Wait?
It’s May already?
Where did April go?
It passed by as we were stuck at home and no, you didn’t miss the the April newsletter, as it was lost in the work-from-home shuffle. There’s a hint of a light at the end of the coronavirus tunnel as some businesses are opening and some restrictions lifted, but that’s all I’m going to say about that…
While we may not have been as busy during this time, phishers, scammers, and other bad actors have gone into overdrive. Some sources have placed the increased fraudulent traffic as 300% higher this last quarter over the same quarter from 2019. The amount of emails attempting to leverage the coronavirus and associated fears has grown astronomically and the phishers have an edge in this environment – we’re already stressed and uncertain.
There are emails purporting to have a cure for the disease, others with great deals on PPE (who figured that acronym would ever become common?), some trying to steal CARES relief funds, and others trying to convince people they have come in contact with someone with the virus. That’s just a tiny sample. There are some new articles on this site covering social media surveys, Skype password phishing, and complaint scams. The COVID-19 article was updated multiple times with new information. If you haven’t read those yet, you should check them out after you’re done reading this.
Myriad opportunities abound to phish, scam, and deceive people who have severe cases of cabin fever, restlessness and real fears about jobs and finances. No stress point is neglected in the daily attacks from bad actors trying to compromise accounts, steal credentials, and wreak havoc in an already chaotic environment. Many people are learning new ways to work, communicate, shop, eat, and socialize. All of the “new” is irresistible to scammers and phishers. Here is what I consider the number one safety tip (with some examples) to safely navigate this new (hopefully temporary) normal.
- Almost all email should be considered suspect at this point. Apply a much higher grade of scrutiny to any and all emails you receive.
- Emails like the ones mentioned in the Skype phishing article will appear to come from a variety of services, all of them trying to get you to click on that link or button in the email to check your notifications. Don’t!!! Simply log in to the site or service like you normally would, and if you have notifications, they will be there.
- Emails asking for banking information or other financial information should be VERY carefully scrutinized. Most will be fraudulent. If you or a family member need to supply banking information to receive CARES funds or are having to deal with unemployment, make sure you are going to the right resources. Numerous government sites are available including the Health and Human Services site and the primary government site about coronavirus information. The Georgia Department of Labor site is where to get answers about the process of receiving unemployment benefits.
- Phishers haven’t given up on old themes. We have received plenty of emails to campus inboxes purporting to be from college department heads, all the way to President Briggs, asking you to for a “favor” or with an “urgent request”. Don’t fall for these! Check the From address and look for the external email banner to determine the validity of emails like this. The fact that they should be EXTREMELY rare should immediately render them suspect.
On a somewhat different topic, check out the new voicemail notification Quick Tip here on the site. It explains how to tell if a voicemail notification received via email is valid or not.
Here’s hoping that things will get back to normal soon, even if normal is slightly different. As always, if you ever have a question about an email or other questions about information security, please don’t hesitate to contact me at infosec@berry.edu, extension 1750 or 706-236-1750. I’m still working at home, like many others.