The COVID-19 pandemic has led to an increase in employee teleworking and businesses sharing more information over the internet.
The FBI warns that scammers have seized on the increased teleworking environment and the uncertainty surrounding the pandemic. They have targeted employees of companies by sending fake termination phishing emails and fake video teleconference meeting invitations.
As of April, the FBI has learned that employees from a data security firm received fraudulent emails suggesting the company was terminating employees.
Messages included vague, attention-grabbing subject lines such as “Termination Review Meeting.” The emails cited the COVID-19 pandemic as the reason for company downsizing. They gave instructions on how to process out of the company, directing employees to click on a hyperlink in the emails to receive termination benefits. The emails contained a spoofed domain address. Employees who clicked on the malicious hyperlink received a black screen.
In another instance, an FBI investigation determined
that attackers had sent email notifications asking employees to join a video teleconference concerning their terminations. The emails contained a hyperlink to a fake teleconference service login page that read “Join This Live Meeting.” This helped make the emails appear legitimate. Recipients who fell victim to this attack had their login credentials and other data that was stored on the video teleconference platform compromised.
Businesses and organizations should be on the lookout for the following:
- Calls from employees who mistakenly believe themselves to be terminated
- Employees reporting malware or ransomware attacks on their computers
- Employees reporting suspicious activity on legitimate accounts
- Emergence of fake video teleconference applications installed on users’ smartphones or computers
The FBI recommends that employers:
- Alert employees to look for emails coming from Human Resources or management with spoofed email domains
- Select trusted and reputable telework software vendors and be careful when selecting foreign-sourced vendors
- Require the use of a password or PIN for teleconferences or web meetings
- Beware of social engineering tactics aimed at revealing sensitive information. Use tools that block suspected phishing emails or that allow users to quarantine them
- Beware of advertisements or emails purporting to be from telework software vendors
- Always verify web address of legitimate websites or manually type them into the browser
- Do not share links to remote meetings, conference calls or virtual classrooms on open websites or open social media profiles
- Avoid opening attachments or clicking on links in emails from senders you don’t recognize
Reporting Cybercrime
State Agencies should report cybersecurity incidents to the ESRMO by contacting the DIT Customer Support Center at (800) 722-3946 or via the incident reporting website at https://it.nc.gov/report.
Businesses should report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or at CyWatch@fbi.gov.
Individuals should report such incidents to the FBI at 800-CALL FBI (800-225-5324).