CARES Act-Related Cybercrime Is Increasing— Protect Your Organization

The ideal climate for cybercrime—fear, urgency, confusion, and the atypical circulation of enormous sums of money—has manifested. The Coronavirus Aid, Relief, and Economic Security (CARES) Act is the largest relief package in US history: a $2.2 trillion relief package promising financial aid for US individuals and businesses affected by the economic devastation of COVID-19 and associated social distancing measures. If $2.2 trillion isn’t enough to think about, follow-up legislation will put additional hundreds of billions of dollars into the system.

Of course, the financial services sector will serve an instrumental role in distributing these funds to US citizens, businesses, and organizations. Tremendous sums of money, uncertainty, and a lack of clarity as to how the programs work are altogether attracting both cybercriminals looking to commit fraud as well as potential adversaries seeking to disrupt the effective distribution of these funds. Essentially, all government organizations and related organizations—the FBI, the US Secret Service, the Financial Sector Cyber Information Group (housed within the Department of the Treasury), the Cybersecurity and Infrastructure Security Agency (part of the Department of Homeland Security), and many others—are warning financial services organizations and the public at large.

Given the extensive cybercrime relating to the environment created by the pandemic, we recommend that financial institutions review their cybersecurity posture and institute the most up-to-date cybersecurity measures to protect critical financial systems and customers from any associated cyber threats. But what should you be on the lookout for?

Scams targeting your employees

Financial services organizations need to be alert for scams targeting individual employees attempting to breach your organization’s security systems. Just a few example tactics include the following:

  • Fraudulent messages offering information or updates relating to CARES Act loan and grant programs
  • Official-looking text messages claiming that a COVID-19 test is mandatory to receive a stimulus check
  • Fraudulent emails allegedly from the Centers for Disease Control and Prevention or the World Health Organization, including malicious links or attachments with malicious macro code or information-stealing malware
  • Phishing emails claiming to be from the IRS or other government agencies offering important information
  • Requests for donations from fraudulent charitable organizations
  • Social media messages asking for verification of personal information

Reduce damage through employee training and communications

  • Regularly share with your employees the phishing emails and scams that are circulating so they can be on the lookout.
  • Train team members to be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information, and teach to them to verify the identities of unknown people or organizations and their roles or relationships with your company.
  • Teach employees not to provide personal information or information about your organization, including its structure or networks.
  • Train employees not to send sensitive information over the internet before checking a website’s security.
  • Teach employees to look for URLs that begin with “https” and look for a closed padlock icon.
  • Implore employees to notify your company’s IT or security team right away if they receive suspicious communications, and make sure they know exactly how to share the information.


Attacks targeting your network

Another significant area of vulnerability that financial services organizations must address are the increased cybersecurity exposures created by so many employees working remotely. While attacks on your technology infrastructure are not necessarily specific to the CARES Act or other aspects of the COVID-19 pandemic, the IT infrastructures and corresponding security are strained given the rapid changes we have all had to make. The following are some measures you can take to maintain cybersecurity standards.

Protect your networkSIlverSky Email Protection Sui

  • Update VPNs, network infrastructure devices, and devices being used to facilitate remote working with the latest software patches and security configurations.
  • Given the increase in personnel working from home, ensure that your IT personnel and any third-party security partners are being even more vigilant to detect attacks early and remediate effectively.
  • Implement multi-factor authentication (MFA) on all VPN connections to increase security; if MFA is not implemented, require teleworkers to use strong passwords.
  • Consider mobile device management so that if an employee loses a device or the device is stolen, it you can remotely wipe the device of sensitive information.
  • Unified communications can be used to lessen the risks of file sharing over remote devices; for instance, employees can securely exchange and collaborate on sensitive documents via SharePoint, eliminating the need to store documents locally on a remote computer or device.
  • Host your email or Office 365 in an off-site location that is fully redundant and regulated, coupled with email protection services help to lessen viruses, targeted attacks, social engineering attacks, and accidental or malicious data loss from insiders.

These are overwhelming times that are severely straining the IT and security resources of many organizations. If you need help, SilverSky is here for you. Don’t hesitate to reach out to us at 1-800-234-2175 or

Managed Security Services

Your around the clock SOC.

Managed Endpoint Detection and Response

Some attacks will succeed. Don’t worry—we have you.

Managed Detection and Response

Augment your IT team using our expertise and the latest technologies.

Email Protection Suite

Defending against the leading attack vector.

Cloud Email and Collaboration

More than ever, the cloud is essential.

Incident Response Readiness

When a breach occurs, you’ll be ready.

Compliance & Risk Services

Take the next steps on your cybersecurity maturity journey.

Trusted Cybersecurity for an Uncertain World

Understand, detect, and effectively respond to threats, reduce business risk and improve the return on your security investment.

Financial Services

We comply with the same regulations you do.


Affordable defenses for a sector under attack.


SilverSky stands between cybercriminals and your customers’ data.

Benefits of a Single Vendor Relationship

The Cooperative Bank of Cape Cod found itself especially appreciative of SilverSky’s comprehensive solution set—particularly as they rapidly, but securely, enabled employees to work remotely.


Automated Cybersecurity Examination Tool


Health Insurance Portability and Accountability Act


Payment Card Industry Data Security Standard


Federal Financial Institutions Examination Council


Gramm-Leach-Bliley Act

ACET Helps Credit Unions Further Their Missions

Learn how going all in for ACET protects customers and the health of community-based financial services.


Articles, guides, ebooks, tools, on-demand webinars, case studies, and more. Explore a range of topics.

Press & Events

Press releases, upcoming conferences and trade shows, and future and on-demand webinars

Revisiting Cybersecurity’s Delicate Balance

Learn how CISOs are rebalancing prevention, detection, and response for stronger cyber defenses.

About Us

Trusted cybersecurity for an uncertain world.


Looking to join the fight against cybercriminals?

Security Management Console

Comprehensive customer portal for state of devices, reports for compliance, support tickets, and more.

Transforming Cybersecurity Culture from Corner Offices to Cubicles

Executives are increasingly thinking about cybersecurity management in a similar manner as they would any other risk assessment. This guide is here to help.