As millions began working from home due to the coronavirus pandemic, local cybersecurity expert David Heard started noticing his company’s workload pick up.

Heard serves as the chief marketing officer for San Antonio-based SecureLogix, a company that helps protects corporate clients from “call attacks” – robocalls or spoof calls from criminals trying to steal information. Over the course of 2019, SecureLogix blocked about 100,000 call attacks for one of its clients, a major national insurance provider, Heard said. In just the first few months of 2020, SecureLogix has had to block 140,000 call attacks for the same client. 

Knowing potential victims are more stressed right now because of the virus has led to an increase in attacks, Heard said. As companies await Paycheck Protection Program funding, and individuals try to continue to make ends meet in an economic downturn, criminals are trying to take advantage of everyone’s online vulnerability, he said.

“Cybersecurity threats are spiking globally, and we are identifying and blocking a striking increase in attacks against our customer enterprise and contact center phone lines,” said Heard, who is also CEO of Tech Bloc, the local tech sector’s advocacy group. 

Another of SecureLogix’s clients, a global financial institution, has seen call attacks increase more than 1,500 percent over the past month, Heard said. A third client, a national health care provider network, has experienced a 55 percent increase in call attacks during just the past three weeks.  

It’s not only big companies SecureLogix is seeing attacked more often, Heard said. A regional hospital network that uses SecureLogix has seen a 300 percent increase in call attacks. In February, just 3 percent of its inbound calls were attacks, whereas in April that number is up to 10 percent, Heard said. 

Jungle Disk CEO and President Bret Piatt said while his San Antonio-based cybersecurity company hasn’t detected more cyberattacks since the pandemic began, he has noticed that the nature of the attacks has changed. Jungle Disk offers computer backup services and cybersecurity products for small businesses. 

“[Criminals] are using COVID-19 as a way to get people to let their guard down,” Piatt said. “Many folks out there are trying to help affected families by raising money for them during this crisis, and it’s easy for a criminal to set up a fake donation account to get people to give them money.” 

Attackers have also been sending malware emails about coronavirus testing. When opened, the emails install dangerous software onto the victim’s computer. Another tactic recently adopted by cybercriminals is phishing scams related to federal coronavirus stimulus payments that ask people to divulge their credit card information, Piatt said.

It’s typical for these criminals to adapt to whatever the current situation is to make their attacks look as real as possible, Piatt said.

USAA Chief Information Security Officer Wil Bennett said USAA has also noticed this trend and has sent out information to its members about how to spot coronavirus-related scams. Over the past two weeks, USAA has seen 10 coronavirus-themed scam campaigns among cybercriminal groups, Bennett said. 

Bennett said USAA’s cybersecurity team sees about 15 million to 20 million attacks per day, a rate that hasn’t changed since the start of the pandemic. 

“We haven’t seen a significant spike in attacks, just a tactics pivot, if you will,” Bennett said. “With so many people working from home, organizations should take proactive steps to advise their staff and members to be more vigilant and cautious, especially when opening links.”

Attackers like to take advantage of any security weakness they can find, and it’s often easier for them to find weaknesses when people are stressed, or not paying as much attention to detail, Bennett said.

Heard expressed a similar sentiment, adding people’s vulnerability levels and likeness to fall for a scam go up during a crisis. 

“People are distracted,” Heard said. “When people are in need and their stress is heightened, they’re more likely to be victimized by a fraud attack.”

Tech Bloc CEO David Heard speaks his opinion regarding dockless scooters.
SecureLogix Chief Marketing Officer David Heard Credit: Bonnie Arbittier / San Antonio Report

To increase security, organizations should implement a two-factor authentication on every system, said John Dickson, principal at Denim Group, an application security firm. 

“Ideally, remote workers are logging in from dedicated laptops that are controlled and managed by their employer,” Dickson said. “Otherwise, you run into what are called endpoint security issues, namely, you have to worry about the security state of the home computer accessing corporate resources remotely.”

Avatar photo

Lindsey Carnett

Lindsey Carnett covers the environment, science and utilities for the San Antonio Report.