COVID-19: Scammers are Working Overtime (4 tips to protect yourself ??)
So many companies are dealing with the challenges of a newly-remote workforce. So many knowledge workers are working from home for the first time. So many vulnerable people, like my elderly parents and my school-age children, are stuck at home, bored and clicking links about the coronavirus outbreak, quarantines, treatments, and the latest memes...
For hackers and scammers, it's a target-rich environment.
By the end of 2019, I thought I had finally been successful in teaching my dad how to avoid clickbait links in articles. I had convinced him not to open suspicious emails and never, ever forward spam to his contact list. Same with my kids. I educated them and implemented controls on our home network to enforce good security practices. There were many long sessions together along the way; resetting passwords, removing malware, and figuring out where it all went pear-shaped so we could avoid making the same mistakes again. Recent events are putting that training to the test.
Over the past few weeks, I've seen a flood of coronavirus-related spam and phishing attempts via email and text message. With many more of us working from home, kids schooling from home, and many elderly self-isolating at home, the lines between company/work/school/home technology have been blurred. It's not just your home network anymore, it's a convergence point of high-value data. Luckily, there are some common safeguards we can implement across the board to keep our loved ones, employers, and ourselves safer.
Assess your current situation as honestly and quickly as you can. Is your technology outdated or poorly maintained? Is your antivirus up to date? What can you do in the short term to lock down your perimeter, identify gaps, and mitigate the biggest risks as quickly as possible? Check and update all devices that connect to your network - firmware, operating system, anti-virus, firewall rules. Remember that thermostats, refrigerators, webcams and other IoT devices may have been granted access to your WiFi as well. It only takes a single click from a child to infect the same computer that you're using to send emails and pay bills. Updates can be tedious and difficult but are far less painful than a ransomware attack.
Stay informed about the most current scams and ask questions. Many scams depend on fear and urgency to rush you into acting without thinking. If someone from your health care provider calls, make sure they're really who they say they are. Call your bank on a known good number if you're not sure "David" really works for them. Before verifying personal details, double-check everything that could expose your private information or separate you from your money. For example, my dad received an urgent call from someone who identified himself as his grandson. The young man said he had been arrested for a DUI in another state and needed money urgently for an attorney. Mom suspected it was a scam and called me before Dad could send any funds. They stopped just short of being conned out of thousands of dollars. Others haven't been so fortunate.
Scammers are looking for information that they don't already have. Get your news from reputable sources and avoid clickbait links (I'm looking at you, social media) so you're not inadvertently installing malware. Whitelist a small number of sites rather than blacklisting the ever-changing universe of bad ones. Pay attention to who is sending an email - does the email address match what you're expecting or is it a phishing expedition from some unexpected domain? If someone calls claiming they're from your corporate help desk, call back rather than confirming your identity and giving up your login name and employee number.
Get outside help sooner rather than later. Whether you're a corporate giant or just a father dealing with his kids and parents, don't be afraid to ask for help. Ask trusted security-minded friends. Enlist the help of an outside company to take an honest look at your corporate VPN/remote access/support environment. Get an assessment, prioritize the work, and fill the gaps.
To wrap up, here's a Youtuber who scams the scammers. His videos are fun to watch and they expose many of the techniques used to steal from the unsuspecting. Kudos to him.
I have to go...Dad's calling...