Protect Your Club from Increased Phishing

Phishing scams are on the rise during the COVID-19 pandemic. Cyber criminals play on our emotions and know vulnerable people are more likely to make irrational choices. Build training into your club’s cybersecurity plan to help your employees spot and avoid expanding phishing scams. 

Phishing is when someone uses emails, texts or phone calls that mimic legitimate business requests in an attempt to gain your club’s valuable information, or get access to your club’s computer or network. Clicking on a link included in fraudulent emails or texts can install ransomware or other programs that lock your data or allow your information to be stolen. 

During the pandemic, attackers are targeting people who are working from home. Many employees are using personal computers that lack the same level of security provided by businesses. Cybercriminals also take advantage of virtual meetings by increasing phishing attacks on collaboration and meeting platforms. They lure recipients into responding by saying they are required to join a virtual meeting using their employee credentials on fraudulent collaboration websites.

Share these tips to help your staff identify phishing attempts:

• Check links by hovering a mouse over them. Legitimate meeting invitations use URLs that correspond with the tools they’re associated with.  

• Invitations asking for a username and password to join are red flags. Never provide your login information to anyone.  

• Were you expecting the meeting invitation or was it sent out of the blue? Is it from someone you know? Contact the sender it’s supposed to be from to verify the information.

• Phishing often involves attaching malware disguised in an executable file or an innocent-looking Microsoft Office document. Don’t open or download attachments you’re not expecting, or from someone you don’t know.

Here are a few additional fraud protection tips: 

• Hang up on robocalls and don’t press any numbers. 

• Be aware of fraudulent websites and news sources containing claims to be contact tracers or professionals providing COVID-19 cures, treatments, vaccines or testing kits. 

• Use only legitimate, government websites for current, fact-based information about COVID-19.

• Beware of communications promising stimulus checks. 

• Verify a charity’s authenticity before making donations. 

• Be extra vigilant in managing risks. Review the Cybersecurity & Infrastructure Security Agency’s Insights publications at cisa.gov for information about risk management for COVID-19.

Make security awareness training a priority for your club to limit exposure. The threat from phishing and ransomware is very real and continues to evolve daily. Training now can help you avoid having to test the boundaries of your disaster recovery plan later.