Chad Park

Chad Park

Although COVID-19 has been an obvious threat to small businesses, the recent uptick in cyberattacks makes it clear that entrepreneurs have other types of viruses to watch out for.

According to a report by Microsoft, every country in the world has seen at least one COVID-19-themed cyberattack. Because the uncertainty and fear around the pandemic is creating new opportunities for cybercriminals, it’s important to be aware of the most common attacks your small business may experience.

Coronavirus cyberthreat No. 1: Business email compromise

Business email compromise (BEC) is a scam that targets anyone who conducts wire transfers. Hackers leverage spoofed or compromised email accounts of top executives to trick employees into transferring funds. Recently, the FBI warned of an increase in BEC scams targeting U.S. municipalities purchasing supplies to help limit the impact of the coronavirus. 

Other examples of COVID-19 BEC scams include:

  • Requesting a change in transfer date and recipient account because of the coronavirus outbreak, quarantine processes and precautions.
  • Impersonating a client in a location heavily impacted by COVID-19, then requesting invoice payments to be changed to a different bank because their regular accounts are inaccessible due to “coronavirus audits.”

To defend against business email compromise, be skeptical of any last-minute changes in wire instructions or recipient account information. It’s also wise to verify any changes through your contact on file instead of through the sender of any suspicious emails.

Coronavirus cyberthreat No. 2: Phishing

Phishing is when cybercriminals send emails posing as legitimate organizations, usually pressuring the recipient to open an attachment or click a link that’s embedded with malicious software.

These are some of the most popular COVID-19 phishing emails that are circulating:

  • Emails that imitate the U.S. Centers for Disease Control and Prevention that typically link to a fake list of local coronavirus cases embedded with malware.
  • Emails claiming to offer professional medical advice or fraudulent supplies, test kits or cures for the coronavirus.
  • Workplace policy emails masquerading as employers sending safety announcements and asking their targets to review mandatory policies by opening an attachment or clicking a link.

To defend against phishing, check the sender’s email address to verify it’s legitimate and be wary of opening unknown attachments or clicking on links. Watch for spelling and grammatical mistakes or emails that demand you act now, which are common signs of a phishing attempt.

Coronavirus cyberthreat No. 3: Virus-tracking apps or sensationalized news reports that deliver malware

During a crisis, people are naturally hungry for information. Hackers are exploiting this need through using coronavirus tracking apps or clickbait websites to infect users with malware. If your employees have access to their work email or sensitive information on their mobile devices, your business could be put at risk.

To decrease this possibility, avoid downloading apps from third-party app stores or social media and resist the urge to click on any sensationalized post. It’s also important to keep your mobile devices and computers up-to-date with the latest antivirus software, web browser and operating system.

What happens if a hacker breaches your defenses?

It’s difficult to stop unauthorized payments if a hacker gains access to your system. Fortunately, it’s possible to implement multiple lines of defenses.

Ask your bank to obtain dual authorization before clearing a transfer, which can be efficiently implemented through an electronic system. For instance, Zions Bank offers Positive Pay, a verification service that helps businesses identify and report fraudulent and unauthorized payments.

Of course, it’s more desirable to stop a hacker from ever gaining access to your system. During a vulnerable time like the current pandemic, it’s even more important to work with a financial institution with experience dealing with cybercriminals and products that can help safeguard your financial assets.

Chad Park is the Eastern Idaho market manager of Business Payments and Technology for Zions Bank, a division of Zions Bancorporation, N.A. Member FDIC. He can be reached at 208-542-4456 or