As concern over COVID-19 mounts, cybercriminals are pushing to capitalize on those fears with phishing emails designed to steal your personal information, your money, and infect your PC with malware. The FBI and WHO have already issue stark warnings.
With more and more people working from home this month, cybercriminals eager to gain access to corporate computer systems are trying to capitalize on this situation with devastating effect. The most common attack vector is through email.
Many of the emails, which often appear to be sent by WHO or the Centers for Disease Control and Prevention, pretend to offer new information about the virus.
Some hint at the availability of a vaccine or testing facilities, with others claiming to be from charities looking to raise money for victims.
Although these tactics are familiar to those within the Cyber-security industry, they come at a time when people worldwide are particularly distracted, concerned and motivated to get more information, making them more susceptible to fall victim to these attacks
To complicate things, plenty of legitimate coronavirus-related emails are circulating right now, making it easier to float malicious ones without drawing attention. Human resources departments are reaching out to employees about remote working, schools are updating parents on precautions and canceled events, and businesses are trying to ease customer concerns.
As such, we feel that all remote workers need to be extra vigilant and use common sense before clicking on an email about the coronavirus outbreak. If a claim sounds too good to be true, it probably is.
How the Phishing Scams Work
The most successful Coronavirus phishing attacks to date center on targeted emails to employees pretending to be from the HR department. These scams will often direct users to “log in” to common payroll and HR platforms such as ADP.
For cybercriminals, captured log-ins and passwords is extremely valuable, because they can be used to commit financial fraud or impersonate an employee.
Not all of the emails seek credentials, though. Some distribute malware by urging people to download software onto their computers to assist in the effort, with the download containing a virus capable of monitoring all activity on the device, including passwords.
How to Avoid Getting Scammed
Here are some additional tips from digital security experts.
Think before you click. Slow down. If something doesn’t seem right about an email, just delete it—ideally before you open it. You’re better off not taking the risk.
Examine the link. Before you click on a link, try hovering your mouse over it. This will reveal the full address, which can expose signs of fraud. Misspellings in URLs are another good tip-off to a fake website. If the URL says corronaviruss.com, it's best to avoid it. And if you get an email advertising a great deal on masks or hand sanitizer at a major retailer, open a window in your browser, search for the retailer’s web address, and compare it with the one in your email.
Don’t open attachments from unknown sources. They may contain malware. And you should never type confidential information into a form attached to an email. The sender can potentially track the info you enter.
Guard your financial information. Be wary of emails asking for account numbers, credit card numbers, wire transfers, and failed transactions. There’s no reason to share such info via message or an unsecure site.
In this unprecedented emergency, it is sad to have to think about these types of threats, but the reality is that unfortunately, we all have to.