Cybercriminals Target Companies with Coronavirus Scams
Why this Matters
Crimes committed by cybercriminals most often rely on the exploitation of human behavior. Cybercriminals know how to manipulate people to inadvertently unleash an attack.
The result is financial loss caused by the exposure of information or extortion of monies in exchange for the return of computer control or files (known as ransomware).
Fear of the novel coronavirus and people’s need to know are now a key tool cybercriminals use to exploit people to unleash cyberattacks.
Companies and business leaders MUST make their teams aware that emails, websites or even text messages and calls purporting to inform people on the coronavirus are very frequently fake and that all personnel must use extreme caution.
Beware of coronavirus domains
Watch out for coronavirus domains that are 50% more likely to spread malicious activity than other domains. Check Point reports that as the virus spreads across the globe, people are naturally searching online for the latest information, updates and preventative measures. At the same time, cybercriminals are taking advantage of the situation by offering cures, vaccines, testing kits, and face masks in an attempt to steal your money or payment information.
These criminal internet domains are also used for Phishing.
Phishing, Smishing and Vishing Scams
Hackers are using a wide range of coronavirus-related content for social engineering attacks including phishing (fake email), smishing (text message phishing), and vishing (phone fraud) scams to trick consumers or employees because they appear to be from business partners or public institutions.
It is important to train employees to take precautions before clicking on a link in an email or text message or from sending money for products or donations based on a phone call.
How Cyber Insurance Can Help With Social Engineering
Businesses may want to consider social engineering insurance coverage provided by some carriers in their cyber insurance policies, along with education and risk mitigation services.
Historically, commercial crime policies did not cover social engineering claims because the insured’s authorized employee voluntarily transferred funds, and cyber liability policies did not provide coverage because social engineering losses often occur without unauthorized access into an organization’s network.
If you do not have cyber insurance, you bear the risk of a costly fraud loss that may not be covered under your other insurance policies (e.g., commercial crime policies).
It is important for you to work with a specialized cyber insurance broker to properly craft your cyber insurance policy.