There is a new digital scam using the coronavirus scare to target people through emails, phone calls, and now text messages, according to the Better Business Bureau. Please be aware of concepts such as Social Engineering and Phishing to protect your church’s network. Scammers send text messages with a URL address that encourages mobile users to claim emergency money for groceries due to the current coronavirus outbreak. The URL then sends the mobile users to malicious sites that steal their information like email addresses, passwords, credit card numbers, bank information, and money. The following sections will help you improve your church’s cyber safety.
What is Social Engineering?
Social Engineering is a form of psychological manipulation. Someone from your staff may receive a phone call, an email, or an on-site visit from someone who is supposedly there to help you with an unknown or unforeseen problem. They appear to be helpful, asking you to click the link to let them log into your computer remotely or have physical access to your network closet they can quickly help so that you may resume your regular day. The attacker tries to trick you into revealing passwords or even give them direct access to your computer. Once they have this access, they can quietly look over all of the computers on your network for weaknesses.
What is Phishing?
Phishing attacks involve email, instant messaging or text messages. Phishing messages appear to come from legitimate companies or even your co-workers. They contain requests for you to click a link to log into a website, provide your credit card or social security information, or to wire money to cover an emergency. Once an attacker has your login information, they can check major websites to determine if you use the same password (or few passwords) everywhere.
How can your church avoid these cyber-attacks?
- Don't open unfamiliar emails.
- Don't click on links unless you're sure of where they will take you and what they do.
- Delete any request for financial information or passwords. If you get asked to reply to a message with personal information – it’s a scam.
- When on the phone, double-check about who you are speaking with. The person may not be who they claim to be.
- Don't tell anyone your passwords - ever.
- Don’t reveal your church’s information i.e. office hours, employee details, etc.
- Check a website’s security before you send information. If you don’t see a security lock icon next to the URL, don’t progress into their site.
- Install and maintain antivirus software with monthly check-ups.
What to do if you are compromised by one of these attacks?
You should take the following actions:
- Report this issue to whoever is responsible for your computers. They can keep an eye out for suspicious activity on the network.
- If you disclosed financial information contact your bank immediately. Close any compromised accounts.
- Change any compromised passwords everywhere it is in use.
- Monitor for signs of identity theft. You can find out more information on preventing identity theft by visiting US-CERT Security Tip (ST05-019).
- The BBB warns people to be aware and protect yourselves and your church of these timely and tech-savvy cons that are pretending to be trustworthy companies and government agencies. Stay safe, create strong passwords, and change them regularly for all of your church’s financial accounts.
Reference: https://www.us-cert.gov/ncas/tips/ST05-019
https://www.bbb.org/council/coronavirus/