The best time to attack is when the prey is at their weakest. This holds true in cybersecurity warfare. The ‘Bad Guys’ will attack your employees, technology, customers and clients when they believe you are most vulnerable.
With the current COVID-19 pandemic, the ‘Bad Guys’ are taking advantage of the situation. Everybody wants information on the current crisis. People are looking for answers, wondering how this is going to affect their loved ones, employment status, health, and money. The hackers are well aware of the panic people have in these times. We are hoarding toilet paper, hand sanitizer, tissues, and anything else that we think we may need in the event of an all-out apocalyptic future. It is human nature to want to know what is happening in the world, and how to protect ourselves from a possible deadly virus. Our guard is down, we are searching for answers.
The ‘Bad Guys’ know this and are attacking our weakness. In most instances, our data and money is their prey. In some cases they want to gather data for future use, others just want to wreak havoc on the world for political game, to make a point, or cause anarchy.
So, how do we protect ourselves? What steps should be taken to ensure our data, information and money is safeguarded. The answers are quite simple.
Don’t Click on That Link – One of the biggest temptations is to click on a link to find the information it may be presenting. Hackers are targeting vast numbers of email accounts with bogus links embedded that purport to help in protecting you from COVID-19, or that will show updated statistics on the spread of the virus. These links will install malicious code on your computer and will propagate to your network, and infect other computers, applications, and business systems. Most will go undetected, with the ‘Bad Guys’ gathering information for future us. Some will be truly be malicious in nature, exposing your data to ransomware, locking your systems until you pay tens-of-thousands of dollars to get the code to unlock. Others will just seek to destroy your data, wreaking havoc on your business.
If you receive a link, even if it does not look suspicious, Beware!!! Do these 3 things before clicking on the link:
- If the email is unsolicited. This is a telltale sign of malicious code. DO NOT CLICK
- If the email is urgent, if there are misspelled words, or they are asking for money. DO NOT CLICK
- Hover over the URL, (without clicking) to see the destination. If the URL is different from what the link is purporting it to say. DO NOT CLICK
If you believe the email is from a legitimate source, pick up the telephone, call the person sending the link and check to make sure it is legitimate. Or you can use a search engine to lookup the link. But don’t just copy and paste the link from the email, that may take you to a bad website. Type in the search criteria yourself.
Don’t Give Out Information – Watch out for data gathering schemes. With people working from home, being quarantined with no place to go, no sporting events to watch, and entertainment venues closed, there has been an uptick in the use of social media.
We are seeing data gathering techniques being used. For example, the 20-question game. Somebody creates 20 questions and asks everybody who gets the message to play. While on the outside these seem harmless games, but the data is being gathered, stored in a database (yes, hackers use databases), and saved for future use. The games ask you to name things such as what street did you grow up on, what was your childhood nickname, who was your first boyfriend / girlfriend, have you ever received a speeding ticket, etc. These same questions are also being asked as challenge questions for signing onto bank accounts, stock brokerage accounts, funds transfer systems, healthcare systems, etc.
So, even if I play the 20-question game and answer these questions, the ‘Bad Guys’ don’t have my account numbers, or passwords, right? Perhaps not immediately, but they are storing this information in a database, and cross referencing it with other data they have gathered, maybe from you, or other places that have had data compromises in the past with your information, and they will use this at a future date.
Don’t play the 20-question game on social media sites. Also, be vigilant on social media. These systems can also have embedded links that should not be clicked.
Hackers are after your data. They want to steal your information, and turn a quick profit. They look for your weaknesses, take advantage of your fears and worries, plant seeds of uncertainty and distract you from good cybersecurity hygiene. The COVID-19 pandemic will pass, but the ‘Bad Guys’ will remain, waiting for their chance. Protect your data, have cybersecurity vigilance, not just in times of trouble, but all the time.
For more information, visit our Technology Risk Advisory Services, or contact Tim Grace.