COVID-Related Scams Are Targeting Your Employees

Cybercriminals know no shame. Through a variety of schemes that prey on your employees’ worst fears, bad actors are exploiting COVID-related anxieties and targeting vulnerable people.

Whether they play on health or financial concerns, fraudsters stop at nothing to wrest valuable, sensitive data from your employees. Since the pandemic began, more than 205,000 people have been victims of COVID-related fraud, resulting in $145 million in losses, according to the Federal Trade Commission.

Phishing schemes are getting smarter

Phishing emails have a single goal: to obtain valuable identifiers such as usernames and passwords for later use. In March 2020, these types of emails skyrocketed by as much as 667%. Loaded with pandemic-related terms such as “N95 masks,” “cleaning products,” and “virus vaccines,” these messages naturally struck a chord with their recipients.

Internal email scams are exploding

In addition to health-related scam emails, there’s a major outbreak of fraudulent internal emails. We’re all more likely to open an email that appears to be from someone we know—especially if it’s the boss. Unfortunately, that’s precisely why fraudulent internal business emails are so dangerous.

Cybercriminals pull off these scams by figuring out the email addresses of a given company’s higher-ups. Often, company emails are assigned according to a simple formula—for example, firstname.lastname@domain.com.

The fraudsters then create an email address resembling a CEO or supervisor’s and simply send out an email containing a misleading link or an urgent question requiring bank account information. Victims have even been asked to transfer funds following an “error” in their pay stub.

When the scammers use the same email signature, domain, and company logo as the actual supervisor, it’s easy to fall for the deception. Often, the only way of identifying an ultra-realistic scam email is to examine the sending email address for a spelling error.

Did you know that with Microsoft Outlook, you can activate a banner at the top of each message indicating whether a message is internal or external? It’s an easy, effective means of preventing this kind of scam. Not sure how to turn on this function? Our technical support team can help you out. Contact us to schedule a meeting! info@kezber.com

Are your employees keeping your company safe?

According to a recent Lenovo survey, 59% of workers are more concerned with protecting their personal accounts than their work accounts—and it’s reflected in their behaviours. In total, 30% of respondents said they reuse passwords for work accounts, while 22% said they recycle personal passwords for work IDs.

People also tend to believe their security habits are better than they actually are. For example, while 69% of respondents gave themselves A or B grades for protecting their online accounts, 65% admitted to using the same password for multiple accounts.

Have you unsuccessfully tried to implement company-wide security practices in the past? Here are three easy ways to improve employee cybersecurity habits:

1. Make it simple.

Often, the rush to get work done makes adopting strong passwords a low priority—especially when your boss asks you to do something for yesterday. At first, new password habits can interrupt familiar routines, but they’re much more effective in the long run.

If your password protection solutions are slowing employees down and complicating their workdays, they’re not likely to implement them. Instead, consider adopting a password manager-type software solution. Password managers make it easier for employees to adhere to security standards and adopt different passwords for each account.

2. Show them how their habits impact the privacy and security of company data.

When it comes to cybersecurity, every decision your employees make can strengthen or undermine the effectiveness of best practices. Keeping passwords secure is everyone’s responsibility. If you really want to get the message across, try running a phishing test.

3. Give them the tools to adopt best practices without compromising productivity.

A mistake can happen in an instant. Thankfully, there are tools to help you monitor the content of your messages, documents, and emails. For instance, Microsoft 365 provides complete protection within its applications, including Word, Outlook, Excel, and PowerPoint. This service notifies you in real-time if you send a document including a credit card number or any other private information.

Need help?

Data protection is no easy task, and change management brings its own share of complications. Many IT teams are neither trained nor have the time to supervise the integration of a cybersecurity solution.

At Kezber, our team is fully equipped to turn your organization into a more secure environment. As an accredited Microsoft Gold Partner, Kezber has the experience and expertise to advise you on cybersecurity best practices. Looking for a turnkey solution? No problem! We can get you started and even monitor your IT infrastructure on an ongoing basis. For more information, call 1 (833) 584-8036.