The slow rollout of COVID-19 relief checks in the US has created a new avenue of attack for cybercriminals. An estimated 4,300 malicious web domains related to COVID-19 relief have popped up in the last month, and Google reports that they’re stopping 18 million suspicious COVID-19 related emails per day.
With “Where’s my stimulus check” a top query on Google, many of these domains are being used to snare unsuspecting users into giving away their personal information. Others are fodder for a deluge of phishing attacks that aim to capture personal information or deliver malware.
How is this a business problem? Because most staffers are working remotely, cybersecurity-related personal problems become business problems quickly. For example, if a staffer checks their personal email on their work computer and downloads a guide to claiming their stimulus check that’s actually ransomware, it’s now a business problem – and there are many more ways that businesses can be put at risk through worker activity related to stimulus checks.
Here’s how to mitigate that risk:
Train every user to be aware of potential phishing attacks. Our BullPhish ID platform has new COVID-19 phishing kits to simulate the latest threats that staffers are facing, so you can make sure they won’t fall for cybercriminal’s tricks.
Put a stronger layer of protection between cybercriminals and your data with multifactor authentication and customizable single sign-on portals for every user. We make it easy and cost-efficient with Passly, the remote-ready secure identity and access management solution for anytime, anywhere access security.
Monitor for credential exposure. Sign up for Dark Web ID and get alerted when employee users and passwords become available on Dark Web markets. Knowing what’s out there means companies can prepare for it to be used against them to reduce the chance of a serious data breach.