12 minute read
Protect Yourself Online from COVID-19 and Coronavirus-related Scams
Protect Yourself Online from COVID-19 and Coronavirus-related Scams By Allison Kaminsky, Deputy Executive Director, Texas Rural Water Association
Cybercriminals are opportunists who are always adjusting their tactics to take advantage of individuals and organizations, and the COVID-19/Coronavirus pandemic is no exception. These criminals are exploiting the widespread desire for information, concern and fear surrounding the virus and a high-stress situation to attack their victims when they are most vulnerable.
In a recent statement, the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the United Kingdom’s National Cyber Security Centre, announced that they are seeing a growing use of COVID-19 related themes by cyber attackers. These criminals are using COVID-19 or coronavirus-themed scams to target individuals, small and medium businesses and even large organizations.
Phishing is a very common online tactic in which bad actors use deceptive emails or websites to either solicit sensitive information or distribute malware to their victims. In the wake of the pandemic, cybercriminals have been using phishing campaigns using the subject of COVID-19 or coronavirus as a lure. Many of these scams create the impression of authenticity by using legitimatelooking logos, official sounding titles and spoofing sender information so it looks like it’s coming from a trustworthy source. Examples of recent observed phishing email subject lines include: • 2020 Coronavirus Updates • Coronavirus Updates • 2019-nCov: New confirmed cases in your City • 2019-nCov: Coronavirus outbreak in your city (Emergency)
These emails often contain a call to action that encourage the victim to either open an attachment, download a file or visit a website that the bad actor then uses to either steal valuable data, such as usernames or passwords, credit card information, and other information, or distribute malware. In some instances, links embedded in the email will take the user to a fraudulent page that is impersonating a trusted site, such as Microsoft or Google, and prompt the user to enter their credentials. Typically, the only way to identify these sites is by closely examining the URL to find discrepancies. Once entered, the site captures your username and password and the cybercriminal can use that information to access your online accounts and further acquire your personal and sensitive information.
Though most phishing attempts come by email, phishing can be carried out by other means as well, such as by messaging services, such as text message (SMS) or WhatsApp. These phishing attempts have been observed to have a financial theme associated with the pandemic, where victims readily surrender their contact and banking information to these bad actors under the false premise that they are signing up for government employment or financial support packages. In general, be suspicious of any messaging surrounding government aid packages responding to COVID-19, as this will continue to be a popular theme in phishing campaigns.
Phishing campaigns intended to deploy malicious software, or malware, are typically designed to prompt a victim to open an attachment or click on a link to a malicious website to download a file that then compromises the device in use. Malware can be designed to do a range of things and can take on many forms. Common forms of malware include: • Spyware — Malware designed to covertly gather information and perform reconnaissance and report back to the attacker. • Ransomware — Malware designed to encrypt your data so that you cannot access it so the attacker can then demand you do something to get it back. • Virus – A self-replicating program designed to damage its target computer by attaching itself to a clean file and spreading, infecting files with malicious code. • Trojan – Malware that enters your system disguised as a normal, harmless file or program
to trick users into downloading and installing malware. Once a user has installed a Trojan, the cybercriminal has access to your system to steal or destroy data, modify files, install more malware, monitor user activity, etc. Trojan malware cannot replicate by itself; however, if combined with a worm, the damage Trojans can have on users and systems is endless. Worm – Malware that spreads copies of itself from computer to computer by exploiting operating system vulnerabilities. A worm can replicate itself without any human interaction, and it does not need to attach itself to a software program in order to cause damage. • Always be wary of unsolicited texts, messages, calls or social media pleas related to COVID-19. • Never reveal personal or financial information in email and do not respond to email solicitations for this information. • Verify a charity’s authenticity before making donations
Visit the CISA’s website at us-cert.gov for additional guidance on how to protect yourself online. The agency has created a hub specifically for issues related to the Coronavirus and COVID-19 at cisa.gov/coronavirus.
