COVID-19 Update #12: Avoiding COVID-19 Phishing Scams

ATG Customers in Illinois and Wisconsin

The COVID-19 outbreak and the appurtenant mobilization of Financial Services staff has resulted in mass email attacks from hackers posing as legitimate news sources, software companies, and IT administrators. We urge you to raise your level of security awareness as we work together to navigate these unusual times.

Be Watchful and Check Sources

Hackers are using emotion-driven emails to try to get people to act quickly, without thinking. In our industry, as usual practices evolve to meet these unusual demands, staff and systems may be vulnerable. We have heard of at least one major bank that had to shut down their wire system because of unusual activity that occurred while they were implementing their emergency plan.

The emails often appear to be from legitimate sources:

  • The World Health Organization (WHO)
  • The Centers for Disease Control and Prevention (CDC)
  • University and college health services

The messages typically offer information about COVID-19 to get you to provide your personal information or download malicious software (malware).

Take These Steps to Decrease the Risk of Being Victimized

  1. Provide clear instructions to staff. A written guide is normally helpful, if users aren’t sure how to do something, they are more likely to make a mistake.
  2. Use technology from familiar vendors. For example, Microsoft and Google have a wide range of tools available to work remotely.
  3. Keep your hardware up to date; stay current on software updates and patches.
  4. Utilize multi-factor authentication everywhere. Requiring a password and a text message or authentication code while logging into email, VPNs, and other programs can prevent most attacks.

Watch for These Red Flags

Beware of coronavirus-themed phishing attempts. It’s easy to lose focus when email volume is high or when working in a different setting. Protecting your email is one of the most important things. Watch out for these red flags:

  • Check the subject header and domain name for errors.
  • Look for spelling and grammar mistakes.
  • Before clicking links, hover over them with your cursor to confirm they are legitimate.
  • Don’t respond to companies or people you don’t know.
  • Never give out personal information through email.

We are working to keep our workplace safe by adding cyber-vigilance to what we’re all already doing—distancing, disinfecting, and working remotely. If you have any questions, please Contact Us. We always appreciate your business and ongoing support, but especially during these uncertain times.

Christine Sparks
ATG Senior Vice President and Chief Operating Officer

Posted on: Wed, 03/25/2020 - 8:50am