Increased Security Risks of COVID-19
As the COVID-19 epidemic continues to unfold, many companies have transitioned to work from home or remote environments where possible. An unfortunate side effect some businesses are seeing is a rise in potential security threats and attacks, as cyber actors seek new ways to exploit the increase of virtual environments.
According to a recent Public Service Announcement from the FBI, “Computer systems and virtual environments provide essential communication services for telework and education, in addition to conducting regular business. Cyber actors exploit vulnerabilities in these systems to steal sensitive information, target individuals and businesses performing financial transactions, and engage in extortion.”
The PSA also states that as of late-March, 2020, the FBI’s IC3, or Internet Crime Complaint Center, has already received over 1,200 complaints due to COVID-19 scams. These include threats and attacks against some of our most critically important institutions right now, including phishing campaigns against first responders, ransomware attacks at medical facilities, and more.
Based on these recent trends, the FBI suggests these same groups will likely “target businesses and individuals working from home via telework software vulnerabilities, education technology platforms, and new Business Email Compromise schemes.”
Business Email Compromise
One area we wanted to emphasize and focus on specifically is Business Email Compromise or BEC. Keystone has already received reports from a few of our customers that they were targeted by email phishing scams in the past few weeks. Nothing concerns us more than the health, safety, and security of our customers.
The FBI PSA states, “BEC is a scam that targets both individuals and businesses who have the ability to send wire transfers, checks, and automated clearing house (ACH) transfers. In a typical BEC scheme, the victim receives an email purported to be from a company the victim normally conducts business with; however, the email requests money be sent to a new account, or for standard payment practices be altered. For example, during this pandemic, BEC fraudsters have impersonated vendors and asked for payment outside the normal course of business due to COVID-19.”
The FBI advises the public to be on the lookout for the following:
- The use of urgency and last-minute changes in wire instructions or recipient account information;
- Last-minute changes in established communication platforms or email account addresses;
- Communications only in email and refusal to communicate via telephone;
- Requests for advanced payment of services when not previously required; and
- Requests from employees to change direct deposit information.
How Businesses Can Protect Themselves
Do:
- Check for last-minute changes in wiring instructions or recipient account information.
- Verify vendor information via the recipient’s contact information on file—do not contact the vendor through the number provided in the email.
- Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it is coming from.
- If you discover you are the victim of a fraudulent incident, immediately contact your financial institution to request a recall of funds, and contact your employer to report irregularities with payroll deposits. As soon as possible, file a complaint with the FBI’s Internet Crime Complaint Center at www.ic3.gov or, for BEC and/or email account compromise (EAC) victims, BEC.IC3.gov.
Don’t:
- Open attachments or click links within emails received from senders you do not recognize.
- Provide usernames, passwords, birth dates, social security numbers, financial data, or other personal information in response to an email or phone call.
- Use public or non-secure Wi-Fi access points to access sensitive information.
- Use the same password for multiple accounts.
For more information, contact Keystone!
Keystone. Your NetSuite solution provider and integration partner.
Call – 866-546-7227 | Email – info@kbscloud.net
