Insights

Cybercriminals on the Prowl During Times of Crisis

Fraudsters only need one wrong click. Here are five tips to protect yourself online.

By Erin Jones | April 28, 2020

cyberfraud

Whether you’re trying to snag the best deal on an online store or log into your bank account, fraudsters are taking advantage of the surge in internet traffic caused by so many people staying at home, for work or school, during the pandemic.

Cybercriminals are lurking around every internet corner waiting for you to make a wrong move.

“It’s alarming to see the number of cybercriminals and other malicious online sources capitalizing on the COVID-19 outbreak,” said Paul Tucker, chief information security officer at BOK Financial. “Unfortunately, they can easily target people and organizations who are most vulnerable, maybe even those searching online for face masks, thermometers or pandemic-related information. With the world on edge, it’s important to not only protect ourselves physically but also maintain a safe cyber environment.”

Tucker offers five basic tips for keeping yourself safe online.

Create unique and strong usernames and passwords.

What makes usernames and passwords secure? Choose different ones for each of your online accounts. Avoid using any personal information in your username (like your birthday, address, Social Security number), and never reuse passwords for multiple sites.

“Cybercriminals take advantage of easy-to-crack or reused passwords,” Tucker said. “If fraudsters obtain your password, they will try to gain access to other online accounts. I highly suggest regularly updating all of your passwords to keep them secure.”

Enable multi-factor authentication when prompted.

To protect online users, sites and online accounts are enabling multi-factor authentication. This method grants users access to the account only after they satisfy two or more login factors, such as authentication via a phone call, text message, email or push notification.

“Even if cybercriminals obtain your password, they may be stopped by the protections of multi-factor authentication,” Tucker said. “Yes, it is an additional step you have to take when logging into an account, but this extra level of protection could be the one thing that keeps an attacker out of your accounts.”

Only visit familiar, secure sites.

Whether you’re going to an online retailer offering big discounts or a nonprofit organization seeking donations, cybercriminals are watching. Fraudsters impersonating the World Health Organization (WHO) and other COVID-19-related organizations try to trick individuals into sharing personal information or clicking on malicious links or websites.

“Cybercriminals are using a variety of tactics,” Tucker said. “Not only are they creating fake websites at an alarming rate and luring users to act, but they’re also masking themselves as organizations aiding in recovery efforts and trying to steal your money.”

Only visit familiar, valid websites, and be sure they are authentic. Tip: Look for sites that begin with “https” or have a padlock icon in the address bar. If something seems off, it probably is. These few extra seconds will help you stay cyber safe while shopping online. The World Health Organization (WHO) and the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) have outlined additional details on the recent threats related to COVID-19.

Think before you click.

In addition to creating fake sites, fraudsters are also replicating discounts or calls to action and luring customers with malicious links. Fake emails called phishing, plus spoofed text messages and phone calls are just a few ways cybercriminals try to access your information or bait you to click and install malware on your device.

Phishing emails or suspicious messages typically:

  • Use urgent messaging, such as “Click Now!” or “Must Act Now!”
  • Evoke a sense of urgency or cause panic, such as declined payment, past due or cancellation notice.
  • Entice users with rewards, gifts or incentives.
  • Request your username and password for access.
  • Contain mismatched URLs, email addresses or misspelled words.
  • Include unexpected means of communication with files or links.

Don’t let down your guard, Tucker cautioned. Some cybercriminals can use fake emails from someone you know, a technique called Business Email Compromise.

In this scam, fraudsters send emails from a compromised, yet known account, asking recipients to complete unusual tasks. Since the recipient knows the sender, these cybercriminals are relying on the end-user to act no matter what’s being asked of them.

“Cybercriminals are banking on one wrong click,” Tucker said. “If you’re going through emails or text messages and receive something from an unknown sender, assume the worst. Do not click on anything unfamiliar. Taking the time to slow down and think before you click could save you a lot of frustration down the road.”

Monitor your accounts for unwanted activity.

Keep watch on your bank and credit card accounts for any suspicious activity. If you see unauthorized transactions, immediately contact your bank or credit card provider for next steps and potential corrective actions.

“It’s important to remain vigilant while online, both in a pandemic and when our day-to-day routines return to normal,” Tucker added. “Remember to be aware, think before you click and report fraud when you encounter it.”

Learn more about BOK Financial’s online security here, or call 844-517-3308 to report suspicious activity on BOK Financial-related accounts.

Additional Resources