COVID-19 or Coronavirus-related themes are currently being used to encourage users to open malicious files containing malware payloads. One known example of this is a campaign attempting to distribute a file named “President discusses budget savings due to coronavirus with Cabinet.rtf.” Other recent examples include a fraudulent email campaign appearing to be sent from the DirectorGeneral of the World Health Organization and a similar campaign falsely offering face masks and thermometers to fight the pandemic. Both of these campaigns attempt to deploy keylogger malware on users’ machines.
These are just a few examples of recent scams designed by cybercriminals to take advantage of individuals and organizations. Make yourself a harder target and take proactive steps to protect yourself and your sensitive information. Some of these steps should include:
Quench Bus Card Ad 2018 .qxp 2/22/18 8:01 PM Page 1
1 - 8 0 0 - 3 2 7 - 9 7 6 1 ( e x c e p t F L ) E - m a i l : r e g a l @ r e g a l c h l o r i n a t o r s . c o m
T E L ( 7 7 2 ) 2 8 8 - 4 8 5 4 F A X ( 7 7 2 ) 2 8 7 - 3 2 3 8
Y o u r T R U S T E D S e l e c t i o n f o r W a t e r D i s i n f e c t i o n
1 0 4 4 S . E . D i x i e C u t o f f R o a d , S t u a r t , F L 3 4 9 9 4 U S A w w w . r e g a l c h l o r i n a t o r s . c o m
O N L Y 6 8 P A R T S I N O U R C H L O R I N A T O R
If you are seeking information related to the COVID-19/ Coronavirus pandemic, visit trusted websites such as the Center for Disease Control at www.cdc.gov. Exercise caution when handling any email with a COVID-19 or coronavirus-related subject line, attachment or links, especially when the email is from an unfamiliar source.
If you are interested in having us as your partner, feel free to contact one of our department representatives below
NEW TANKS — Rick DiZinno (270) 826-9000 ext. 2601 EXISTING TANKS — Patrick Heltsley (270) 826-9000 ext. 4601 In-Service Cleaning
Code Updates
A Q&A column with TRWA Technical Assistance Director Larry Bell
Q: Our standard procedure for field calls is to have two workers travel together to the job site in the same vehicle. Due to COVID-19, social distancing procedures make this impossible, so we have been having workers trade off using their own vehicles and company trucks to get to work sites. Would you recommend this practice?
A: While your instincts to separate workers from each other in this way were absolutely correct and in line with the recommendations of healthcare professionals, I think there is a better way to do this. The coronavirus is known to live on surfaces for many hours after making contact with that surface. Think of all the surfaces a person regularly touches when they are driving — door handles, steering wheels, seat belts, radio controls, gear shifts, etc. After one driver finishes using a vehicle, he or she has potentially left the virus all over the place for the next driver to encounter when its their turn to get behind the wheel and start touching all those same surfaces.
Since deep cleaning and sterilization between every shift isn’t practical, I recommend assigning your work vehicles to a single driver for the duration of this crisis. For employees who must use their personal vehicles to travel to worksites, you should reimburse them for their mileage — just be sure to require them to submit mileage logs for travel to and from worksites, and make it clear that you will only reimburse for workrelated travel. For 2020, the Texas Comptroller has set the mileage reimbursement rate at 57.5 cents per mile.
Q: As the COVID-19 emergency continues, what measures should our water system be taking to ensure we can continue adequately serving our customers?
A: Water operators are essential personnel and should be prepared to address potential impacts to supply due to personnel interruptions tied to COVID-19. Water systems play a vital role in public health, and TRWA recommends that systems take the following actions to ensure the continuing functionality of their critical operations and systems: • Identify essential employees required to maintain continuous operation and designate an emergency backup for these employees in the case they cannot report to work. • Make sure essential employees have documentation describing their essential status to show to law enforcement in case your area enacts a shelter-in-place order (TRWA has provided a template for this documentation on our COVID-19 Hub – www. trwa.org/page/covid • Strategize implementation of an ancillary workforce (e.g. neighboring water systems, contractors, employees in other job titles/descriptions, retirees) to operate utilities on emergency basis. • Stay stocked on chemical supplies and order products ahead of schedule to avoid delays from understaffed chemical suppliers. • Generate a back-up supplier contact list for essential chemical and operation needs. • Update/create detailed written instructions for crucial operations (i.e. shutdown, water quality sampling, public notification, etc.). • Review/update emergency response plan and contacts. Identify key customers — hospitals or care facilities — with special needs.
