Working from home, Part 2: Watch for new cyber scams related to COVID-19, continue security training

By Lorie Hailey

Cybercriminals always lurk, looking for new ways to gain access to private information and infiltrate business networks – such as when millions of Americans suddenly begin working from their homes to reduce the spread of coronavirus. Criminals are sending emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fake charities or causes related to COVID-19, says the Cybersecurity and Infrastructure Security Agency (CISA).

“Exercise caution in handling any email with a COVID-19-related subject line, attachment or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19,” CISA said in a news release.

Gui Cozzi, cybersecurity practice leader at Kentucky-based Dean Dorton, a CPA accounting firm with an IT security/tech consulting division, said his team is seeing “high amounts” of COVID-related scams.

“Be wary of any unsolicited information you receive online related to COVID-19,” Cozzi said.

Several phishing emails and malware websites have been identified, said Joe Danaher, chief information security officer for The AME Group, formerly Integrity IT.

“The best advice is to avoid all unsolicited email or websites and only trust sites provided by the government,” he said.

For Kentucky information, the official government website is govstatus.egov.com/kycovid19, and nationally, “an excellent site is the National Governor’s Association site, nga.org/coronavirus/,” Danaher said.


• Working from home, Part 1: Cybersecurity should remain top priority for Ky. businesses


Scammers are taking advantage of fears surrounding the coronavirus, the Federal Trade Commission warns. Cybercriminals quickly stood up websites to sell bogus products, and use fake emails, texts and social media posts as a ruse to take your money and get your personal information, said Colleen Tressler, consumer education specialist with the FTC.

“The emails and posts may be promoting awareness and prevention tips, and fake information about cases in your neighborhood,” she wrote in an FTC blog. “They also may be asking you to donate to victims, offering advice on unproven treatments, or contain malicious email attachments.”

The FTC sent warning letters in early March to seven sellers of scam coronavirus treatments. But new scams have arisen since then, Tressler said.

Some of those scams include:

  • Undelivered goods.Online sellers claim to have in-demand products – disinfecting wipes, hand sanitizer, medical supplies – but after a customer places his order the shipment never arrives. Search reviews of the seller online before placing an order, use credit cards for payment and keep a record of your transaction, Tressler said.
  • Fake charities:Scammers are using coronavirus to take advantage of the spirit of generosity, usually using names that sound authentic. Do your research before donating.
  • Fake emails, texts and phishing:Fake messages aim to get you to share account numbers, Social Security numbers, login IDs, passwords and other valuable information. These emails look like they are coming from authentic partners and organizations, but a close look at the sender’s email address will usually reveal the ruse. All remote workers should have up-to-date security software and use multifactor authentication, Tressler advised.

Continued training vital to telework safety

As at the office, the best way to prevent cybercrime while employees are working from home is continued cybersecurity training. Company leaders should remind workers about the dangers and keep them informed about new threats.

“If your staff is not well trained in cybersecurity, the risk they will allow threats into your network are only increasing under these circumstances,” Danaher said. “Consider revisiting breach prevention training.”

For a smoother work-from-home transition, be sure your employees are trained to use remote working tools such as Microsoft Teams, Zoom or other virtual meeting software, he said. Make sure meeting hosts are careful to send invitations only to the intended participants, Danaher said. And don’t forget to provide assistance in setting up VPNs and multifactor authentication systems.

Remind employees to log out of business systems at the end of their workday. If they are using their own devices, it is a good time to point out the importance of using their device’s security features, like PIN passcodes, and fingerprint or facial ID mechanisms.

The National Institute of Standards and Technology offers some great additional telework tips on its website, nist.gov.


Part 3 of this series will offer tips to parents who are juggling working from home with caring for children who are home from school.