6 min read

Protecting Your Accounting Firm From New COVID-19 Cybersecurity Threats

Apr 16, 2020 10:30:00 AM

Protecting Your Accounting Firm From New COVID-19 cyber-security Threats | Botkeeper

Both the United States’ Cybersecurity Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) are seeing a growing use of COVID-19-related themes by malicious cyber actors. Cyber threat actors are acting as trusted entities, sending out phishing messages or malicious applications. Cybercriminals are using the pandemic for commercial gain, deploying ransomware and other malware. These actors are targeting individual users, small- to medium-size enterprises, and large corporations.

(Basically, everyone.)

Threats that have been observed are:

  • Phishing with the subject of COVID-19 as a lure.
  • Malware distribution using COVID-19 themed lures.
  • Registration of new domain names containing words that are related to COVID-19.
  • Attacks against newly deployed remote access and teleworking infrastructure.

These actors are taking advantage of user curiosity and concern around the pandemic in order to persuade potential victims to click a link or download an app that leads to a phishing website or malware download.


What Does A Phishing Email Attempt Look Like?

Most companies run cyber security campaigns to educate employees about phishing attempts and how to avoid them. In fact, there’s a pretty big chance you’ve fallen for one of them! (It’s okay, we’ve all been there.) If you’ve ever seen an email like the one below, you were a potential victim of a cyber attack. Sometimes they may even include attachments for a free download, concert tickets, or other things that may seem too good to be true. 

Botkeeper TL;DR COVID-19 Exploited by Malicious Cyber Actors | Botkeeper

Here’s what to look for to spot a phishing email:

  • Authority—Is the sender claiming to be someone official (e.g., the CEO of your firm, a lawyer, or client)?
  • Urgency—Are you being told you have limited time to respond?
  • Emotion—Does the message make you feel panic, fear, hope, or curiosity? 
  • Scarcity—Is the message offering something in short supply?

Phishing isn’t limited to email, either; SMS Phishing is an easy way to collect user data and is being used to lure in potential victims who may need financial assistance during the pandemic. So if you ever get a text or notification that seems suspicious, it’s probably best just to leave it alone and contact your IT team. Better safe than sorry!



Unknown Malware Downloads From Seemingly Reputable Senders

A number of threat actors are also using COVID-19-related lures to deploy malware. NCSC observed various email messages that deploy the “Agent Tesla” keylogger malware. The email appears to be from Dr. Tedros Adhanom Ghebreysesus, Director-General of the World Health Organization (WHO). The campaign offers thermometers and face masks to fight the epidemic and attaches images of the medical products, which contain the malware. 

Hospitals and health organizations in the US, Spain, and across Europe have all been recently affected by ransomware incidents through downloads of such malicious files as Remote Access Trojans (RATs), desktop-sharing clients, and ransomware.

But these threats aren’t limited to health organizations.


New Processes Create New Threat Opportunities

With a large majority of the world now working remotely, many organizations were forced to rapidly deploy new networks, including VPNs and related IT infrastructure to shift their entire workforce to teleworking. More specifically, accounting firms, which don’t usually operate remotely, are among organizations that rapidly shifted their work structure to virtual, leaving many of them vulnerable to these attacks. 

Now, client meetings are being held over the phone, through communications platforms such as Zoom, and by email. And in the accounting industry, there are countless pieces of fragile information being passed through teleworking. 

New Processes Create New Threat Opportunities | Botkeeper

Cyber actors are also seeking to exploit the increased use of popular communications platforms such as Zoom, Microsoft Teams, Google Hangouts, and more. They’ve been able to hijack teleconferences and online classrooms without any security controls (i.e., passwords) or with unpatched versions of the communications platform software. 

In this attempt people are now calling, “Zoom Bombing,” cyber criminals are more successful when teleworking meetings are left public. With many people using communications platforms to have side chats, happy hours, or one-off calls with clients, it’s an easy target for cyber attacks. It’s important for accountants to remain aware of these potential threats to avoid making their clients’ information—or their own firm’s data—vulnerable to phishing attacks.


Cybersecurity Tips to Prevent—Or Remedy—Attacks

The NCSC’s suspicious email guidance explains what to do if you’ve already clicked on a potentially malicious email, attachment, or link, including who to contact if your account or devices have been compromised. 

Here’s some phishing guidance your accounting firm should be following:

1. Make it difficult for attackers to reach your users. Encourage your firm to implement meeting passwords internally and with clients.
2. Help users identify and report suspected phishing emails. Though they can be annoying, weekly reminders to stay alert can save you down the road.
3. Protect your organization from the effects of undetected phishing emails. Let your users know what a fake email would look like.

4. Respond quickly to incidents. Don’t just mark the email as SPAM or move it to junk. Report it to your IT department as soon as you spot it.

And when it comes to using communications platforms such as Zoom and Microsoft Teams, keep these tips in mind:

  • Make the meetings private by requiring a meeting password, or use the waiting room feature and control the admittance of guests.
  • Do not share a link to a meeting on an unrestricted, publicly available social media post.
  • Manage screen sharing options by changing them to “Host Only.”
  • Ensure users are using the updated version of remote access/meeting apps.
  • Ensure telework policies address requirements for physical and information security.



Stay Updated And on High Alert

It doesn’t take a fool to fall for a cyber security attack, as cyber criminals are counting on you to be so swept up with busy-ness of your day that they catch you off-guard. But staying on your toes and knowing how to spot an attempt can save you from compromising important information about your company—and you. 

If you’re looking for more resources to help you navigate the COVID-19 era a little easier, check out some of the resources we’ve gathered by clicking below.




Source: “Alert (AA20-099A).” COVID-19 Exploited by Malicious Cyber Actors | CISA, www.us-cert.gov/ncas/alerts/aa20-099a.


Kalie Souknary

Written by Kalie Souknary

Kalie is a content creator with a background in writing and editing for social, email, and blogs. Her experience is heavily focused on communication, housing, and clean energy.