Page Loader Logo
Loading...
833-847-3280
Schedule a Call
Partner With Us

Social Engineering, Fraud, and Hacking During COVID-19

Fraud

Instances of social engineering, fraud, and hacking are rising during the COVID-19 pandemic.

Stimulus Check Fraud

One such fraud case is related to the stimulus checks that are being sent out to citizens of the United States.  The individuals may receive paper checks in the mail. The monies may be put in as a direct deposit if the IRS has updated information.

The IRS created two sites for people who have not provided information on their 2019 taxes.  One is for people to submit direct deposit details.  The other is for people who are considered non-filers, meaning their income is below the threshold required for filing tax returns.

Like many government or banking websites, to verify one’s identity, people must use certain data such as date of birth and Social Security numbers as identifiers.

Consequently, that means everyone must be on the lookout for fraudulent sites that are posing as an IRS website.  Additionally, there will likely be emails, letters, phone calls, and text messages asking you to provide sensitive information or routing you to a fraudulent website.

While people are unemployed or underemployed during the pandemic they become a high target for hackers, as they are desperate and more likely to  click and share data blindly.  As the old saying goes “If it sounds too good to be true, it usually is.”

Hacking remote workers’ devices

As many companies have moved offsite and employees are working from home, that has introduced new vulnerabilities.  IT teams have a hard-enough time protecting a company’s network, now they are struggling with an employees’ personal network.  Some employees are not that computer savvy and they struggle to ensure they have a secured modem and router.  Most have never updated the firmware on such devices to ensure minimum security measures are taken.

Additionally, VPN connections often introduce weaknesses.  Since most VPNs are in a continual usage mode, there is little time to update VPNs, especially when IT teams have been working around the clock to ensure employees can continue working.

Social Engineering remote workers

If hacking devices wasn’t bad enough, hacking an employee occurs more often.  This is where the social engineering and phishing comes into play.  Attackers send emails with either malicious attachments, or links asking employees to sign in to gather pertinent information, such as an invoice.  The malicious attachments often have ransomware that lock up a device’s hard drive.  This tactic has been queuing in on hospitals recently.

Another tactic is to send out an email asking employees to provide sensitive information.  The hacker will send out a bogus login page for office 365, as an example.  Once the victim attempts to log in, the attackers can harvest their credentials.  The credentials will be used later when the attacker feels it will be more profitable.

The best thing we can all do is be vigilant and look for ways that an attacker might gain access.  Whether that be through devices or an employee giving them the keys to the kingdom unexpectedly.  As it’s often said with the pandemic, “we’re in this together” takes on a new meaning in the cyber world.

Latest Posts

A transparent image used for creating empty spaces in columns
Welcome to today’s briefing on a crucial topic in the realm of cybersecurity: internal network penetration testing. Now, I know that the term might sound a bit intimidating but fear not. By the end of this discussion, you’ll have a solid understanding of what it…
A transparent image used for creating empty spaces in columns
 In the world of cybersecurity, there’s a misconception that a clean pen testing report means something was missed or the test wasn’t thorough enough. But here’s the truth: receiving a clean report from your penetration test is not only a positive outcome—it’s a testament…
A transparent image used for creating empty spaces in columns
Hey there, folks! Let’s get one thing straight: when MainNerve talks about penetration testing, we’re diving deep into the world of cybersecurity. But hey, we know what people think when we say “penetration testing.” So, buckle up because we’re about to compare pen testing to…
A transparent image used for creating empty spaces in columns
 In the fast-paced world of managed IT services, we know that time is money. Your clients rely on you to keep their systems secure, and you need partners who can deliver top-notch services without slowing you down. If you’re a Managed Service Provider (MSP)…
A transparent image used for creating empty spaces in columns
The primary purpose of performing a penetration test is to simulate real-world attacks on a computer system, network, or application. This is done by skilled cybersecurity professionals, who are tasked with identifying vulnerabilities and weaknesses that malicious actors could exploit. Their role is crucial in…
A transparent image used for creating empty spaces in columns
 If your business relies on older technology, you’ll want to listen up. We’re highlighting a critical weakness in many organizations’ defenses: legacy systems. What Are Legacy Systems? Legacy systems are outdated technologies that are no longer supported with updates or patches from their creators.…
contact

Our Team

Name(Required)
This field is for validation purposes and should be left unchanged.
quick links to

Our Services

On Load
Where? .serviceMM
What? Mega Menu: Services
201 E Pikes Peak Ave Suite 2025
Colorado Springs, CO 80903