We no longer support this browser. Using a supported browser will provide a better experience.

Please update your browser.

Close browser message

Treasury and Payments

Improve your working capital, reduce fraud and minimize the impact of unexpected disruptions with our treasury solutions—from digital portals to integrated payables and receivables—all designed to make your operations smoother and more efficient.

Learn more about our treasury solutions:

Commercial Real Estate

Get the strategic support to be successful throughout market and real estate cycles with insights, hands-on service, comprehensive financial solutions and unrivaled certainty of execution.

Learn more about our commercial real estate solutions:

International Banking

Global opportunities mean global challenges. But real success means understanding the local markets you serve—which is why we bring the business solutions, insights and market perspective you need. 

Learn more about our international banking solutions:

Cybersecurity and Fraud Protection

Spotting and Preventing COVID-19 Social Engineering Attacks


Cybercriminals capitalize on instability, which is one reason why COVID-19 social engineering attacks are on the rise. Learn how to identify the warning signs and help keep yourself and your company safe.

During times of widespread fear and uncertainty—like the COVID-19 pandemic—cybercriminals use social engineering to trick people into taking part in their own fraud. By posing as a legitimate business, nonprofit, government or other trustworthy source, fraudsters can manipulate victims into installing malware on personal and business devices or divulging sensitive data such as usernames and passwords, personally identifying information (PII) and financial account information.

Social engineering attacks can spawn from practically any means of communication, but most are conducted via email, social media, phone call and text message. Cybercriminals often cast a wide net, targeting both individuals and businesses.

Learn ways to identify and avoid COVID-19 social engineering attacks.

 

What an Attack Can Look Like

Recently, cybercriminals have employed some of the following social engineering attacks during the COVID-19 pandemic:

  • Impersonating global health organizations in emails that contain malicious links or attachments or ask for fraudulent donations to combat COVID-19.
  • Creating fake COVID-19 novel coronavirus-themed websites that distribute malware or pandemic tracking apps that contain ransomware or spyware.
  • Sending emails with malicious links or attachments that claim to offer products that are in short supply, such as face masks and other personal protective equipment, or faster access to COVID-19 vaccines.
  • Posing as a health provider or company that offers COVID-19 insurance plans and sending a malicious link that claims to provide access to an account invoice.
  • Conducting smishing (SMS phishing) attacks, in which cybercriminals use text messages to target victims. Hackers may send texts with malicious links claiming to offer vaccines ahead of distribution lines in addition to information about the virus, free masks or stimulus payments.

 

How to Avoid Falling Victim

Cybercriminals also use social engineering to target employees for business email compromise (BEC) scams. Businesses can take steps to remain on high alert during these times:

  1. Be extra vigilant about payments controls and wary of emails that contain an attachment or link. When in doubt, contact your information security or information technology department about a dubious message.
  2. Reconcile your accounts frequently and confirm that business partners have received payments by calling a verified number. Be cautious with payment and account change requests and pay close attention to whom you are paying.
  3.  With many employees now working from home, keep contact information up to date so your bank can contact you quickly if they detect a suspicious payment.
  4. Don’t trust any requests for payments or account changes that come in through email alone. Always perform call backs to the person making the request using a known phone number from a system of record.
  5. Always perform call backs when changing the contact information for business partners as well. Don’t simply trust an email asking to change a trusted call-back number.

Finally, if you do become a victim of a social engineering attack, immediately notify your bank, file a report with IC3.gov and contact your local FBI field office to notify them of the fraud. Performing these three steps as quickly as possible may increase your chances of recovering funds.

Business Resiliency Cybersecurity and Fraud Protection covid19

Get in Touch

Prefer to talk directly to one of our experts?