Community Banks Remain Vigilant Amid COVID-19 Cyber Threats

By Steven Estep

In my line of work it’s easy to become paranoid, so whenever a crisis event occurs, my brain quickly jumps from what resources our banks need to how bad actors are going to take advantage of the situation.

As more and more consumers are moving to online banking during the coronavirus pandemic, some for the first time ever, criminals are looking for ways to take advantage of unsuspecting individuals.

Fraudsters and cyber criminals have an innate ability to prey on the vulnerable during a crisis, and the coronavirus pandemic is no different. From phishing emails to business email compromise-style attacks and general disinformation campaigns, criminals and bad actors will go to all sorts of lengths to make an easy buck at the expense of your customers.

They say desperate times call for desperate measures, and criminals know full well that when the public is panicked people are distracted and more likely to act without thinking. Just take a look at some of the various criminal campaigns and scams bad actors have used to exploit the pandemic thus far:

• Thousands of social media accounts linked to nation-state actors have launched misinformation campaigns to sow discord in the U.S.
• Phishing campaigns are using COVID-19 as a lure. Themes have included insurance claims and health advice from doctors, the World Health Organization and Centers for Disease Control and Prevention, and more.
• Fraudulent coronavirus maps have popped up to spread malware, utilizing Johns Hopkins University’s successful coronavirus tracking map.
• Coronavirus-themed ransomware and malware has popped up in a variety of situations.
• Perhaps most frightening, there are cyberattacks against hospitals responding to the epidemic.

While community banks will remain a pillar of strength for their communities, I know they will also do everything possible to protect their institutions and customers from criminals who hide among the chaos of the pandemic.

ICBA has many resources to help protect your bank during this crisis. For specific COVID-19 resources, visit our Crisis Preparedness webpage. For cyber-specific resources, our Cyber and Data Security Toolkit offers information on key industry resources such as Sheltered Harbor and .Bank as well as best practices to protect your community bank from cyberthreats.

Consider also proactively reaching out to your customers so they know exactly what they can and cannot expect from your community bank in the next few months. We have a couple of resources available to help you with that outreach. 

Let your customers know what information you might have to ask them for. More importantly, let them know what information you will never ask them via email or phone.

Steven Estep is ICBA director of operational risk.