Instances of social engineering, fraud, and hacking are rising during the COVID-19 pandemic.
Stimulus Check Fraud
One such fraud case is related to the stimulus checks that are being sent out to citizens of the United States. The individuals may receive paper checks in the mail. The monies may be put in as a direct deposit if the IRS has updated information.
The IRS created two sites for people who have not provided information on their 2019 taxes. One is for people to submit direct deposit details. The other is for people who are considered non-filers, meaning their income is below the threshold required for filing tax returns.
Like many government or banking websites, to verify one’s identity, people must use certain data such as date of birth and Social Security numbers as identifiers.
Consequently, that means everyone must be on the lookout for fraudulent sites that are posing as an IRS website. Additionally, there will likely be emails, letters, phone calls, and text messages asking you to provide sensitive information or routing you to a fraudulent website.
While people are unemployed or underemployed during the pandemic they become a high target for hackers, as they are desperate and more likely to click and share data blindly. As the old saying goes “If it sounds too good to be true, it usually is.”
Hacking remote workers’ devices
As many companies have moved offsite and employees are working from home, that has introduced new vulnerabilities. IT teams have a hard-enough time protecting a company’s network, now they are struggling with an employees’ personal network. Some employees are not that computer savvy and they struggle to ensure they have a secured modem and router. Most have never updated the firmware on such devices to ensure minimum security measures are taken.
Additionally, VPN connections often introduce weaknesses. Since most VPNs are in a continual usage mode, there is little time to update VPNs, especially when IT teams have been working around the clock to ensure employees can continue working.
Social Engineering remote workers
If hacking devices wasn’t bad enough, hacking an employee occurs more often. This is where the social engineering and phishing comes into play. Attackers send emails with either malicious attachments, or links asking employees to sign in to gather pertinent information, such as an invoice. The malicious attachments often have ransomware that lock up a device’s hard drive. This tactic has been queuing in on hospitals recently.
Another tactic is to send out an email asking employees to provide sensitive information. The hacker will send out a bogus login page for office 365, as an example. Once the victim attempts to log in, the attackers can harvest their credentials. The credentials will be used later when the attacker feels it will be more profitable.
The best thing we can all do is be vigilant and look for ways that an attacker might gain access. Whether that be through devices or an employee giving them the keys to the kingdom unexpectedly. As it’s often said with the pandemic, “we’re in this together” takes on a new meaning in the cyber world.