Cybercriminals are trying to exploit the COVID-19 pandemic. Threats against the health care sector as well as individuals have spiked as Americans find themselves out of their routines, working from home. With fear running in the streets and people off kilter, now is the perfect time for identity thieves to strike. And they know it.
Company Alarm advisor Ralph Gagliardi is a Colorado-based criminal investigator who leads one of the nation’s only law enforcement units dedicated to business identity theft. We spoke to him about what he’s seeing as a result of this unprecedented quarantine and how business people can protect themselves.
Q: How is COVID-19 impacting cybercrime in the United States in general and business identity theft in particular?
A: As with any opportunity, fraudsters and cybercriminals will start – and have already started – taking advantage of the global COVID-19 pandemic. Different in this crisis is the “work from home” aspect that many businesses have had to turn to. This has opened many opportunities for cybercriminals. Vulnerable inroads that may threaten you and your business can include:
VPN Exploitation Cybercriminals may use VPN filter malware to target your business due to the use of home routers. This opens the door to the potential for many fraudulent opportunities.
Home Router. Ensure that it has the most current software updates, otherwise known as firmware. Make sure you have changed the factory password to a strong one.
Video Conferencing. Beware! Initial reports are circulating that fraudsters have been exploiting the vulnerabilities in some video conferencing platforms to eavesdrop on private business conversations or otherwise covertly monitor traffic.
Remote Workforce. Businesses and their workers, while working remotely, are away from the normal protections, procedures and routines offered from being in the workplace. When you’re at the office, you can easily get up from your desk and check in with your colleagues. But you can’t do that now. Even something as simple as that provides a potential opportunity for fraudsters. The problem is just compounded with employees operating without their usual network and enterprise protections.
Keep in mind, scams can and do come from different angles with workers receiving and responding to numerous e-mails and texts. Those seemingly innocuous communications provide ample opportunities to cybercriminals looking to impersonate your business or your clients. Be on the lookout for:
- Spoofed or counterfeit invoices or attempts by scammers to convince you to redirect where you’re sending payments.
- Emails with documents or links (texts, too) that install malware on your computer or devices or redirect you to fraudulent websites that downloads malware or steal passwords and credentials from targeted employees, such as finance officers or office managers.
- Efforts to monitor your virtual traffic to pick up on credit card numbers or other key pieces of information.
You should always use caution when giving out personal identifying information, account information or bank details. But now you should be especially careful.
Q: The news media has reported that with more people working from home because of the quarantine cybercrime is on the rise. What have you seen?
A: Right now, law enforcement is seeing fraudsters file fraudulent invoices with businesses as well as scammers trying to impersonate businesses in order to change their bank account information and steal their money.
Cybercriminals are also creating fake sites that purport to offer information about the COVID-19 crisis. But when you go to them, the sites secretly download malware onto your computer. This malware gives cybercriminals potential access to your passwords.
If you’re looking for information on the pandemic, stick to known government websites: The CDC, your local health districts etc.
Q: How can business people working from home protect themselves from cybercrime and the different forms of identity theft?
A: Utilize best practices. Update virus and malware protections. Be cautious clicking on any document or link. Never change bank account information without confirming via a phone call or using other verification methods your business has established. Utilize multi-factor authentication whenever you can. Use different and strong passwords for all your accounts – and change them often. Consider using a password manager program.
Q: As COVID-19 spreads into incarcerated populations, we are seeing authorities across the country release non-violent criminals to reduce the crowding in jails and prisons. Non-violent criminals obviously include white-collar criminals – that is, cybercriminals and identity thieves. What impact have these early releases had or can we expect them to have?
A: Some convicted criminals relapse once they’re out of prison. White-collar criminals are no different – and there is so much opportunity now. Businesspeople are out of their routines. They’re feeling scared. That makes them and their businesses vulnerable, which makes them good, appealing targets. Furthermore, the federal government just approved trillions of dollars in stimulus money. Fraudsters will want a piece of that, too. Among other things, fraudsters will try to hijack businesses or impersonate them in order to secure illicit loans.
Q: What can businesses do during this uncertain time to protect themselves from identity theft?
A: One of the most important things is to ensure your business is utilizing the best and most current practices. Ensure that you have policies that are clear and concise and that you are regularly training your employees on them. Don’t just e-mail a list of policies out to your employees and hope they are following them. Train them.
Specific things you can do now include:
- Ensuring that all of your software, virus and malware protections or patches are up to date on all of your computers and devices, including your servers.
- Utilizing multi-factor authentication when logging into critical accounts.
- Enforcing strong business policies for how and when you change bank account information and for how you pay out on invoices, especially when there is a change.
Subscribing to Company Alarm to protect you from business identity theft. Also, continue checking out Company Alarm’s website for up-to-date information on cybertheft schemes.
Company Alarm is dedicated to helping business owners protect what they have worked so hard to build. Our monitoring software is designed to prevent cybercriminals from exploiting loopholes to hijack your company and assets. To sign up for this low-cost, value-added protection, click here.