Now more than ever, we need to be vigilant looking for scams related to Coronavirus Disease 2019 (COVID-19). WaTech's Office of Cybersecurity is monitoring all activity and will share the latest news, updates and resources on this page.

Latest news

The Cybersecurity and Infrastructure Security Agency (CISA) released an alert reminding individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.

CISA encourages individuals to remain vigilant and take the following precautions.

• Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
• Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
• Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
• Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
• Review CISA Insights on Risk Management for COVID-19 for more information.

Resources

• CISA Releases Telework Essentials Toolkit : The Cybersecurity and Infrastructure Security (CISA) released the Telework Essentials Toolkit. The toolkit provides a long-term strategy for business leaders and their IT staff and employees to establish a more permanent telework solution for end users beyond what may have been implemented as a quick fix or temporary solution. Additionally, CISA established a dedicated a one-stop shop for telework cybersecurity guidance at cisa.gov/telework. Many products were developed in close collaboration with public and private sector partners and are applicable for critical infrastructure, government, and citizens.
• IC3 Releases Alert on Mobile Banking Apps:  The Internet Crime Complaint Center (IC3) has released an alert warning consumers of cyber risks associated with mobile banking apps. As more consumers rely on mobile apps for banking, malicious cyber actors are likely to increasingly target them with app-based banking Trojans and fake banking apps.  CISA encourages mobile banking app users to review IC3’s Alert and CISA’s Tip on Privacy and Mobile Device Apps for more information on protecting sensitive information. If you believe you are a victim of cybercrime, file a complaint with IC3 at www.ic3.gov.
• Disinformation Toolkit: CISA has issued a toolkit to help State, local, tribal and territorial (SLTT) officials to bring awareness to misinformation, disinformation and conspiracy theories appearing online related to COVID-19’s origin, scale, government response, prevention and treatment.  The Toolkit includes frequently asked questions, and flyers and provides simple steps individuals can take to combat false or misleading information related to the pandemic.
• Cyberspace Solarium Commission (CSC) Cybersecurity Lessons from the Pandemic: The CSC released a white paper that highlights over 30 recommendations from their final report published in March along with 5 new recommendations.
• FBI: Cyber criminals take advantage of COVID-19 pandemic to target teleworking employees through fake termination Phishing emails and meeting invites.
• Tips for safely using public Wi-Fi
• CISA has created an overview of coronavirus disinformation and steps that can be taken to reduce the risk of sharing inaccurate information with your friends and family.
• Cybercrime and online fraud resources for businesses and individuals from the Cybercrime Support Network
• Video conferencing best practices
• Cybersecurity online health guidance 
• Planning and Response Guidance for State CIOs (NASCIO)
• Security Awareness Deployment Guide – Working From Home (SANS Institute)
• Top Five Steps to Securely Work from Home (SANS Institute)
• Creating a Cybersecure Home (SANS Institute)
• Preventing Eavesdropping and Protecting Privacy on Virtual Meetings (NIST blog, March 17)

Websites

• Cybersecurity and Infrastructure Security Agency (CISA)

Report a cybersecurity incident

Washington state agencies should call 360-407-8800 (option #2) to report cybersecurity incidents.

Contact 

If you need assistance or have questions related to COVID-19 please contact: officeofcybersecurity@watech.wa.gov