FORT BELVOIR, Va., April 20, 2020 —
The coronavirus pandemic has created stress and fear for many, and unfortunately, hackers are taking advantage of the situation in cyberspace. With an unprecedented number of Defense Logistics Agency employees – as many as 20 to 25 thousand – teleworking in response to the coronavirus, the agency faces increased security risks.
Even though malicious actors are using the coronavirus pandemic as a cover, the threats they pose are familiar, said Paul Resh from DLA’s Cyber Emergency Response Team.
“We need to be hyper vigilant about suspicious email addresses and spoofed hyperlinks or websites,” Resh added. “Never download or open suspicious attachments. Hackers are engaging DLA using the coronavirus as a cover for all these types of activities.”
Adversaries are using COVID-19 to trigger an emotional response and tempting users to click on malicious links, DLA Chief Information Officer George Duchak recently affirmed in an email to his staff.
“It is critical that everyone continues to practice strong cyber hygiene. Cybercriminals are using a variety of approaches to try to gain access to the network and your personal information. These schemes include claiming to be from the health department, from your bank or from computer support. Be especially suspicious of any email related to COVID-19,” Duchak warned.
Follow the guidelines below to reduce risks to yourself and the DLA network.
Risks and actions related to phishing:
- Don’t trust everyone. Don’t open emails, instant messages, PDFs or cell phone texts from someone you don’t know. Report suspicious activity on your DLA devices to DLA Spam Alert instead. Spammers want your username and password, as well as personally identifiable information.
- Don’t reveal personal, family, financial or health information over email or the phone. Scammers act like representatives from your bank or hospital to solicit information from you.
- Don’t click the link. Many sites with unsolicited coronavirus advice, cures or medical products appear legitimate. The customary .com extension, along with .xyz, .zone, .digital and other obscure domains are trying to lure you in.
- Don’t visit unofficial coronavirus sites. Use valid, trusted sources such as the Centers for Disease Control and Prevention and the World Health Organization for official guidance.
General cyber hygiene tips for secure teleworking:
- Restart your workstation and establish a new VPN connection daily. Sign out when you finish.
- Choose strong, different passwords for each application.
- Ensure workstation updates and anti-virus software are current on government-furnished and personal equipment.
- Configure your home Wi-Fi with a strong, complex and unique password. Enable strong wireless encryption; don’t rely on factory defaults.
- Encrypt and sign emails if they contain For Official Use Only, PII or personal health information. Don’t store or print such information locally.
Members of the President’s Coronavirus Task Force continue to reiterate that isolation will help curb the coronavirus spread over time. For as long as employees continue working from home, protecting personal information and DLA’s mission will remain important.
Tips for “Avoiding Social Engineering and Phishing Scams” from the Cybersecurity and Infrastructure Security Agency: https://www.us-cert.gov/ncas/tips/ST04-014
Center for Disease Control COVID-19 Information: https://www.cdc.gov/coronavirus/2019-ncov/index.html