Spike in Coronavirus Related Cyber Threats and Economic Stimulus Check IRS Scams

As of March 30, 2020, the FBI’s Internet Crime Complaint Center has received and reviewed more than 1,200 complaints related to COVID-19 scams. The FBI has issued a warning of ongoing phishing campaigns delivering spam that uses fake government economic stimulus checks as bait to steal personal information from potential victims.

Telework Vulnerabilities

The FBI advises you to carefully consider the applications you or your organization uses for telework applications, including video conferencing software and voice over Internet Protocol (VOIP) conference call systems. Telework software comprises a variety of tools that enable users to remotely access organizational applications, resources, and shared files. The COVID-19 pandemic has led to a spike in businesses teleworking to communicate and share information over the internet. With this knowledge, malicious cyber actors are looking for ways to exploit telework software vulnerabilities in order to obtain sensitive information, eavesdrop on conference calls or virtual meetings, or conduct other malicious activities. While telework software provides individuals, businesses, and academic institutions with a mechanism to work remotely, users should consider the risks associated with them and apply cyber best practices to protect critical information, safeguard user privacy, and prevent eavesdropping. Cyber actors may use any of the below means to exploit telework applications.

Software from Untrusted Sources

• Malicious cyber actors may use legitimate-looking telework software—which may be offered for free or at a reduced price—to gain access to sensitive data or eavesdrop on conversations.
• Cyber actors may also use phishing links or malicious mobile applications that appear to come from legitimate telework software vendors.

Communication Tools

• Malicious cyber actors may target communication tools (VOIP phones, video conferencing equipment, and cloud-based communications systems) to overload services and take them offline, or eavesdrop on conference calls.
• Cyber actors have also used video-teleconferencing (VTC) hijacking to disrupt conferences by inserting pornographic images, hate images, or threatening language.

Remote Desktop Access

• Some telework software allows for remote desktop sharing, which is beneficial for collaboration and presentations; however, malicious cyber actors historically have compromised remote desktop applications and can use compromised systems to move into other shared applications.

Supply Chain

• As organizations seek to obtain equipment, such as laptops, to enable teleworking, some have turned to laptop rentals from foreign sources. Previously used, improperly sanitized equipment potentially carries preinstalled malware.

Business Email Compromise (BEC)

BEC is a scam that targets both individuals and businesses who have the ability to send wire transfers, checks, and automated clearing house (ACH) transfers. In a typical BEC scheme, the victim receives an email purported to be from a company the victim normally conducts business with; however, the email requests money be sent to a new account, or for standard payment practices be altered. For example, during this pandemic, BEC fraudsters have impersonated vendors and asked for payment outside the normal course of business due to COVID-19. The FBI advises the public to be on the lookout for the following:

• The use of urgency and last-minute changes in wire instructions or recipient account information;
• Last-minute changes in established communication platforms or email account addresses;
• Communications only in email and refusal to communicate via telephone;
• Requests for advanced payment of services when not previously required; and
• Requests from employees to change direct deposit information.

Examples of Phishing Tactics:

• Contains links – even from friends, family, coworkers or clients
• Contains a download (i.e. – picture, file, document)
• A response to a question you never asked
• Info or password needs to be verified via a link provided
• A sense of urgency or warning if you fail to act
• Far-fetched schemes or scenarios

TIPS TO PROTECT YOU AND YOUR ORGANIZATION

Teleworking Tips:

Do:

• Select trusted and reputable telework software vendors; conduct additional due diligence when selecting foreign-sourced vendors.
• Restrict access to remote meetings, conference calls, or virtual classrooms, including the use of passwords if possible.
• Beware of social engineering tactics aimed at revealing sensitive information. Make use of tools that block suspected phishing emails or allow users to report and quarantine them.
• Beware of advertisements or emails purporting to be from telework software vendors.
• Always verify the web address of legitimate websites or manually type it into the browser.

Don’t:

• Share links to remote meetings, conference calls, or virtual classrooms on open websites or open social media profiles.
• Open attachments or click links within emails from senders you do not recognize.
• Enable remote desktop access functions like Remote Desktop Protocol (RDP) or Virtual Network Computing (VNC) unless absolutely needed.

BEC Tips:

Do:

• Check for last-minute changes in wiring instructions or recipient account information.
• Verify vendor information via the recipient’s contact information on file—do not contact the vendor through the number provided in the email.
• Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it is coming from.
• If you discover you are the victim of a fraudulent incident, immediately contact your financial institution to request a recall of funds, and contact your employer to report irregularities with payroll deposits. As soon as possible, file a complaint with the FBI’s Internet Crime Complaint Center at www.ic3.gov or, for BEC and/or email account compromise (EAC) victims, BEC.IC3.gov.

Don’t:

• Open attachments or click links within emails received from senders you do not recognize.
• Provide usernames, passwords, birth dates, social security numbers, financial data, or other personal information in response to an email or phone call.

Cyber Crime Vulnerability Tips:

The following tips can help protect individuals and businesses from being victimized by cyber actors:

Do:

• Verify the web address of legitimate websites and manually type them into your browser.
• Change passwords for routers and smart devices from default setting to unique passwords.
• Check for misspelled domain names within a link (for example, confirm that addresses for government websites end in .gov).
• Report suspicious activity on work computers to your employer.
• Use multi-factor authentication (MFA) when accessing organizational sites, resources, and files.
• Practice good cyber security when accessing Wi-Fi networks, including use of strong passwords and Wi-Fi Protected Access (WPA) or WPA2 protocols.
• Ensure desktops, laptops, and mobile devices have anti-virus software installed and routine security updates are applied; this includes regularly updating web browsers, browser plugins, and document readers.

Don’t:

• Use public or non-secure Wi-Fi access points to access sensitive information.
• Use the same password for multiple accounts.

Steps Your Employees Should Take at Home:

• Use a Wired Connection – A wired connection provides constant and faster speed and is more secure than a wireless connection.
• Review your Equipment – Call your Internet Service Provider and have them review and do a refresh of your systems to ensure the strongest, most secure connection.
• Run Updates – If you are running on a PC, run windows updates, patch and reboot – until there are no updates available.
• Subscribe to an Antivirus – Most ISP providers offer free antivirus programs.
• Use Two-Factor Authentication (2FA) – 2FA adds another layer of security by requiring two levels of identification prior to accessing your data.
• Remain Vigilant – Home resources are oftentimes weaker depending on your setup. Unless you know for sure that an email is legit, delete it. It’s not worth the risk.

Also, be aware of Economic Stimulus Check phishing scams. Economic Stimulus Checks as mentioned in our article The CARES Act: Tax and Financial Help for Individuals and Businesses, will be directly deposited into taxpayer bank accounts based on their 2018 or 2019 tax returns. The IRS never calls or emails taxpayers. Be aware of Tax Scams where someone poses as the IRS. Read this article for more information.

We will continue to update you as we get more information on Coronavirus-related legislation and guidance that may impact you. Continue to check back here for the most up to date tax information and changes in response to Coronavirus. If you have more questions contact an MCB Advisor at 703-218-3600 or click here. 

Subscribe to the MCB Blog and get all new MCB blog posts sent directly to your inbox.