• Discuss cybersecurity precautions when using remote access. Back-up critical files frequently as a prevention measure to restore data. • Consider emergency food and overnight necessities at 24-hr facilities for personnel working long shifts. • Encourage personnel to stay home when they are sick. Provide work-from-home or sick leave options. Discuss backup or alternative shift rotations for personnel that need to stay home to care for themselves and/or loved ones. • If possible, make a plan with your family and any groups that you lead in case of school/ work closures. • Limit meetings, gatherings and travel.
Encourage personnel to postpone all non-essential travel to areas affected by
COVID-19.
Q: Is there a standard template drought contingency plan that systems must file with the TCEQ or can systems develop their own? What role do various regulatory entities play in the drought contingency planning process?
A: Systems are required to have a drought contingency plan that addresses water restrictions during times of drought or other conditions that might reduce water availability; however, there isn’t a “standard” plan that they are required to follow. Each water system, county, wholesale water provider, water aquifer authority or other entity is free to develop and implement their own plan, including establishment of various restriction stages and triggering events. These triggers should take into account each system’s unique production, storage, pumping, distribution system hydraulics, planned improvements and emergency repairs’ level of impact on the system to ensure that the system can maintain water for all their customers in the event of water scarcity.
Water systems might be subject to additional restrictions if they receive water from a wholesale provider. These providers have their own drought contingency plans to contend with, so they sometimes require their purchasers to adopt a rationing plan that aligns with theirs. Groundwater conservation districts (GCD), which manage the permitting of groundwater, also might impose rationing restrictions on utilities operating within their jurisdiction to ensure the continued viability of that water resource.
The TRWA Sample Tariff includes a drought contingency plan template that can be amended as a system desires or to account for restrictions placed on the system by a purchase water contract, GCD policy or policy of any other entity with regulatory jurisdiction over the system. These provisions can be drafted to accommodate for any drought or water level conditions that would trigger water restrictions. Systems can also include provisions in their plan to address additional factors that might cause them to have less water available than they would have under normal conditions, such as scheduled maintenance and repairs of storage tanks, water lines and other infrastructure.
Q: The owner of a commercial property currently has a standard ¾” meter that services a few business suites. The owner plans to expand its operations on the property, and has requested a larger 2” meter to accommodate that growth. Since the owner already paid an equity buy-in fee (EBIF) for its current ¾” meter, can we charge them new EBIF for the larger meter?
A: In this situation, you’re not really charging the customer a “new” EBIF so much as you’re charging them the correct EBIF for the additional capacity they now require. According to the American Water Works Association (AWWA), a nonprofit scientific and educational association within the water industry who puts out a variety of common industry standards, a 2” meter is the equivalent of eight standard ¾” meters. This is because a standard ¾” meter is capable of supplying roughly 20 gallons per minute, while a 2” meter can provide approximately 160 gallons per minute.
Section G of TRWA’s Sample Tariff reflects this equivalency value for purposes of calculating a utility’s EBIF: whatever amount the utility calculates for a customer with a ¾” meter’s EBIF is multiplied by eight to get the EBIF a customer owes for a 2” meter. Since this customer has already paid the EBIF for their standard-size meter, they would owe the difference in the 2” meter EBIF once they upgrade to the larger size. In other words, the customer will owe an additional EBIF for the seven new service unit capacities they are requesting above their current ¾” meter.
If you have a technical question you would like answered, please e-mail larry.bell@trwa.org.
