The coronavirus pandemic has ushered in a new realm of potential cybersecurity scams, according to Chris Madeksho, lead cybersecurity analyst in Information Technology Services at the University of Tennessee Health Science Center.
“Scams around the pandemic and working from home have increased,” Madeksho said. “It has given scammers some great ideas on how to get money or information out of people, whether it is for vaccines, research options, cures, or personal protective equipment at cheap prices. Also, work-from-home scams are looking to bypass normal security measures that would be in place if you worked in the office, say using a firewall to block access attempts.”
“With every new scam or opportunity, the risks increase from criminals looking to profit,” said Dennis Leber, chief information security officer and HIPAA security officer at UTHSC. “According to a report published by Google; there is a 350 percent increase in phishing attacks since COVID-19. Google also found an increase in nefarious websites developed to scam or deploy malware on your systems if you visit them. In January, they found 149,195 active sites. In February, that number rose by 50 percent to 293,235, and in March, a reported 522,495 sites, pushing past that 350 percent. At present, we can assume that we are nearing millions of these sites.”
With the majority of the UTHSC workforce working remotely, the cybersecurity team has had to shift focus from protecting a “perimeter” or the network, to protecting all data and resources, no matter where they reside, requiring more vigilant oversight. “Scams and social engineering are on the rise, and people have a tendency to do things at home they wouldn’t think about doing at work,” Madeksho said. “People aren’t as protected on their home network or internet as they would be at UTHSC. Keeping security as a priority will help our community keep everything protected.”
According to Madeksho, here are some key things to look for, if you suspect you’ve been targeted for a cybersecurity scam:
- A sense of urgency that does not give the user time to think things through.
- The email address is not what you are expecting. University administrative leaders, for example, would not use a Gmail account to correspond about official UTHSC business.
- Bad grammar, typos, and misspellings are red flags.
- Asking for protected health information (social security numbers, addresses, etc.) that reputable companies would not request.
- Suspicious attachments or links. These can contain malware.
The UTHSC Office of Cybersecurity has many tools in place to help prevent scams, including annual cybersecurity training but the campus community remains the best defense. “With email filters in place, we block tens of thousands, sometimes even hundreds of thousands, of emails daily from ever getting into people’s inboxes,” Madeksho said.
“Having DUO, our multi-factor authentication, really helps UTHSC prove people logging in are who they say they are and not using stolen credentials. We monitor for vulnerabilities, such as out-of-date software, to make sure someone isn’t taking advantage of an easy way in. Alerting us to scams by forwarding to firstname.lastname@example.org or realizing these texts/emails/phone calls are not legitimate and refusing to engage, helps the campus defend against these attacks. Be cautious of and question everything.”