Cyber-criminals are engaging in Coronavirus scams, including impersonating research or government authorities, and offering attachments of medical records or reports.
Experts monitoring cyber-criminal activity have reported that cyber-criminals are using the Coronavirus as another means to steal personal information or gain access to systems. It is proving to be a productive means for hacking into systems. Heighten interest, along with fears and concerns about the pandemic, have caused many to let their guards down and open attachments or give away information. Attackers feed off of the need for up-to-date information and possible cures for the virus. Attackers may pretend to be a top medical research facility or government agency, such as the National Institutes of Health (NIH), Centers for Disease Control and Prevention (CDC), or World Health Organization (WHO). In some cases, attackers attach items identified as “test results” or “special alerts.” The phony messages may include purported official letters or reports warning people about certain aspects of the threat. In other cases, hackers impersonate employers with information about their organization that are designed to get individuals to open messages and unleash malware. Often, messages contain what looks like the official logo of the government agency or company. In other cases, a message may look like a reply or a warning. These emails may appear to be legitimate as the hackers forge official mailing addresses, phone numbers, and fax numbers of the organizations to which they claim to belong. All these phishing efforts are designed to steal identifiable information or provide means to access computer systems.
Tips for Compliance and HIPAA Privacy Officers
- Alert employees to beware of Coronavirus communications.
- Remind employees to not click on email links/attachments or respond to inquiries.
- Regularly test users to make sure they are on guard.
- Configure email servers to block zip or other files that are likely to be malicious.