Under the Collar

Criminals continue to exploit the fear and uncertainty created by the COVID-19 crisis by engaging in targeted cyber attacks upon businesses in the United States.

According to the FBI’s Cyber Division, network security tools of health care providers recently identified a series of email phishing attacks. The subjects of these emails contained topics related to COVID-19 and had malicious files attached to them which, if opened, could have deployed ransomware or implanted malware to steal personal and financial data.

The attachments were Microsoft Word documents, 7-zip compressed files, Microsoft Script, Java and Microsoft Executables. The names seen on the attachments included Doc35 Covid Business Form.doc; Covid-19_UPDATE_PDF.7z; covid50_form.vbs; and Todays Update on COVID-19.exe.

To avoid becoming a victim of these types of attacks, follow these tips:

• Be careful when you receive an unsolicited attachment, even from a sender who appears to be legitimate. Bad actors can spoof the return email address and make it look like it came from a trusted friend or colleague.
• Scan attachments before opening them and if it’s turned on, turn off the email feature that automatically downloads attachments to your computer.
• Keep your operating system up to date and always install software patches to keep criminals from exploiting known vulnerabilities.
• Create separate accounts on your computer and read your email on an account with restricted privileges. This will limit the ability of certain viruses to infect your network.

Whether you’re a health care provider or any other type of business, please don’t let your guard down during these unprecedented times. If your business does become the victim of a cyber intrusion, contact the Bowles Rice Cybersecurity and Information Privacy Team at (304) 347-1137 to quarterback the response.