Uncertainty about the availability and allocation of financial relief funds for the COVID 19 pandemic has confused small business owners while simultaneously creating new opportunities for cyber attackers to prey on unsuspecting victims. Per a recent article published by IBM and Morning Consult, nearly 40 percent of small business owners believe they’ve been targeted with malicious coronavirus (Covid-19) spam emails. This new phishing scam has created an open door for those bad actors to wreak more havoc during this already stressful time.
Since mid-March, Covid-19 related phishing lures mimicking the Small Business Administration (SBA), the World Health Organization (WHO), banks offering relief funds, the U.S. Federal Reserve and other government organizations, have spiked by 6,000 percent, according to the report. For example, spam that impersonates the SBA and promises government relief funds trick victims into opening a spoofed application attachment that triggers a malware infection. With this continued rise of phishing attempts Security Awareness Training has never been more important. As you can see from the statistics below people are expecting to receive COVID-19 information and updates. As such, users may let their guard down and be easily tricked. “The data and intelligence should remind us that there is no honor among thieves,” the report reads. “Cyber criminals will continue to view times of uncertainty as an opportunity, seeking new ways to exploit targets when they have their guard down.”
Here are some of the major findings from small businesses in the report:
- 58% are familiar with small business loans offered by the government to mitigate Covid-19.
- 14% are very knowledgeable about accessing the small business loan relief program from the government.
- 37% have received unsolicited Covid-19 related emails they suspected were malicious spam.
- 57% expect to receive official information about Covid-19 via email.
And, some key findings from consumer respondents:
- 46% expect to receive official information on Covid-19 via email.
- 33% expect to receive official information on Covid-19 by the U.S. postal service.
- 35% expect to receive communication from the IRS by email.
- 33% expect to receive communication from the WHO by the U.S. postal service.
- 52% would open an email related to their stimulus relief eligibility.
- 39% would open an email about Covid-19 testing near them.
- 64% of recently unemployed are most likely to engage with an email related to their stimulus relief eligibility.
- 45% receive 1-5 unsolicited emails related to Covid-19; 12% receive 6-10 emails; 22% receive no unsolicited emails per day.
To reduce the “risk of falling victim” cyber-attacks, Clare Computer Solutions recommends the following:
- Remind your users to “Stay Vigilant”
- Use trusted sources. Go directly to the website of the organization instead of clicking on links to redirect you there.
- Never open attachments or links from unknown sources.
- Do not engage with unsolicited emails or texts pertaining to Covid-19 small business relief or other federal funding assistance.
- For security reasons, the IRS will never email or call people. Communications are sent via U.S. mail.
- Beware fraud speak, including peculiar use of words, odd spelling and typos in emails.
- Update and patch. Nearly 90 percent of vulnerabilities spammers exploited in 2019 were traced to known vulnerabilities.
- Use multi-factor authentication (MFA) on anything that enables remote access such as a bank or credit card account.
- Implement or continue with User Awareness Training
- Contact your Clare Account Manager to discuss how to enhance your Security Posture, to identify gaps in your security or to implement end user protection solutions