As the world battles with the Coronavirus offline, there are plenty of cybercriminals looking to take advantage of the situation online. With so many people locked indoors and hence, online, there has been a 600 percent rise in phishing campaigns in the last month. If you’ve had a flood of emails asking for donations for Coronavirus infected regions of the world or for a testing kit, you’re not alone.
Unfortunately, in most cases, such messages and emails are scams. Cybercriminals are trying to take advantage of our anxiety in the midst of this global chaos. The emails and messages are a part of phishing campaigns run by cybercriminals whose main motive is to steal money.
Economic experts are predicting a devastating effect on the global economy in the coming quarter. Businesses are going to take a hit, growth is going to slow down, and many are likely to lose their jobs. Given the state of affairs, it’s important to learn about phishing scams and ensure that you don’t become a victim of such scams.
In this article, we will help you understand the different types of phishing scams that we have been observing over the past month. And, we are going to show you the steps you can take to ensure that you don’t fall prey to them.
Phishing campaigns are malicious operations in which cyber-criminals send emails or text messages with enticing offers. They disguise their emails and messages to make them seem legitimate. Readers are asked to click on links that mostly ask them to share personal and financial information about credit cards, bank details, etc.
In the Coronavirus phishing campaigns, emails are disguised to look like they are being sent by medical authorities like the Centers for Disease Control and Prevention (CDC) and World Health Organization (WHO).
An example is a fake email claiming to have been sent by the CDC. These emails are asking recipients to click on a link to learn about safety measures or new cases in their cities. Eventually, the recipient is asked to share financial details like the bank or credit card details or personal information like social security numbers.
Other forms of coronavirus phishing emails include fake workplace policy emails that appear to be sent by organizations. They target remote employees and include links to log in to fake company pages. The motive is to obtain user credentials.
In other phishing emails, recipients are requested to donate to help out people affected by the virus as shown in the example below.
So, how do you spot coronavirus phishing mails and protect yourself? The first thing to remember is that the objective of these emails is the same as any other phishing email – to make you click on an embedded link or open an email attachment.
Here are some tips to easily spot a Coronavirus phishing email:
1. Check the email address
Hackers are good at creating fake email addresses that closely resemble legitimate ones. For example, email addresses with the website domain as “@cdc-gov.org” or “@who-pc.com.” First, determine if these domains are genuine and operational before acting upon the email.
Here are a couple of examples of phishing emails with a fake email address –
2. Do not click on suspicious links in an email
Cybercriminals include genuine-looking links in the phishing email to make people click on them. However, when the user clicks on them, they are redirected to a different target URL of a phishing site. Before clicking on any such links, hover your mouse over the link and view the URL link where it would lead.
Here’s an example of a fake CDC phishing email containing a suspicious link:
3. Beware of phishing SMS
Emails are not the sole medium through which hackers target users for phishing. Cybercriminals could also send an SMS with suspicious links. When you click on the link, you are taken to a website that could steal your financial information.
These cases are far sneakier as our mobile phones hardly have the security measures we have on our work laptops or computers.
4. Beware of social media posts
Cybercriminals know that people are on the lookout for virus-related information on social media, and therefore, social media is a fertile ground for these activities.
5. Do not submit any personal information
As mentioned before, phishing emails aim to obtain your personal or financial information. As a rule, do not submit any confidential information as a response to such emails. Banks or any other legitimate agencies don’t ask for any such data or any login credentials.
Additionally, delete any emails that ask for personal information on an immediate or urgent basis.
Here’s an example of a phishing email about getting a tax refund.
Times of crisis require that we are well-informed and responsible. It is important that we secure ourselves and those around us. Just like we are participating in social distancing and self-quarantining offline to stop the spread of the Coronavirus, let us commit to stopping the spread of such scams and misinformation.
Please share this article with your family members, colleagues, and business contacts. Sign up on our MalCare blog to stay updated on the latest in cybersecurity. Whether it is offline or online, stay safe, stay secure.