At Huntington, looking out for you is our top priority. Unfortunately, cyber criminals are taking advantage of the coronavirus (COVID-19) situation to gain access to email, social media, and financial accounts. Additionally, malware attacks are expected to increase with the volume of coronavirus-related email communications. As we navigate these unprecedented times together, we’re always looking for ways to help protect your company’s financial data from cyber criminals looking to take advantage of you.
Many of these instances are new iterations of common phishing and malware scams, where fraudsters may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Fraudsters may also use phone calls (vishing) and texts (smishing) to try to trick you or your employees.
Fraudsters are also spoofing the World Health Organization (WHO), Centers for Disease Control and Prevention (CDC) or other similar medical, charitable and government organizations. These messages can be highly convincing, as cyber criminals often use professional “phishing kits” that perfectly match the logo, website, and email formats of legitimate organizations.
Remind your employees to be aware of texts and phone calls offering medical testing, vaccines, treatments, or alerts about critical supply shortages.
- Such calls may come from telephone numbers that are in a strange or unexpected format
- Such calls often involve the use of Voice over IP (VoIP) features such as caller ID spoofing and automated systems to make it difficult for legal authorities to monitor, trace or block
- URLs in the texts may not be fully displayed, making it difficult to identify if a login screen is legitimate
If they receive an email, text or phone call like this, they should refer to the local health department’s website for reliable coronavirus information.
Common signals of scams
Encourage your employees to be extra vigilant when opening emails from external sources, especially those that contain links and/or attachments. You may have some tools to help scan and filter out emails that are exceptional, but your employees are your first line of defense in preventing any cyberattacks. Here are a few precautions to take when reading and responding to emails:
- Look closely at the sender’s email address and domain
- Do not assume it is legitimate because it displays a corporate logo
- Do not open attachments from sources you do not recognize
- Verify the legitimacy of a link before clicking by hovering your mouse over the link to reveal the real website address
- Beware of demands for personal information, especially those with a sense of urgency
Establish or remind your employees of the company protocols to follow when something looks suspicious. For example, if they were to receive unsolicited phone calls, emails, or text messages asking them to share personal, financial, or account information, they should verify the request using an alternative method before taking any action. Direct them to locate the entity’s phone number from a trusted source, such as a secure website or a recent bill or statement. Then use that phone number to call back to verify the caller and the reason for the call are legitimate.
Visit huntington.com/Privacy-Security for more tips on protecting yourself and to learn more about how we help protect your privacy and keep your information secure.