Cyber Risk Control News
COVID-19: Cyber Scams
COVID-19, coronavirus and related words/topics are being used by cybercriminals as a theme for phishing
attempts. Also, the emails will be branded and formatted in such a way to resemble trusted organizations, such
as the World Health Organization (WHO) or Center for Disease Control and Prevention (CDC).
1. Unsolicited Emails: Avoid clicking on links and opening attachments from unsolicited emails.
2. Trusted Sources: Go to the trusted websites yourself; do not click on links.
3. Charity: Verify the authenticity of charities yourself.
4. MEL’s Email Dos & Don’ts: Send these four tips and the MEL infographic (attached) to all individuals with access to your network.
For more information and a list of resource links click here to download the latest Cyber Task Force Bulletin.
Social Engineering Preparedness
The town of Erie, CO received a request from their contractor to transfer funds — in excess of $1,000,000 — to a certain account to pay for a local bridge project. All was legitimate except for the transfer account. A cybercriminal posed as the town’s contractor and sent the request to change transfer accounts, and left with all of the money. Each year there are thousands of cases of “duping” or “impersonation” commonly known as Social Engineering or Business/Vendor Email Compromise.
So, what can you do to protect your town?
First, know how to identify these kinds of fraudulent “change” requests. Second, adopt protocols and procedures to help prevent Social Engineering theft.
Beware of Tax Season Scams
Cyber criminals are certainly aware it’s tax season, and you should be too. Cyber criminals are trying to dupe you into believing you are sending them a legitimate tax document, or they are calling you to convince you they are tax examiners and need your personal information. BE CAUTIOUS!
- Is the emailer’s address really what it looks like?
Right-click to see full email address.
- Is that link really going where it says it’s going?
Right-click to see full web address.
- Is that caller really from the IRS?
Hang up and call the IRS yourself with the phone number you find online.