved offsite and employees are working from home, that has introduced new vulnerabilities.  IT teams have a hard-enough time protecting a company’s network, now they are struggling with an employees’ personal network.  Some employees are not that computer savvy and they struggle to ensure they have a secured modem and router.  Most have never updated the firmware on such devices to ensure minimum security measures are taken.

Additionally, VPN connections often introduce weaknesses.  Since most VPNs are in a continual usage mode, there is little time to update VPNs, especially when IT teams have been working around the clock to ensure employees can continue working.

Social Engineering remote workers

If hacking devices wasn’t bad enough, hacking an employee occurs more often.  This is where the social engineering and phishing comes into play.  Attackers send emails with either malicious attachments, or links asking employees to sign in to gather pertinent information, such as an invoice.  The malicious attachments often have ransomware that lock up a device’s hard drive.  This tactic has been queuing in on hospitals recently.

Another tactic is to send out an email asking employees to provide sensitive information.  The hacker will send out a bogus login page for office 365, as an example.  Once the victim attempts to log in, the attackers can harvest their credentials.  The credentials will be used later when the attacker feels it will be more profitable.

The best thing we can all do is be vigilant and look for ways that an attacker might gain access.  Whether that be through devices or an employee giving them the keys to the kingdom unexpectedly.  As it’s often said with the pandemic, “we’re in this together” takes on a new meaning in the cyber world.

Latest Posts

A transparent image used for creating empty spaces in columns
As cyber threats grow more complex and persistent, regulatory frameworks like PCI DSS 4.0 have evolved to demand more rigorous and transparent security practices. One of the key updates in PCI DSS 4.0 is the enhanced requirement for penetration testing reports, pushing organizations to go…
A transparent image used for creating empty spaces in columns
A penetration test, also known as a pen test, is a crucial cybersecurity measure that enables organizations to identify vulnerabilities in their networks, applications, and security controls. However, the real value of a penetration test lies in how well an organization can interpret the findings…
A transparent image used for creating empty spaces in columns
The release of PCI DSS 4.0 introduces significant enhancements to the security landscape, particularly in the area of security controls and penetration testing. While penetration testing has always been a critical component in identifying vulnerabilities within a network or system, the updated PCI DSS standards…
A transparent image used for creating empty spaces in columns
Social engineering attacks remain one of the most effective ways cybercriminals gain access to sensitive information, systems, and financial assets. Phishing, pretexting, baiting, and other manipulative tactics exploit human psychology, making it difficult to defend against using technical measures alone. Organizations often use social engineering…
A transparent image used for creating empty spaces in columns
 With the release of PCI DSS 4.0, penetration testing requirements have evolved to enforce a layered approach to security. This update ensures that organizations assess vulnerabilities at both the network and application layers, creating a more comprehensive security posture to protect payment card data.…
A transparent image used for creating empty spaces in columns
Web applications are at the core of digital business operations, making them a prime target for cybercriminals. A successful attack on a vulnerable web application can lead to data breaches, financial losses, reputational damage, and compliance violations. To safeguard against these risks, organizations must conduct…
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
On Load
Where? .serviceMM
What? Mega Menu: Services