Covid-19 and Changes to the Cybersecurity Landscape
Covid-19 has changed the cybersecurity threat landscape. Often, the cybersecurity community looks to reduce the attack surface and provide less opportunity for bad actors. But Covid-19 has opened a very wide door and Advance Persistent Threats are on the rise, targeting businesses and individuals.
Personally, I have had calls from individuals who are working at home, from companies that have my personal identifying information. I have no idea what type of security controls they are using and how they are protecting my information. Thus, individuals have become a very real target.
What is happening and simple steps to protect yourself.
First, beware of scams and terms that lure you with the title; Covid-19. Identity thieves are taking advantage of the fear that has been created with the Coronavirus pandemic. Individuals, who are looking for financial information, medical advice, and basic protection and treatment of Covid-19, are going to malicious websites. The fake websites are collecting personal information stating that updates will be provided to you, if you provide personal information. They have also set up donation sites for victims of Covid-19. Be very aware, before donating money. If you would like to donate money, check the traditional sites such as Red Cross, and Samaritan Purse, as examples of a couple of good organizations which individuals can donate money.
Additionally, fraudulent e-commerce vendors are promoting sale of personal protection equipment, such as face masks, hand sanitizer and even test kits. I would avoid nontraditional websites and look online at Walmart, Amazon, Home Depot, as examples of companies that will be able to provide certain protections for the consumer. And presently, there is only one authorized Covid-19 at home test kit, and you cannot buy it online. The home test kit for Covid-19 is from Pixel by LabCorp, is only provided to healthcare workers and first responders. If you have tried to buy a home kit and provided your medical information, call your insurance company and look for email alerts with explanation of benefits, EOB.
Second, beware of Phishing and Vishing, voice calls looking for information. Individuals and businesses, wanting more information on Covid-19, are more susceptible to fake coronavirus emails, texts and voicemails, such as alerts. Do not click on any links provided in emails or texts. And if someone calls wanting information, just hang up. Be aware, like I stated above, I had calls from my insurance company that appeared at first to be potential spam. I did not provide them information, but had them provide me with the information, on the reason for the call. Companies have their employees working from home, and are masking the individual’s phone number. So not all calls are spam, but remember, there is no reason to ever provide your full social security number. There are other ways in which to identify you, such as your zip code. These times are unprecedented, and policies are changing, being less restrictive on identification as an example.
Third, employees have also been a target, when they are looking for updates, on work conditions. Legitimate looking websites have been spun up, collecting personal information of the employee and even capturing sensitive business data and customer information. Businesses will provide the means on how employees will connect. Again, be aware of how you interact with your personal and business devices.
Fourth, spoofed government communications has also provided another threat vector, personally connecting with a lot of people who want information. While many of us do not go to local news sites, in this instance, I would recommend this avenue. The reader will be able to get the latest information, on what is happening in their community, and what efforts are underway for legitimate help.
Fifth, job sites and applying for unemployment has provided another opportunity, for bad actors to collect all of your personal identifying information, even what you were earning. Fraudulent websites appear legitimate, so again, be aware and know your social security number will never be needed, when applying for a job. And applying for unemployment should only be done at the state department of labor site.
As we emerge from the Coronavirus shutdown, the world will be a different place for us, personally and digitally. We need to stay safely Connected at home as well.