Hackers leverage COVID-19 for cybercrime

Remote work, rising unemployment lead to increases in phishing and malware attacks.

September 23, 2020

The spread of the coronavirus (COVID-19) has created more opportunities for cyber criminals as more people work remotely and find themselves unemployed.

Security expert Jim Stickley outlined the latest measures cybercriminals are using to prey on consumers during the CUNA Governance, Risk Management & Compliance Leadership Virtual Conference.

“With millions out of work, suddenly hacking other people makes sense to some,” Stickley “This is worldwide, so you have a ton of people looking to make money, and often that doesn’t happen by legal means.”

Phishing is the most common method cybercriminals use to scam people, Stickley says. These emails entice users to provide personal information or click on an attachment that will install malware on their computers.

“Today, a hot topic for those emails is COVID,” he says.

Phishing emails are becoming more sophisticated, making it more difficult to determine fraudulent messages from legitimate ones.

Stickley offers a low-tech but effective measure to prevent phishing attacks in the workplace. “Come up with a code you can look for among your co-workers in every email.”

As more people work remotely, home networks present a bigger point of vulnerability. Hackers can use the other computer on the network as a conduit to gain access to the corporate network through a virtual private network.

That’s how the Target breach occurred in 2015, Stickley says.

“You’re opening a Pandora’s box every time another computer logs on to that home network,” he says.

The No. 1 security precaution home users can take is to apply firmware updates to the hardware that connects the Internet.

“Look for the website on the back of the device, go to that website, and download any updates that are available,” Stickley says.

Websites also present threats. Criminals engage in a practice call “typo squatting,” where they buy a domain that is one mistyped character off from a legitimate domain.

“They set up web sites that look just like the real web sites, and use that to gain access to your computer,” Stickley says.

Even legitimate web sites present dangers through advertisements. Hackers install malware on ads that send their browsers to malicious sites.

“When you’re going to a website you’ve never been on, do some research first,” Stickley says. “If the company has been around for a while, they’ll give information specifically about that domain. If nothing at all comes up, that’s a bad sign.”

► Visit CUNA News for more conference coverage. Learn more about the CUNA Governance, Risk Management, and Compliance Leadership Virtual Conference at


Cyber Liability and Intelligence, a member benefit recorded webinar

5 keys to an effective risk management program