COVID-19 news roundup: Stimulus cheque scams, FBI warning, contact text con and a ransomware trend
Welcome to Cyber Security Today. It’s Wednesday April 22nd. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
To hear the podcast click on the arrow below:
Criminals are already trying to take advantage of plans by the Canadian and U.S. governments to send economic stimulus cheques to residents to help offset the financial strains from organizations closed due to the COVID-19 crisis. So now’s a good time to remind listeners to be wary of emails, texts, social media pitches and phone calls claiming to help make a submission. If you want to be sure about not being suckered, don’t click on a link. Instead, from your browser go directly to a government web site. In Canada, the main government site is canada.ca. There’s a link right at the top called Financial Assistance. In the U.S. the Internal Revenue Service is handling things, so go to irs.gov, then click on “Get Info on Economic Impact Payments.”
Remember, no government agency will call you asking for personal information at any time, let alone to help you get stimulus money.
A security vendor called Proofpoint passes on this additional tip for Americans: In most cases you don’t need to do anything: Stimulus payments will automatically be issued to the vast majority of Americans.
As I’ve been reporting for a while, there’s no shortage of coronavirus-related email phishing scams being sent. This week the FBI wanted to make sure health care providers like hospitals and clinics got the message by sending out a flash alert saying there are targeted campaigns against this sector. The goal is to infect computers to steal personal information, although it may also be to steal COVID-19 research. Doctors, technicians and support staff should be wary about messages with attachments purporting to be purchase orders or instructions dealing with COVID-19. In good advice for everyone, the FBI urges people if they haven’t done so already to turn off the email option to automatically download attachments. These days most email systems come configured that way. If you want to be sure, contact your IT support staff.
By the way, if you get suspicious COVID-19 email, report it to authorities. In Canada forward the email to email@example.com. In the U.S., send it to the FBI’s Cyber Watch. That’s firstname.lastname@example.org.
Here’s another reason to think carefully before downloading games and utilities. What appears to be a fake Wi-Fi hacking program has been discovered that locks users out of Windows. The news service Bleeping Computer reports a victim downloaded this file which forces the computer to reboot, and then puts up a messaging saying you have been infected with “corona virus.” Then you can’t launch Windows. Downloading things from strange websites is one way to increase the odds you’ll be hacked. Bleeping computer notes other ways are by clicking on YouTube videos recommended by strangers or links in social media platforms.
Last notice on COVID-19 scams: There’s been talk of governments approving mobile apps to help contact tracing to limit the spread of coronavirus. Already criminals are putting out text messages that say, ‘You have been in close contact with someone who has COVID-19. Click here for instructions.” Legitimate apps won’t work that way. They won’t ask you to click on anything. Instead they will urge you to consult your doctor and get a test.
Regular listeners know I urge the adoption of two-factor authentication to strengthen your email and other applications from being hacked. Now Nintendo is urging users to join the movement after seeing an increasing number of game users reporting their accounts had been hacked. In some cases victims have lost money through the game Fortnite. The ZDNet news service reports that it isn’t clear how attackers are getting into these accounts. Regardless, two-factor authentication will lower the odds. With two-factor authentication you have to enter a six-digit or letter code in addition to your name and password to log in.
Finally, another perhaps unrelated COVID-19 trend: Security vendor Emsisoft reports that government agencies, education institutions and healthcare providers in the U.S. were not hit as hard as expected by ransomware in the first three months of the year. However, attacks on businesses continued at the same pace as the previous quarter. Emsisoft suspects ransomware against those three sectors that saw a decline will pick up when the pandemic crisis ends. However, for some financially-troubled firms ransomware will force them to close.
That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cybersecurity professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon