Some Small Business Owners Expect IRS and WHO to Send them Emails, Survey Reveals

The economics behind the current COVID-19 pandemic creates gateways for possible cybersecurity intrusions, and consumers and small business owners (SMB) are among the most affected, according to a survey from IBM Security and Morning Consult. 

One of the unknowns that trails the feeling of insecurity generated by the pandemic is the economic aspect, whether it’s for regular consumers or SMBs. People are starved for information, and they will try to get it from any possible source. The problem with that is that sources could be malicious. 

The survey from IBM Security covered 2,333 U.S small business owners and consumers from the general population. The goal was to gauge the awareness of the public and businesses alike in judging the source of information. Not surprisingly, one of the main attack vectors from bad actors are phishing and spam emails that try to imitate official sources. 

One of the aspects uncovered by the survey showed that almost half of the respondents, 46%, said that they expect to receive official information pertaining to COVID-19 via email. Also, about 35% of the respondents expect to get some information through regular mail service.

The Internal Revenue Service (IRS) and the World Health Organization (WHO) are two of the organizations expected to send information through email to people, and about 35% of the people asked in the survey said they expect to hear from these organizations. 

Criminals prefer to impersonate the IRS and WHO because it infuses the messages with a sense of urgency. According to the survey, 52% of respondents said they would engage with an email related to their stimulus relief eligibility, and 39% said they would engage with an email about COVID-19 testing near them. 

Small business owners are aware of the loans offered by the governments, but only 14% of the SMBs are knowledgeable about the entire process. This leaves a huge gap that’s just waiting to be filled by cybercriminals, with false information. 

Furthermore, 37 of the interviewed SMBs said that they already received unsolicited emails about COVID-19, which could have been considered spam. In the general population, that number if just 25%, which goes to show that there’s more interest funneled by bad actors towards small business owners. 

Criminals usually take advantage of any unique situation that puts them in a position to be believed, and it’s impossible to find a more suited scenario than a pandemic that keeps people guessing and unaware of the potential dangers coming from the online world.