Recent reports show a spike in malicious cyber activity while many Americans have been told to stay at home during the COVID-19 pandemic.
A study by Baracuda Networks shows coronavirus-related phishing attacks have spiked 667% since March 1.
"People are distracted right now. They're working from home, trying to school their kids. And when you're distracted, the bad guys are out there to try to take advantage of that," said John Ansbach, a Dallas-based information and cybersecurity expert.
Ansbach works for New York-based Aon Cyber Solution, a global cybersecurity firm that does data breach response and data security consulting for large employers.
He says the pandemic has left many Americans in a position to be duped.
People are expecting communications about the coronavirus pandemic or about opportunities to support their families. That means people are more likely to accept calls and click on links that they would otherwise be suspicious of.
So what's at risk? Your personal identity and your corporate network.
Working from home
The trouble began when so many Americans suddenly switched from working in a secure office environment to working from home.
Ansbach says about 20% of any given industry was working from home before the pandemic. Today, he says it's upwards of 90%.
"And these migrations happened very quickly," he said.
He said most companies don't have an extra 500 or 1,000 laptops for people to take home, so people are turning their personal devices into work computers.
"While those devices can accomplish work tasks, they are much more lax in terms of security and are often over unsecure personal WiFi and through unsecure home routers," Ansbach said.
Unemployed? Be careful
With the unemployment rate increasing, cyber attackers are targeting the newly unemployed who are searching for jobs online.
"Beware of anyone who says you have to give them personal information or money before you can qualify for a job," said Ansbach.
He recommends job hunters use reputable sites such as Upwork or Freelancer.
Beware of clickbait
Thousands of COVID-19 scam and malware sites are popping up selling everything from fake protective gear to fake COVID-19 tests.
The Better Business Bureau of North Central Texas tells WFAA they have seen an increase in the number of people contacting the BBB for help after having fallen victim to a COVID-19 phishing scheme.
It often starts with an e-mail containing a link and the words "coronavirus" or "COVID-19," said Phylissia Clark with the BBB of North Central Texas.
Meanwhile, the World Health Organization (WHO) has seen an increase in criminals pretending to be WHO.
"Hackers and cyber scammers are taking advantage of the coronavirus disease (COVID-19) pandemic by sending fraudulent email and WhatsApp messages that attempt to trick you into clicking on malicious links or opening attachments," the organization's website says.
The World Health Organization will never; ask for your username or password to access safety information, email attachments you did not request, ask you to visit a link outside of who.int or offer funding through email.
Similar to what WHO and the BBB is seeing, Ansbach's team has also detected a surge in malicious COVID-19 websites that were created during the last week of January.
"That means bad guys are going out, setting up their own websites. They're all COVID-19 themed. Then, [the scammers] will use phishing emails or other tactics to steer people to these websites where they trick them into giving away their user names and passwords. Unfortunately, we are seeing a lot of that right now," Ansbach said.
Don't fall for it.
He recommends being careful before clicking links related to COVID-19.
"Find a way to independently verify whether or not something is sent to you from a proper source. That may require picking up the phone to call a co-worker and verify a suspicious-looking e-mail actually came from them," he said.
What you can do
"There are ways we can protect ourselves we just have to be really deliberate about it," Ansbach said.
Below is his full list of tips to help protect your personal information and your corporate network while working online during the COVID-19 pandemic.
Listen to IT support
- If they are telling you what VPN to use, what antivirus to use, follow their directions
- And remember they are trying to support a lot of people all at once, so be patient with them – don’t give up and head out to the Internet to find your own tools to access corporate networks
Use cybersecurity best practices
- Use a virtual private network (VPN)
- Avoid free VPN options – they can be malicious or otherwise not private. Use reputable VPNs only such as ExpressVPN
- Secure your home WiFi with an updated strong password you don’t use elsewhere
- Secure your home router by changing the password for your router from the default that came with it when first installed and use WPA 2 or WPA 3 encryption
Be (extra) alert for email scams
- Use multi-factor authentication (MFA) to help you resist threat actors trying to take over your email account
- Scrutinize and independently validate emails that ask for changes related to money or finances, including those telling you about changes to bank account and routing info
- Especially look out for emails allegedly from “IT Support.” Threat actors know you’re working from home, and they will try to trick you into uploaded “the latest update” or “the newest antivirus protection.” Don’t fall for it!
- Hover over links to see the URL and don’t click links or attachments unless you trust the sender 100 percent
Be smart about general security
- Use the latest, up to date antivirus protection from a reputable provider (Norton, McAfee, Bitdefender are all options)
- Create regular backups to disconnected hard drives (or cloud) in case you lose your data or fall victim to a ransomware attack
- Lock your computer when you walk away or go to sleep