Whenever the population faces a crisis, such as the COVID-19 pandemic, malignant actors stand ready to take advantage of the situation by feeding into people’s fear to gain valuable personal identifiable information and banking and credit card data.
According to a recent FBI public service announcement, Google reported an average of more than 18 million COVID-19 scams and malware-related phishing attempts during the month of April. These were in addition to more than 240 million daily spam messages related to the coronavirus and economic stimulus checks.
Since the Connecticut National Guard was called upon by Governor Ned Lamont to assist with the state’s response to the novel-coronavirus outbreak, Soldiers and Airmen from various military occupations have stepped forward to help their community, including the state’s Defense Cyber Operations Element team.
Although the team has not been called upon to assist with any direct cyber-attack related to COVID-19, they continue to monitor and share trends they are seeing with other local, state, and federal agencies and disseminate appropriate information to help keep service members,
their families, and the community safe from these digital attacks.
“The Defense Cyber Operations Element team, which is part of the Connecticut Army National Guard’s [directorate of information management], trains for this,” said Maj. Ryan Miller, Connecticut National Guard Defense Cyber Operations Element team leader. “We would respond to any incident that the governor deemed appropriate and exceeded the state’s ability to respond organically.”
According to Miller, the biggest threat facing both service members and the public is phishing: a fraudulent attempt to gather information such as bank account numbers or passwords from people via emails masquerading as a reputable company or person.
“There’s reported social engineering attempts … personnel masquerading as either law enforcement or someone wearing [personal protective equipment] masquerading as medical support staff, perhaps in the community at large, offering some service related to COVID-19 but with
nefarious intent,” said Miller. “Perhaps they’re selling bogus test kits or otherwise seeking donations for a public program that doesn’t really exist.”
As a government organization, the Connecticut National Guard is in a daily battle with these digital deviants who scan and probe its system. Part of the DCOE’s mission is to analyze these attacks to look for trends and high-risk threats.
Miller said that there hasn’t been a noticeable uptick in overall cyber-attacks but the criminal’s branding has changed to take advantage of COVID-19. The best practice to avoid falling victim to one of these attacks it to apply some common sense and ask yourself if the request makes sense.
According to the FBI’s 2019 Internet Crime Report, people in the United States lost more than $57 million dollars to phishing scams. The reason these crimes are so effective is because the emails or text messages the criminals send look like they come from a trusted source, such as your bank, credit card company, app store, etc. and make a claim that they’ve noticed some suspicious activity on your account, that they require some personal information, or attach a fake invoice just to name a few. These messages will often contain links with the call-to-action which will bring you to a legitimate looking website and prompt you to enter the information the criminals are trying to steal.
“Instead of clicking any link or using any phone number contained within an email, exercise some prudence and judgement,” said Miller. “Look up the purported name of the agency or entity using your search engine and make a phone call or send an email based off the contact information on their official webpage [to verify the legitimacy of the email].”
As with most things, maintaining the first-line of defense against these attacks is in the hands of the user. Here are some helpful hints to help you identify whether an email is a possible phishing attempt:
1. Legitimate companies will never ask for your sensitive information via email or text. If you receive an unsolicited email or text message asking you to provide sensitive information such as bank account numbers, your social security number, or password, it’s most likely a scam.
2. They will use your real name Phishing attempts are generally blasted out in mass-quantity and will use a generic salutation such as “dear valued customer”. Any business you regularly do business with will use your name and typically ask you to call them regarding your information.
3. Real companies will have domain emails Many scammers will do their research before sending an email and create an email account in the name of someone who is a legitimate employee of the company they’re posing as. So don’t simply look at the name of the person who is sending the email, look at their address, too. If the domain section of the address (the part after the @) doesn’t match the company, it could be a scam.
4. Watch out for misspelled words Look out for poor grammar, strange sentences, and misspelled words. Emails from legitimate companies will be well written.
5.Be wary of unsolicited attachments. Most legitimate companies don’t end you unsolicited attachments. Instead, they’ll direct you to download files from their website, which is typically secured.
6. Double check URLS before clicking. If an email or text message is asking you to go to the company’s website, hover your mouse over
the link to check the URL before clicking. Even if an email looks legitimate, the link they may be sending you to could be fake and contain a virus.
In addition, it is important to make sure you keep your computer and phone software and anti-virus software upto-date to ensure you are closing security gaps before they can be exploited. Whenever possible, enable multi-factor authentication to add yet another layer of protection.
If you believe you’ve been a victim of a phishing or COVID-19 scam, service members should inform their chain of command and visit identitytheft.gov to learn more information about steps you can take if your social security, credit card, or banking account is compromised.
|Date Posted:||07.07.2020 14:57|
|Location:||HARTFORD, CT, US|
This work, CTNG Cyber Team stands ready to assist with COVID-19 response, by Timothy Koster, identified by DVIDS, must comply with the restrictions shown on https://www.dvidshub.net/about/copyright.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.