Perhaps the most prevalent threat during COVID-19 has been the increase in phishing attempts using coronavirus or related issues as bait. At the end of March, Barracuda Networks researchers found that COVID-19 related phishing attempts had spiked 667% since the end of February.
Of note, the FBI called out fake e-mails from the U.S. Centers for Disease Control and Prevention (CDC) stating:
“Watch out for emails claiming to be from the Centers for Disease Control and Prevention (CDC) or other organizations claiming to offer information on the virus. Do not click links or open attachments you do not recognize.
Fraudsters can use links in emails to deliver malware to your computer to steal personal information or to lock your computer and demand payment. Be wary of websites and apps claiming to track COVID-19 cases worldwide. Criminals are using malicious websites to infect and lock devices until payment is received.”
Other phishing scams that community banks should warn employees and customers to look out for include:
- Orders or directives appearing to come from local governments. Be particularly suspicious of anything requiring you to provide personal information in exchange for information related to your government’s response to COVID-19. They are your government; they have your contact information already.
- Emails offering PPE. This ties into advance fee scams. Criminals have sent out hundreds of thousands of emails to companies and individuals offering masks and other forms of PPE, especially now that some states are requiring personal protective equipment (PPE) in public. Be skeptical of anyone who is not a known distributor you have worked with in the past.
- Emails offering early access to Economic Impact Payments (EIPs). Another common theme has been offering advancements on the $1,200 stimulus checks being sent by the federal government. Of course, there is no advance option and the victims’ computers are loaded with malware instead.
ICBA always encourages community banks to tell their employees and customers to think before they click. Especially during chaotic times such as these, slow down and thoroughly examine every email you get.
If it seems too good to be true, it probably is. Another important step you can take is to never open attachments from senders you do not know. Community banks may also want to reach out to their own customers through more traditional means and let them know what they will and will not ask from them.
Additional resources for community banks: