Keeping Your Alarm Monitoring Company Safe from COVID-19 Scams

In early March, the Department of Homeland Security (DHS) released a cybersecurity warning to businesses and individuals about the dangers of charity scams.

How the Scams Happen

Many alarm monitoring companies and individuals are being targeted, and in the heightened state of panic that exists around COVID-19, it’s important to be aware of what’s true and how to avoid letting cyber criminals seize on fears.

According to DHS, cyber actors may send malicious email attachments or links. Once clicked, those links or attachments can lead victims to entering sensitive information or donating to fraudulent charities.

If your alarm monitoring company receives an email about the coronavirus, it’s important to take extreme caution. Make sure your employees are aware of what’s happening, and take steps to prevent any data leak or financial loss. Don’t click on any attachment or hyperlink if you think it may be associated with a COVID-19 scam. In addition, be wary of any calls, texts, or social media pleas in correlation to the virus.

What To Look Out For

Tatyana Shcherbakova, senior web content analyst at Kaspersky, reported an email impersonation scam that appeared as if it came from the World Health Organization, which contained an attached document claiming it offered safety measures for preventing infection. Clicking the button at the end of the email would redirect users to a phishing website asking to input personal information.

Shcherbakova said that the scam shows “how cybercriminals recognize and are capitalizing on the important role WHO has in providing trustworthy information about the coronavirus.” She added that the email campaign, which includes the WHO logo, looked more realistic than ever before.

Even if an email doesn’t take you to a phishing website, be aware of accidentally downloading malware or infecting your computer. MalwareHunterTeam found another scam from what appeared to be WHO, but actually installed the FormBook information-stealing trojan. In the email, the user is falsely instructed to contact an attacker-controlled email address, which was to “contact the Corona-virus Disease Grants/Donation board for a grant or donation application.”

FormBook, once on the computer, “is capable of copying clipboard contests, keylogging, extracting data from HTTP sessions, and executing commands given by a command-and-control server. Such functionality can allow attackers to steal banking and website login credentials and cookies,” the report from MalwareHunterTeam said.

How to Keep Your Alarm Monitoring Company Safe

Now that you know what to look out for, how can you keep your alarm monitoring company or other business safe? The DHS’s Cybersecurity & Infrastructure Security Agency has come up with the following guidelines and links to help prevent you or your company from becoming victims to one of these scams:

• Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
• Use trusted sources — such as legitimate, government websites — for up-to-date, fact-based information about COVID-19.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
• Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
• Review CISA Insights on Risk Management for COVID-19 for more information.