Cyber threat, from Social Security scams to data breaches, has become an everyday concern for all Americans. And in the fallout from COVID-19, digital attacks are at an all-time high.
The Federal Trade Commission (FTC) reports a four-time increase in identity fraud throughout this past April, as compared to January through March of this year. The damages caused by this are huge – according to a Deloitte study, cybercrime damage could total $6 trillion by 2021 – that’s 10% of the world’s economy.
On one hand, hackers are taking advantage of people working from home. A large part of the population is working from home, giving hackers the ability to attack people with vulnerable networks that are not backed by the security and comfort of their employers. These hackers are pretending to be government agencies like the Social Security Administration or IRS, and using fear-mongering techniques like threatening phishing emails and ransomware. In fact, a recent survey by IBM found there was a 6,000% rise in COVID-19-related spam – mostly, hackers impersonating government officials and institutions. While hackers don’t discriminate, and anyone can be a victim, they will often go after “vulnerable” populations, including seniors and those on Social Security.
But hackers also go after companies in an effort to get their users’ security. Today, the biggest sectors hit by cyberattacks are: technology companies, travel agencies, eCommerce, and the media.
We outline five of the biggest attacks and data breaches you should know about so far this year. And we give you the resources you need to protect yourself given today’s uncertainty and heightened cybercrime levels.
#1 Coronavirus phishing scams
As of April 21, 2020, the Internet Crime Complaint Center of the FBI received over 3,600 complaints related to COVID-19 scams. The scams were focused on either advertising vaccines or cures (which, of course, do not exist) or on raising money for fraudulent causes or groups supposedly supporting efforts around COVID-19. For example, a site that pretended to be the American Red Cross was soliciting donations, in an effort to get banking numbers. Across the board, the FBI found that these sites were delivering malware or hosting other types of scams intended to get users to give out their personal, banking or credit card information. This means that after going to such sites–even if you have not given any banking information–you could receive a phishing email from a hacker that says they are a government agency. Opening this kind of communication or clicking the links in such an email can implant malware on your computer or go through your computer looking for passwords or other personal information.
Of course, it’s natural to do online research in looking for information about COVID-19 and what it means for our health and our communities. But to keep yourself protected as you do, ensure you are checking the legitimacy of the source and domain from which you gather information. Sources like the World Health Organization (WHO), the U.S. Center for Disease Control and Prevention (CDC), and government website (sites ending in .gov) will provide reliable information at this time, and they are the best place to start.
#2 Stimulus Check and Social Security Scams
Social Security scams have always been rampant, as it gives fraudsters a way to get some of your most valuable personal information. Today, fraudulent sites are exploiting the confusion around the CARES Act (which is best known for the stimulus checks) to get to your Social Security number of banking information. For example, a number of fraudulent sites have emerged that are designed to look like legitimate places to apply for the stimulus checks – or supposedly ‘receive them faster’. While the first wave of stimulus checks has already gone out, a bill has been introduced in Congress that would give qualifying Americans additional stimulus checks for up to a year. Moreover, while some Americans have indeed received their checks, others might not receive them for a few weeks or even months. Moreover, for Social Security recipients, there may be delays in receiving check, or misunderstanding of how the stimulus check interacts with their regular Social Security benefits. This delay period and confusion gives hackers ample opportunity to target those who are waiting–so the scams around stimulus checks are likely to continue.
Other scams around the recent CARES Act have targeted people with small businesses. Hackers are impersonating lenders or banks and supposedly offering financial help in the form or quick loans or credit card debt.
Remember: never give out your Social Security number or banking information by phone to anyone who you did not call. Moreover, there is no payment that you need to make or personal information you need to share in order to receive your stimulus check. Social Security benefits have not been halted due to coronavirus, and the Social Security Administration has said they are committed to maintaining regular benefits payments throughout the pandemic.
With people quarantined at home, so much of work and social life is now happening over video. While services like FaceTime, Whatsapp and Skype remain popular, one of the most widely used video platforms during coronavirus has been Zoom.
Yet while these video conferencing tools have helped improve communication for families, friends and teams, they have also become a target for hackers around the world. In April, it was reported that over half a million Zoom accounts were compromised on the dark web. Russian hackers are selling those accounts for cheaper than one cent on black market outlets.
Using a tactic called credential stuffing, hackers use stolen credentials to build an automated script in an attempt to test thousands of combinations of usernames and passwords. Translated: these automated bots uncover various loopholes and flaws within a company’s network security.
As many people cannot avoid using video conferencing for work or social life (and you shouldn’t have to stop!), we suggest the following best practices to protect yourself:
- When creating a login, use the highest level of security protocol such as multi-factor authentication (MFA)
- Implement a password on all meetings, especially if it is personal or sensitive in nature
- Ensure fraudulent users are not in your call/meeting by viewing all participants at the start of each call, and monitoring any people entering or leaving the room throughout.
In March, Marriott International revealed that hackers breached an online portal that serviced 5.2 million customers’ data. This information has private identifiable information, such as names, birthdays, and airline loyalty rewards information. In response to the incident, Marriott has built a self-service portal for affected customers and is providing them with a year of a personal monitoring service. Unfortunately, this is not the first time Marriott has had a data breach. In 2018, Marriott compromised 383 million customers’ information.
If you have an account with Marriott and have not yet heard from the company, we recommend getting in touch with them. Learn whether your information may have been compromised, and take advantage of the security service they are providing.
#5 International Institutions dealing with healthcare
Analysts from the SITE Intelligence Group found that over 25,000 accounts from the NIH (National Institution of Health), CDC (Center for Disease Control and Prevention), the World Bank, and the WHO (World Health Organization) have been compromised. These emails and passwords were confirmed to be accurate – many passwords having low-security protocol.
If you have an account with any of these institutions, we recommend changing your password immediately. If you use that same password for any other accounts, we also recommend changing those passwords immediately.
How to protect yourself from scams
If you think you may be on a call or text with a scammer, do not engage – even to tell them you know it is a scam. Hang up, do not answer the text, don’t click the link, delete that email.
At SimplyWise, we suggest changing your passwords frequently, at least every 30-60 days. This will stop the risk of having your information stolen by malicious hackers. To check if your personal email account has been compromised, we recommend Have I Been Pwned – a free resource, created by a Microsoft Director, to assess the risk of online accounts.
We also suggest the following basic protocol to protect yourself from cyber attacks:
- Do not open emails from unknown accounts
- Ensure multi-factor authentication (MFA) is activated on all personal accounts
- Do not put personal information on your phone
- Check the sender’s email domain name
- Look at the grammatical writing of emails received – if things seem off, they probably are
- Do not provide personal information in your emails or on calls (with the exception of if you started the phone conversation and with a trusted source)
- Consider installing antivirus software on your mobile phone and computer like Bitdefender or Norton
Additionally, companies and governments have released their own guidelines in terms of dealing with security during COVID-19. Microsoft’s COVID-19 Security Guidance advises customers to enable ATP (Advanced Threat Protection) on all their products. The FBI also released an advisory public service announcement to guide and assist people.
Finally, if you think you have been the attempted victim of a stimulus check scam, you should immediately contact law enforcement. You can also report it to the Better Business Bureau. And if the potential scam involves your Social Security number or benefits, report it directly to the Social Security Administration’s Office of the Inspector General.
These are challenging, unprecedented, and uncertain times. Many are working from home over unsecured networks. Equally, many are out of work right now and looking for opportunities to gain income online. Almost all Americans are facing financial uncertainty after seeing savings and investment accounts decimated.
Hackers are quick to take advantage of vulnerabilities and uncertainties through data breaches and Social Security scams. That’s why it’s more important than ever right now to stay vigilant, know the scams that are out there, and learn how to protect yourself and your family. Navigating the web and understanding government programs and benefits is confusing, even when we’re not in the middle of a pandemic. And the coronavirus crisis itself is making life hard for all Americans today. Let’s not let these hackers take advantage of the confusion and add to the crisis today.