2020 has presented a slew of challenges for everyone. IT professionals worldwide have stories of their own to share — not only facing the challenge of adopting work-from-home technology and infrastructure, but also that of new attack vectors presented by the COVID-19 pandemic and those who would take advantage of them.
Phishing in particular has seen a tremendous increase as a method of attack, and phishing scams are becoming even more elaborate. In today’s blog, we break down some of the top phishing scams of 2020 and how you can protect your organization from becoming a victim.
COVID-19 Phishing Scams
It was only a few months ago that the CDC warned us about a phishing scam involving criminals who make calls pretending to come from the CDC themselves. In these calls, they would ask for personal information or even donations. Obtaining personal information in this manner is known as social engineering.
Even now, at least one scam is pretending to send emails from the CDC with attached links claiming to be infection prevention measures or information about a COVID-19 vaccine. In reality, these emails contain links to malware that can wreak havoc on networks and open the door for ransomware to enter and hack a device, and then spread throughout your organization’s entire infrastructure. Malware-laden emails have been used to take over health care organizations’ networks and steal private information.
COVID phishing scams are not just happening via email or phone calls. They’re also happening through text messaging. Texts appearing to come from the U.S. Department of Health and Human Services send links to register for “mandatory COVID-19 testing.”
Election Phishing Scams
We are currently experiencing a plethora of election-related scams which are exhibiting a major increase right now for obvious reasons. Criminals are taking advantage of the confusion surrounding voting and election results this year to carry out scams and phishing attacks. As the drama escalates, so too will this attack avenue. Voter registration over the phone is not permitted in the U.S., as this creates opportunities for criminals. If you receive a phone call like this, assume it’s fraudulent. And if you receive a link via email or text that says something along the lines of “click here for election results in your area,” it’s almost certainly a trick.
Stimulus Check Scams
The Better Business Bureau has warned citizens about phishing scams related to stimulus checks. Criminals will contact people asking them to provide additional personal information in order to send out benefit payments. Keep in mind that when it comes to government-based payments or official government communication, these offices will never ask for personal information over the phone or through email, especially if it requires you to immediately pay money in order to receive something from them or avoid a penalty. When it comes to stimulus checks, since this money was sent automatically through the government, citizens especially do not need to provide additional personal information over the phone or through email in order to receive their check.
In today’s climate, you have to be especially vigilant against phishing. Ransomware is the weapon of choice for cybercriminals, and phishing is the knock on the door. The attack occurs once it’s opened. It’s up to you to know not to open it.
2020 has been exhausting for everyone. Contact us and let us take some of the pressure off for you.
Since 1995, Manassas Park, VA-based V2 Systems has employed local systems administrators, network engineers, security consultants, help desk technicians and partnering companies to meet a wide range of clients’ IT needs, from research, to implementation, to maintenance. Concentrate on your VISION…We’ll handle the TECHNOLOGY!