WOLF & CO Insights Covid-19 Scams: How A vCISO Can Help You Mitigate The Impacts During A Pandemic

Covid-19 Scams: How A vCISO Can Help You Mitigate The Impacts During A Pandemic

The disruption, confusion, and alarm caused by the COVID-19 pandemic is sweeping towns, cities, and nations alike—providing the perfect opportunity for cyber scammers to attack. Across the globe, cyber criminals are capitalizing on pandemic panic, using creative, malicious schemes related to the coronavirus to lure businesses and their employees in the hopes of downloading malware, stealing credentials, or taking money.

Here are just a few of the dangerous ways hackers have used COVID-19 to target businesses and individuals:

  • Barracuda uncovered 1,008 blackmail attacks in which the scammer emailed the user claiming to have personal information and know the location of the victim. The attacker then threatened to infect the victim and their family with COVID-19 if a ransom wasn’t paid.
  • Scammers have also used phishing emails to request donations for fake charities related to Coronavirus relief. Barracuda caught one scam that claimed to come from the World Health Community—an organization that doesn’t exist—and asked for donations to a Bitcoin wallet that was provided in the email.
  • A specific malware, called Emotet, was discovered by IBM X-Force. This malware was attached to Japanese emails that claimed to be from a disability welfare provider. If clicked on, the malware was downloaded, installed, and enabled on the device—allowing malicious actors access to personal information.
  • Another malware discovered was AzorUlt, which is being distributed through phishing emails claiming to have maps of the outbreaks.
  • Law enforcement is warning businesses to be aware of cyber scams that claim to be from the Centers for Disease Control and Prevention (CDC), the Red Cross, or other health organizations.
  • According to a study conducted by Check Point, domains related to the coronavirus are 50% more likely to be malicious than other domains that were registered during the same period.
  • Cyber criminals are offering businesses and individuals the opportunity to invest in upcoming cures or treatments. The Securities and Exchange Commission (SEC) is warning investors about fraudulent companies with products claiming to prevent, detect, or cure COVID-19.
  • According to Reuters, banks have reported being scammed into exposing passwords and data by actors posing as the banks, governmental bodies, and healthcare providers.
    • Phishing attacks, authorized bank transfers, and payment division frauds have been some of the largest focused scam areas
    • One business fell victim to a scam that had them transfer £25,000 ($29,370) to a fake government initiative called “The Central Employers Scheme” claiming to cover sick pay during the outbreak
    • Due to U.S. banks pushing their customers to use online banking, reports have found that scammers have been impersonating FDIC officials and urging users to give up their data because their current lender was about to collapse

Mitigate Negative Effects: vCISO

Security scams like those listed above have been taking advantage of widespread confusion felt by businesses and individuals. Are your systems optimized to deal with the recent influx in malicious attacks due to COVID-19? Are your employees, controls, and processes ready to combat these money and extortion scams?

In many cases, an Information Security Officer (ISO) handles the defensive strategies needed to mitigate the negative impacts of cybersecurity breaches (such as those caused by scamming). However, if you’re a smaller company that didn’t have the resources to have a full-time ISO prior to the COVID-19 outbreak, or possibly a larger company that left security implementations to the IT department, you may have found yourself recently scrambling to pin down procedures to negate the possible effects of email phishing attacks and scams.

For companies searching for a way to combat the risk of malware, credential theft, scams, and email phishing attacks during this pandemic, a virtual Chief Information Security Officer (vCISO) could be the perfect choice.

As an outsourced practitioner who offers their time and insight to an organization on an ongoing basis (usually part-time and remotely), a vCISO can offer proven, professional insight and guidance to protect your business’s systems against these cyber threats.

Proven Expertise and Implementation: Virtually

With the 667% increase of phishing emails in the past two months alone, the rate of scams and malicious attempts to infiltrate systems is creating a far greater risk of a company experiencing a security breach. Companies need mitigation strategies in place, and the anxiety surrounding the pandemic has caused organizations to want these strategies as soon as possible. With a vCISO, you get top-tier advisors with a vast depth of experience in the field. These are already trained professionals able to virtually:

  • Manage and protect critical data assets
  • Manage data security from a strategic level
  • Define, create, and implement an information security strategic plan
  • Integrate data security into corporate strategy


With the laws and regulations surrounding social distancing, as well as governmentally mandated stay-at-home guidance, you need a reliable source that’s able to provide the best possible solutions to mitigate your security risks related to cyber attacks remotely. vCISOs are trained to analyze risk, assess mitigation strategies, and implement security processes virtually and remotely.


The ISO role is hard to fill. And, due to salary requirements and organizational experience, supporting the function of an ISO is a difficult proposition. An experienced vCISO can fill this role at a fraction of the cost of a full-time staff member—lifting a significant fiscal burden from organizations during a time of possible layoffs, dips in sales, and other disruptions.

It’s Not Too Late

The services of a vCISO are not just preventive. vCISOs provide actionable steps to reverse the negative effects of these attacks during a pandemic, and can then implement strategic initiatives to stop hackers before problems increase. Employing a vCISO mid-pandemic could give your company the edge to secure your systems against malicious actors capitalizing on the coronavirus.


Hackers are jumping through hoops and bending over backwards creating new, innovative, and malicious ways to get your company’s credentials, passwords, data, and money during this pandemic. Don’t let them in. Many businesses don’t have a designated security official to help stop these security breaches—leaving them vulnerable. During these unprecedented times, a vCISO might be an optimal choice. Their remote capabilities, expertise, and cost effectiveness are perfect for a pandemic situation in which workforces are pushed out of their offices and cybersecurity concerns heighten.

Malicious actors may be able to think of inventive ways to break through your defenses—but vCISOs can help implement sturdy plans to solidify your controls to protect your business during pandemic panic.