Protecting Against Cyber Crimes Related to Coronavirus (COVID-19)

We encourage you to share this alert with your employees, family, and friends.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert related to potential cybersecurity scams stemming from the coronavirus (COVID-19) pandemic.

The alert urges the public to maintain vigilance and protect itself from fraudulent criminal activity that uses COVID-19 as a pretense for nefarious activity. The public is warned to be wary of messaging that may contain malicious attachments, links to fraudulent websites, calls to donate to fraudulent charities, and the like. These methods may further coax individuals to reveal sensitive information or to unwittingly provide funding for illegal activity.

Additional sources corroborate a rise in malicious phishing attempts and other scams related to COVID-19. The Check Point security firm announced that over 4,000 COVID-19-related domains have been registered worldwide since January, of which 3% were found to be malicious and 5% suspicious. The World Health Organization (WHO) has put out an alert warning the public of imposters who have been impersonating WHO members in phishing attempts, with new reports arriving daily. The Proofpoint security firm has indicated that over 200,000 COVID-19-related threats have been noted, with figures increasingly on the rise.

ACA Guidance

Cybercriminals may take advantage of public apprehension and major crisis events. The global COVID-19 pandemic is no exception. Vigilance against social engineering efforts that use COVID-19 as a pretext is highly recommended, both on corporate and individual levels.

ACA Aponix recommends taking precautions, including those recommended by CISA, to protect against COVID-19 cyber scams. Recommended actions include:

• Follow procedures for recognizing phishing attempts and preventing their success, including refraining from clicking on links or attachments, hovering over sender and link domains to verify authenticity, not divulging login credentials, etc.
• Ensure that staff training regarding phishing, vishing and other social engineering efforts is up-do-date and reinforced.
• Only trust verified sources of information regarding COVID-19, such the Center for Disease Control’s (CDC) Coronavirus website.
• Verify the authenticity of any charity related to COVID-19 prior to making any contribution. Use sites such as the BBB Wise Giving Alliance, Charity Navigator, CharityWatch, and GuideStar to verify reliability.

Additional Resources

ACA Resources

ACA is actively monitoring the developments related to COVID-19 and producing resources to help your firm address operational challenges created by this pandemic. Visit our COVID-19 Resources page to access all of the resources we've developed that may help your firm navigate through the restrictions in place to curb the pandemic.

Read More

COVID-19 Resources

For the latest information about COVID-19, visit the following websites:

• World Health Organization (WHO)
• National Health Services (NHS)
• Centers for Disease Control and Prevention (CDC)
• The Government of Hong Kong Special Administrative Region

How We Help

ACA Aponix offers a range of solutions that can help your company reduce its cyber risk and maintain operational resilience during the COVID-19 pandemic. These include:

• Phishing testing and cyber awareness
• Penetration testing and vulnerability assessments
• Threat intelligence
• Cyber incident response planning
• Business continuity planning
• Vendor and third-party risk management
• Cybersecurity and technology risk assessments

Contact Us

If you have any questions, please contact your ACA Aponix consultant or email us at info@acaaponix.com.