COVID-19 and Cyberfraud: What You Need to Know
Cybercriminals are opportunists by nature. The COVID-19 pandemic, unfortunately, has created more prospects for fraudsters to not just further exploit people’s fears, but also to take advantage of potential vulnerabilities in rapidly developed remote business operations.
With the emergence of COVID-19, there have been increases in such traditional fraud attempts such as invoice fraud, business email compromise and email phishing.
Some security companies are detecting cybersecurity threats at 600 to 800 times greater than pre-COVID-19 levels. Thousands of COVID-19-related websites and mobile apps are being created on a daily basis to fool organizations and individuals alike and perpetuate fraud.
This new wave of cyberfraud is due to more businesses shifting to a remote workforce globally, expanding vendor relationships to new partners outside of their current supply chain to meet urgent needs, or using and accepting new payment types or limits. Prior to this pandemic, no one in the security industry envisioned the remote access environment we’re all operating in on this scale. Remote collaboration tools such as conferencing systems, messaging platforms and productivity apps are also being used at an unprecedented rate. Business processes are also changing quickly, creating new risks.
Coronavirus-related attacks
The speed in which the pandemic escalated could not have been anticipated by most organizations. Many went from standard operating procedures to having the majority of their employees work remotely in a matter of days or weeks. With the urgency to execute, organizations may be more inclined to bypass processes that are typically in place—such as dual approvals for payments— to prevent fraud attempts. Phishing scams have also been updated in the context of COVID-19.
As part of the scam, cybercriminals send an unsolicited email to potential victims to prey on a recipient’s need to feel informed, safe or helpful. So far, versions of these phishing emails have been made to look like official communications from the World Health Organization, the U.S. Centers for Disease Control and Prevention, or other health services. The emails offer information and advice about the virus to get you to unknowingly download malicious software or give away your personal information.
Despite the constantly evolving threats, there are ways to protect your organization:
- Review your current processes to not only ensure they’re suitable for your organization’s current workplace, but to potentially update them to make them more stringent.
- Make sure everyone is following your internal processes, especially those intended to protect data and payments, and that employees aren’t pressured to act on “urgent” requests.
- Be cognizant of what you and your employees share on social media (including job titles and descriptions on sites like LinkedIn) as fraudsters can use this information to target or impersonate people within your organization.
- Use your bank’s recommended authentication services (biometric authentication, two-factor authentication, discrete passcodes and usage alerts) and fraud protection solutions (Positive Pay, Reverse Positive Pay).
- Evaluate the companies you’re doing business with, including asking them about their own cybersecurity practices.
It’s also important to stay up to date on the latest threats, as they evolve quickly. Our adversaries continue to adapt as we adapt, so the cyberfraud mitigation techniques that work today may not work tomorrow. The most important thing you can do is make sure everyone across your organization has a heightened awareness against potential fraud attempts. Slow down before clicking on any links or opening any attachments so you can avoid you becoming yet another victim.
Read more
Larry Zelvin
Executive Vice President and Head of Financial Crimes Unit, BMO Financial Group
Larry Zelvin is the Head of the Financial Crimes Unit at BMO Financial Group where he is responsible globally for cyber security, fraud, physical security and …(..)
View Full Profile >Cybercriminals are opportunists by nature. The COVID-19 pandemic, unfortunately, has created more prospects for fraudsters to not just further exploit people’s fears, but also to take advantage of potential vulnerabilities in rapidly developed remote business operations.
With the emergence of COVID-19, there have been increases in such traditional fraud attempts such as invoice fraud, business email compromise and email phishing.
Some security companies are detecting cybersecurity threats at 600 to 800 times greater than pre-COVID-19 levels. Thousands of COVID-19-related websites and mobile apps are being created on a daily basis to fool organizations and individuals alike and perpetuate fraud.
This new wave of cyberfraud is due to more businesses shifting to a remote workforce globally, expanding vendor relationships to new partners outside of their current supply chain to meet urgent needs, or using and accepting new payment types or limits. Prior to this pandemic, no one in the security industry envisioned the remote access environment we’re all operating in on this scale. Remote collaboration tools such as conferencing systems, messaging platforms and productivity apps are also being used at an unprecedented rate. Business processes are also changing quickly, creating new risks.
Coronavirus-related attacks
The speed in which the pandemic escalated could not have been anticipated by most organizations. Many went from standard operating procedures to having the majority of their employees work remotely in a matter of days or weeks. With the urgency to execute, organizations may be more inclined to bypass processes that are typically in place—such as dual approvals for payments— to prevent fraud attempts. Phishing scams have also been updated in the context of COVID-19.
As part of the scam, cybercriminals send an unsolicited email to potential victims to prey on a recipient’s need to feel informed, safe or helpful. So far, versions of these phishing emails have been made to look like official communications from the World Health Organization, the U.S. Centers for Disease Control and Prevention, or other health services. The emails offer information and advice about the virus to get you to unknowingly download malicious software or give away your personal information.
Despite the constantly evolving threats, there are ways to protect your organization:
- Review your current processes to not only ensure they’re suitable for your organization’s current workplace, but to potentially update them to make them more stringent.
- Make sure everyone is following your internal processes, especially those intended to protect data and payments, and that employees aren’t pressured to act on “urgent” requests.
- Be cognizant of what you and your employees share on social media (including job titles and descriptions on sites like LinkedIn) as fraudsters can use this information to target or impersonate people within your organization.
- Use your bank’s recommended authentication services (biometric authentication, two-factor authentication, discrete passcodes and usage alerts) and fraud protection solutions (Positive Pay, Reverse Positive Pay).
- Evaluate the companies you’re doing business with, including asking them about their own cybersecurity practices.
It’s also important to stay up to date on the latest threats, as they evolve quickly. Our adversaries continue to adapt as we adapt, so the cyberfraud mitigation techniques that work today may not work tomorrow. The most important thing you can do is make sure everyone across your organization has a heightened awareness against potential fraud attempts. Slow down before clicking on any links or opening any attachments so you can avoid you becoming yet another victim.
What to Read Next.
COVID-19 Puts Spotlight on Strong Liquidity Management, Antifraud Practices
Oscar Johnson | April 10, 2020 Addressing Covid 19, Manage Cash Flow
We can all agree that this is a time like we’ve never seen. And the uncertainty of the situation means it’s crucial to make sure you&rsqu…
Continue Reading>
Tell us three simple things to
customize your experience.
