Select Language

Search

COVID-19 and Cyberfraud: What You Need to Know

 

Cybercriminals are opportunists by nature. The COVID-19 pandemic, unfortunately, has created more prospects for fraudsters to not just further exploit people’s fears, but also to take advantage of potential vulnerabilities in rapidly developed remote business operations.

With the emergence of COVID-19, there have been increases in such traditional fraud attempts such as invoice fraud, business email compromise and email phishing.

Some security companies are detecting cybersecurity threats at 600 to 800 times greater than pre-COVID-19 levels. Thousands of COVID-19-related websites and mobile apps are being created on a daily basis to fool organizations and individuals alike and perpetuate fraud.

This new wave of cyberfraud is due to more businesses shifting to a remote workforce globally, expanding vendor relationships to new partners outside of their current supply chain to meet urgent needs, or using and accepting new payment types or limits. Prior to this pandemic, no one in the security industry envisioned the remote access environment we’re all operating in on this scale. Remote collaboration tools such as conferencing systems, messaging platforms and productivity apps are also being used at an unprecedented rate. Business processes are also changing quickly, creating new risks.

Coronavirus-related attacks

The speed in which the pandemic escalated could not have been anticipated by most organizations. Many went from standard operating procedures to having the majority of their employees work remotely in a matter of days or weeks. With the urgency to execute, organizations may be more inclined to bypass processes that are typically in place—such as dual approvals for payments— to prevent fraud attempts. Phishing scams have also been updated in the context of COVID-19.

As part of the scam, cybercriminals send an unsolicited email to potential victims to prey on a recipient’s need to feel informed, safe or helpful. So far, versions of these phishing emails have been made to look like official communications from the World Health Organization, the U.S. Centers for Disease Control and Prevention, or other health services. The emails offer information and advice about the virus to get you to unknowingly download malicious software or give away your personal information.

Despite the constantly evolving threats, there are ways to protect your organization:

  • Review your current processes to not only ensure they’re suitable for your organization’s current workplace, but to potentially update them to make them more stringent.

  • Make sure everyone is following your internal processes, especially those intended to protect data and payments, and that employees aren’t pressured to act on “urgent” requests.

  • Be cognizant of what you and your employees share on social media (including job titles and descriptions on sites like LinkedIn) as fraudsters can use this information to target or impersonate people within your organization.

  • Use your bank’s recommended authentication services (biometric authentication, two-factor authentication, discrete passcodes and usage alerts) and fraud protection solutions (Positive Pay, Reverse Positive Pay).

  • Evaluate the companies you’re doing business with, including asking them about their own cybersecurity practices.

It’s also important to stay up to date on the latest threats, as they evolve quickly. Our adversaries continue to adapt as we adapt, so the cyberfraud mitigation techniques that work today may not work tomorrow. The most important thing you can do is make sure everyone across your organization has a heightened awareness against potential fraud attempts. Slow down before clicking on any links or opening any attachments so you can avoid you becoming yet another victim.

Read more
Larry Zelvin Executive Vice President and Head of Financial Crimes Unit, BMO Financial Group



You might also be interested in