November 27, 2020

Volume X, Number 332


November 25, 2020

Subscribe to Latest Legal News and Analysis

Beware the Coronavirus Email Scams

COVID-19 is not the only virus associated with the global outbreak. As predictably as night follows day, cybercriminals have been using the epidemic as a means to spread their malicious payloads. Companies should include information about cyber hygiene along with the CDC recommendations of hand washing, particularly given the potential for increased remote access to corporate IT systems.

Warnings have been sent regarding phishing emails mentioning the coronavirus or COVID-19 outbreak purporting to be originating with business partners or public health institutions. In the search for more information regarding the outbreak, people are more likely to open and read seemingly “official” emails, which can lead to malware infections. Other activity that has been reported are fraudulent or spoofed purchase orders for hand sanitizer that can lead to payments or other protective equipment that can result in wire transfers to fraudulent accounts and phishing emails appearing to be related to remote work or emergency planning that collect employee user names and passwords.

Our takeaways:

  • Use this opportunity to reinforce phishing training and consider tightening company defenses, including increasing the sensitivity of spam filters or tuning phishing filters.

  • Ensure that remote workers are aware of the need for secure access to the corporate network and provide VPN or other secure means for people to access remotely. Remember, “reasonable security” is still the rule of the day.

  • In addition to providing health-related information, remind employees about the possibility of malicious emails and exploits that will try to take advantage of the outbreak and associated concerns: If an invoice with wire instructions doesn’t seem right, it probably is not. If you receive a request for user name and password, call IT and ask. Stay healthy and keep your cybersecurity healthy as well.

Ransomware and malware attackers don’t observe quarantines.

©1994-2020 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume X, Number 66



About this Author

Cynthia Larose, Privacy, Security, Attorney, Mintz Levin, Law Firm, electronic transactions lawyer
Member / Chair, Privacy & Cybersecurity Practice

Cynthia is a highly regarded authority in the privacy and security field and a Certified Information Privacy Professional (CIPP). She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-...