Resource Center

Keeping Your Alarm Monitoring Company Safe from COVID-19 Scams

Apr 2, 2020 8:00:00 AM

In early March, the Department of Homeland Security (DHS) released a cybersecurity warning to businesses and individuals about the dangers of charity scams.

How the Scams Happen

Many alarm monitoring companies and individuals are being targeted, and in the heightened state of panic that exists around COVID-19, it’s important to be aware of what’s true and how to avoid letting cyber criminals seize on fears.

According to DHS, cyber actors may send malicious email attachments or links. Once clicked, those links or attachments can lead victims to entering sensitive information or donating to fraudulent charities.

If your alarm monitoring company receives an email about the coronavirus, it’s important to take extreme caution. Make sure your employees are aware of what’s happening, and take steps to prevent any data leak or financial loss. Don’t click on any attachment or hyperlink if you think it may be associated with a COVID-19 scam. In addition, be wary of any calls, texts, or social media pleas in correlation to the virus.

What To Look Out For

Tatyana Shcherbakova, senior web content analyst at Kaspersky, reported an email impersonation scam that appeared as if it came from the World Health Organization, which contained an attached document claiming it offered safety measures for preventing infection. Clicking the button at the end of the email would redirect users to a phishing website asking to input personal information.

Shcherbakova said that the scam shows “how cybercriminals recognize and are capitalizing on the important role WHO has in providing trustworthy information about the coronavirus.” She added that the email campaign, which includes the WHO logo, looked more realistic than ever before.

Even if an email doesn’t take you to a phishing website, be aware of accidentally downloading malware or infecting your computer. MalwareHunterTeam found another scam from what appeared to be WHO, but actually installed the FormBook information-stealing trojan. In the email, the user is falsely instructed to contact an attacker-controlled email address, which was to “contact the Corona-virus Disease Grants/Donation board for a grant or donation application.”

FormBook, once on the computer, “is capable of copying clipboard contests, keylogging, extracting data from HTTP sessions, and executing commands given by a command-and-control server. Such functionality can allow attackers to steal banking and website login credentials and cookies,” the report from MalwareHunterTeam said.

How to Keep Your Alarm Monitoring Company Safe

Now that you know what to look out for, how can you keep your alarm monitoring company or other business safe? The DHS’s Cybersecurity & Infrastructure Security Agency has come up with the following guidelines and links to help prevent you or your company from becoming victims to one of these scams:

Take advantage of our robust library of industry and AG related news, articles, webinars and other resources available through our resource center to enhance your success.  You will also discover valuable insights and content you can share with your subscribers through your website, newsletters, and emails.

Receive more useful content like this by signing up for our weekly AG Newsletter below: