There has been an abundance of information floating around the news about financial assistance for businesses during the pandemic. It should come as no surprise that cybercriminals see those stories as well. If you receive an email or call offering money from a government agency, and you didn't already file for assistance, don't believe the hype. Be especially careful for those asking you to make an up-front payment or to hand over personal information like banking information, social security numbers or tax ID numbers.
With all of the chaos in business during COVID-19, many businesses are trying to get orders expedited, trying to cancel or delay payments or even get refunds for services. All of these special requests are the perfect storm for the cybercriminal. They can easily spoof a CEO or other executive level staff member's email address and phone number, opening the door for fake money wire transfer requests, fraudulent transfer fund orders and other shady tactics. Any emergency requests that in the past may have been a one-off are now becoming the new normal. In the not so distant past, you might walk down the hall to check out one of these requests directly, but with remote work, that just isn't possible. Make sure your staff is aware of these types of threats and set up a system so that employees with questions can get confirmation quickly. You may also want to set up an in-house repository with your IT staff or Managed IT Services provider to keep track of these requests.
The FTC has issued a warning after catching a company allegedly using the government's PPP program to scam businesses. A company called Ponte Investments is accused of trying to scam thousands of business owners into applying for the wrong program. Ponte Investments says they are affiliated with the Small Business Administration and misled hundreds of small business owners by posing as an approved lender of PPP funds. Ponte operates a business called "SBA Loan Program", and has tricked many businesses to provide their sensitive banking and financial information in loan applications.
There appears to be some text scams as well of bad actors impersonating government agencies and offering false relief. The FCC recently learned of a text message scam claiming to be from the FCC Financial Care Center and offering $30,000 in aid for COVID-19. The FCC says it is not providing relief funds to anyone, and the text is a phishing attempt to get banking or other personal information from victims.
The FTC has warned that cybercriminals have been sending messages claiming to be from the World Health Organization (WHO) and the Centers for Disease Control and Prevention (CDC) asking for Social Security Numbers or business tax ID numbers. Some of these emails have a link or direct download of a document. The goal of these scams is to steal confidential information or install malware on your business network.
Some cybercriminals are using the telephone to try to scam businesses. In a recording provided by the FTC, someone impersonating Google wants to make sure your listing is being seen by potential customers. Scams like this aren't new, and Google doesn't call businesses regarding their current listings with a recording. This scam is likely a bad guy waiting for you to press 1 so they can sell you something bogus.
While we see heroes every day doing amazing things to protect the population from or assist those suffering with Coronavirus, remember, there are still people who will use situations like COVID-19 to take advantage of people who are in crisis. Be smart about what you click on in your email, and take any unsolicited offer for financial relief during this pandemic as a potential cyberattack. Protect your business and your data.
Fraser has an outstanding cybersecurity awareness program to train employees on how to spot phishing, malware and social engineering attacks. Get your staff prepared for the glut of attacks that will no doubt be showing up soon in an inbox near you.