BTS HelpDesk: 503-823-5199
1120 SW 5th Avenue, Suite 1111, Portland, OR 97204
Welcome to our blog. Here we will let you know the latest happenings in the information security world.
Please be aware of fraud during this new normal. Fraudsters are looking for any way to trick us
The content below is directed at state agencies, however is relevant to City of Portland employees. Some of our co-workers, friends and colleagues are on unemployment. Some of our co-workers, friends and colleagues are in Washington State and may be affected.
Also, this is an example of how fraudsters will find ways to exploit any process where they can steal money or information. Are there City of Portland processes that could be similarly attacked? If you have a concern, please contact BTS Information Security so we can provide security expertise and tools.
The United States Secret Service has received reporting of a well-organized Nigerian fraud ring exploiting the COVID-19 crisis to commit large-scale fraud against state unemployment insurance programs. The primary state targeted so far is Washington, while there is also evidence of attacks in North Carolina, Massachusetts, Rhode Island, Oklahoma, Wyoming and Florida. It is extremely likely every state is vulnerable to this scheme and will be targeted if they have not been already.
In the state of Washington, individuals residing out-of-state are receiving multiple ACH deposits from the State of Washington Unemployment Benefit Program, all in different individuals’ names with no connection to the account holder. A substantial amount of the fraudulent benefits submitted have used PII from first responders, government personnel and school employees. It is assumed the fraud ring behind this possess a substantial PII database to submit the volume of applications observed thus far.
This fraud network is believed to consist of hundreds, if not thousands, of mules with potential losses in the hundreds of millions of dollars. The banks targeted have been at all levels including local banks, credit unions, and large national banks.
COVID-19 pandemic hits the internet as well. Be cautious out there.
City of Portland Cybersecurity highlights:
COVID-19 Websites Cyber threats
Not all COVID-19 websites are safe. 48,000 COVID-19 related web domains have been registered this year.
Scammers are eager to cash in on the pandemic.
If you'd like the scary details, Sophos has an article for you: https://news.sophos.com/en-us/2020/03/24/covidmalware/
FBI resource: https://www.fbi.gov/coronavirus
COVID-19 Malware and Ransomware threats
Not only are there misleading websites there are a myriad of malware and ransomware threats. Several links are included, below, to narrow your research.
Quick To Do List:
COVID-19 malware and ransomware resources:
Be safe when you go outside, and when you go online.
Apparent 'single threat actor' conducts statewide ransomware attack of local governments in Texas
La Porte County in Indiana is the latest victim of the Ryuk ransomware.