COVID-19: Data Privacy
Working From Home? Online Scammers Are Not Social Distancing
A
lthough Governor Mike DeWine’s Stay at Home order exempts legal services, many DBA members, and their clients, have found themselves learning the ropes of how to work from home in an effective manner. For many, the learning curve has been pretty steep as we participate in conference calls with barking dogs and homeschooled kids in the background. Although you have a million concerns competing for your attention during this unprecedented time, it is extremely important to avoid creating data security risks while working to flatten the curve. This March, as people scramble to identify trustworthy information about the spread of COVID-19, how they can protect themselves, and how they can get tested, spammers and scanners have taken advantage of vulnerable telecommuters. For example, in just the last few weeks, media outlets have reported on the following scams:
spoofed and malicious, infecting the user’s device with malware after a click. In some instances, the link will direct users to a page asking them to enter their email Microsoft Outlook account username and password to be collected by a scammer.
• Email Phishing: According to both the Federal Trade Com-
and household items, are running out at local stores, there are online entities holding themselves out as retailers purporting to have these items in stock. Instead, they are scams that take your payment and never deliver your ordered items. Anyone working from home who is tasked with the responsibility of ordering supplies for their organization should be conscious of online retails and conduct additional
mission and data security firm Kaspersky, email phishing schemes frequently include the use of organization names that would normally appear legitimate. Such emails appear to be coming from representatives of the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). These emails have CDC or WHO logos and headings, or have email addresses that, after a quick glance, look to be official (such as cdc-gov.org). Such links could be
24
By Zachary S. Heck Co-Chair DBA Editorial Board Taft, Stettinius & Hollister, LLP
Dayton Bar Briefs April 2020
• Domains and Apps: Website domains exist that appear to
track COVID-19 updates and health information, but actually prompt users to download malicious apps to access this information. In particular, an Android App (“COVID-19 Tracker”) has been circulating that, once downloaded, infects the device with ransomware and then demands payment or else the data on the device will be erased. Additionally, various websites have promoted themselves as infection map reports, but instead spread password-stealing malware.
• Goods Delivery: Although goods and supplies, such as cleaning
continued on page 25
937.222.7902
