Risk & Fraud

Don’t Get Complacent with COVID-19 Scams

By: Gene Fredriksen, Security Strategy Consultant

In a 1948 speech to the House of Commons, Winston Churchill said, “Those who fail to learn from history are condemned to repeat it.” This quote is particularly accurate for those tasked with implementing cybersecurity programs. History has shown that every time there has been a global crisis, scammers and criminals will attempt to leverage public fear and confusion for their profit. As the world starts to reopen again, the challenge now is the possibility of complacency.

Since the global lockdown, there has been a steady increase in the number of COVID-19-related email attacks, and these scammers aren’t likely to back off any time soon. In addition to the advice outlined in this previous blog, here are some more helpful tips to share with your credit union members to keep their information security top of mind.

Beware of fake emails claiming to be from the Centers for Disease Control and Prevention (CDC). Remind your members to watch out for fake emails from organizations claiming to offer cures, vaccines or testing kits for COVID-19, and never click links or open attachments from senders you do not recognize. Fraudsters can use email links to deliver malware to your members’ devices and steal their personal information. Also be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until users cooperate by providing payment.

Watch out for stimulus payment scams and other phishing emails. Members need to keep an eye out for phishing emails asking to verify their personal information to receive an economic stimulus check from the government. Government agencies are not sending unsolicited emails seeking private information to send stimulus money. Phishing emails may also claim to be related to COVID-19 charitable contributions, general financial relief or “GoFundMe” campaigns, or airline ticket refunds.

Be vigilant about counterfeit COVID-19 treatments or equipment. Exercise caution with anyone selling products that claim to prevent, treat, diagnose or cure COVID-19. Be alert to counterfeit products such as sanitizing products and Personal Protective Equipment (PPE), including N95 respirator masks, goggles, face shields, protective gowns and gloves. For more information on unapproved or counterfeit PPE, visit www.cdc.gov/niosh.

Maintain general cybersecurity measures:

  • Don’t open attachments or click links within emails from senders you don’t know.
  • Never provide usernames, passwords, date of birth, social security number, financial data or other personal information in response to an email or robocall.
  • Always verify web addresses for legitimacy by manually typing them into your browser first.
  • Check for any misspellings or incorrect domains within a link (for example, a web address that should end in a “.gov” but appears as a “.com”).

If members believe they are a victim of an Internet scam or cybercrime, or want to report suspicious activity, have them visit the FBI’s Internet Crime Complaint Center at www.ic3.gov.

While the security measures we’ve taken during COVID-19 are fresh in our minds, we need to make sure they remain incorporated throughout our organizations’ processes and technology controls so that when similar threats reemerge, we won’t find ourselves repeating history.

Gene Fredriksen is a co-founder and current executive director of the National Credit Union ISAO and the principal cybersecurity consultant with PureIT CUSO. He has previously held the positions of CISO for PSCU, Global CISO for Tyco International, principal consultant for security and risk management strategies for Burton Group, vice president of technology risk management and chief security officer for Raymond James Financial, and information security manager for American Family Insurance.

Fredriksen served as the chair of the security and risk assessment steering committee for BITS, and also served on the R&D committee for the financial services sector steering committee of the Department of Homeland Security. He also served as an advisor on various cybersecurity steering committees for the administrations of George W. Bush, Bill Clinton and Donald Trump, assisting in the preparation of the president’s Cybersecurity Position Paper.